Encrypt data securely

In an increasingly connected world, where data is becoming a bigger and bigger part of our daily lives, the security of sensitive information is of paramount importance. Data is an important component within the University of Kassel, the basis for innovation and progress in various areas. But at the same time, it also harbors risks: from cyberattacks and data leaks to industrial espionage.

Data encryption plays a crucial role as a protective mechanism. By converting readable data into an opaque form that can only be recovered with a corresponding key, encryption offers important protection against unauthorized access and misuse.

Modern methods

It is assumed that modern encryption methods offer a high level of security even against attacks by attackers with very far-reaching possibilities. One example of such a method is the Advanced Encryption Standard (AES).

This process is a core component of many widely used cryptographic solutions. The AES was developed in a public process and examined for possible cryptographic weaknesses by a large number of experts both before and after its standardization. The current state of research is that significant cryptographic problems have only been found in significantly weakened versions of the AES.

Although the AES is an important method for data encryption, it is only one component in systems that use it and there are also other encryption methods with equally good security properties.

Password as a weak point

In many encryption solutions, the encrypted data is effectively only protected by a password: anyone who knows the password can then determine the cryptographic keys without any problems. The first priority is therefore to use secure passwords. But even a secure password can be spied on, for example by malware logging keystrokes. No encryption solution protects against the dangers of malware! The generally recommended countermeasures, such as the use of virus scanners and firewalls as well as regular updates of the operating system, should therefore also be observed for systems with encrypted data.

At the same time, keys and passwords must be stored securely. The data carriers on which they are stored must be protected from thieves in the same way as a physical key ring. Redundancy is also recommended: a backup copy of the key should be stored on a data carrier that is kept under lock and key in a different location if possible. This ensures that the data can still be accessed despite the loss of a key or password (e.g. due to a defective USB stick).

Applications for secure encryption

To encrypt documents with 7-Zip, please follow these steps:

  1. Install 7-Zip: If you have not yet installed 7-Zip, download it from the official website (https://www.7-zip.org) and install it on your computer.
  2. Select the files: Select the documents you wish to encrypt. You can do this by selecting the files and right-clicking on them.
  3. Compressing the files: Right-click on the selected files and select “7-Zip” from the context menu and then “Add to archive”.
  4. Specify the archive format and password: In the 7-Zip window, enter a name for the archive and select the desired archive format (e.g. ZIP, 7z). Then click on the “Add” button. A dialog box opens in which you can enter a password.
  5. Enter password: Enter the desired password. Make sure you choose a strong password that consists of a combination of letters, numbers and special characters.
  6. Select encryption options: Select the desired encryption options. 7-Zip offers various encryption methods such as AES-256. Select the desired method.
  7. Perform encryption: Click on “OK” to start the encryption. 7-Zip will now create an encrypted archive with your selected files.
  8. Test the encrypted archive: Check the created archive to ensure that it has been successfully encrypted. Double-click on the archive and enter the password to open it. If the archive is successfully decrypted and you can access the files it contains, the encryption was successful.
  9. Secure the password: Make sure that you keep the password safe and do not share it with others. The password is required to access the encrypted files and should therefore be kept strictly confidential.

By following these steps, you can encrypt your documents with 7-Zip and ensure that they are protected from unauthorized access.

Gpg4win (GNU Privacy Guard for Windows) is a free software package that enables secure encryption and signing of data and communication on Windows operating systems. It is based on the OpenPGP standard and allows users to encrypt their emails and files to ensure the privacy and security of their information. Here is a basic guide to data encryption with Gpg4win:

Installation of Gpg4win

  1. Download Gpg4win from the official website (https://www.gpg4win.de).
  2. Execute the downloaded installation file and follow the instructions of the installation wizard.
  3. Select the components you want to install. The smallest installations require at least GnuPG, Kleopatra (a graphical user interface for GnuPG), and GPA (GNU Privacy Assistant).

Creation of a key pair

  1. Start Kleopatra, the key management program from Gpg4win.
  2. Select “File” > “New Certificate...” or click on “New Certificate” in the home screen to start the wizard for creating a new key pair.
  3. Select “Create a personal OpenPGP key pair” and enter your name and e-mail address. Follow the instructions to create the key pair.
  4. Secure your private key with a strong password.

Encryption of a file

  1. To encrypt a file for someone else, you need the recipient's public key. You can either obtain the public key directly from the person or download it from a public key server.
  2. In Kleopatra, select “File” > “Sign/Encrypt Files...”.
  3. Select the file you want to encrypt and click on “Next”.
  4. Select “Encrypt for others” and search for the recipient's public key from your key management. You can also select “Sign” to digitally sign the file, which enables the recipient to verify that the file actually originates from you and has not been changed since it was signed.
  5. Follow the further instructions to complete the encryption.

Decryption of a file

  1. To decrypt a file sent to you, start Kleopatra and select “File” > “Decrypt/Verify Files...”.
  2. Select the encrypted file and Kleopatra will automatically try to decrypt it with your private key after you have entered your password.

Important notes

  • Protect your private key and password carefully. If you lose them, encrypted data cannot be recovered.
  • Share your public key with people from whom you want to receive encrypted messages, but keep your private key secret.

Gpg4win is a powerful tool for encryption and, in addition to file and email encryption, offers other functions such as the creation and management of certificates. It is important to familiarize yourself with the basics of cryptography and best practices for using encryption technologies in order to maximize the security of your data.

Further information on Gpg4win can also be found on the BSI information page.

 

Sources