Category Archives: Encryption

After Paris, Encryption Will Be a Key Issue in the 2016 …

When the Democratic presidential contenders gathered on the debate stage in Des Moines, Iowa, on Saturday, just hours after a series of terrorist attacks in Paris left at least 129 people dead, the candidates spent the early portion of their time on stage examining issues related to national security. They spoke of boots on the ground, regime changes, what role the United States ought to play in the fight against ISIS, and whether or not they use the term radical Islam.

But curiously, throughout the lengthy discussion, the one issue that was never mentionednot oncewas encryption. Thats lucky, at least for the candidates. As the world continues to reel from the Paris attacks, the debate over whether tech companies like Apple and Google are allowed to fully encrypt users communications will, no doubt, become one of the central dramas of the national security conversation going into the 2016 presidential race. It may also be among the toughest issues for the candidates, especially Democrats, to navigate.

Encryption may be among the toughest issues for the candidates, especially Democrats, to navigate.

Just yesterday, CIA director John Brennan said that he hoped the Paris attacks would serve as a wakeup call to those who oppose government surveillance in favor of personal privacy.

There are a lot of technological capabilities that are available right now that make it exceptionally difficult both technically as well as legally for intelligence security services to have insight that they need to uncover it,” he said, adding that terrorists have gone to school to figure out ways to evade intelligence officials.

Brennan attributed that fact, in part, to Edward Snowdens disclosures of the National Security Agencys bulk data collection programs, saying they tipped would-be terrorists off to surveillance tactics. In the past several years, because of a number of unauthorized disclosures and a lot of hand-wringing over the governments role in the effort to try to uncover these terrorists, he said, there have been some policy and legal and other actions that make our ability, collectively, internationally, to find these terrorists much more challenging.

This, of course, is not the first time weve heard these concerns from government officials. Just a day before the Paris attacks, the NSAs former general counsel, Matt Olsen, told an audience gathered in Des Moines that after Snowden came forward, the agency lost track of terrorists. Meanwhile, FBI director James Comey has been an outspoken critic of encryption, arguing that it enables criminals to go dark.

Whether encryption is really the security risk the government makes it out to be, of course, is still up for debate. We at WIRED have debated it plenty. Now it’s time for the presidential candidates to do the same.

Until now, the Democratic candidates in particular have been light on detail about where they stand on encryption and surveillance. This reticence stands to reason. By aligning themselves too closely with Washington’s intelligence community, they could alienate their Silicon Valley base, which is increasingly powerful in politics. But if they cater too much to the interests of tech companies such as Apple and Google, they could lose favor among voters who increasingly see national security as the country’s most pressing issue.

Former Secretary of State Hillary Clinton has walked an uneasy line on the subject of surveillance in the past. On one hand, she was a supporter of the controversial PATRIOT Act as a senator back in 2001, a decision that’s been widely criticized by Bernie Sanders’ camp. This summer, she also said that cybersecurity legislation such as the Cybersecurity Information Sharing Act, or CISA, which is already highly unpopular among privacy advocates, doesn’t go far enough in encouraging tech companies to share information with the US government. And during the first debate, she said Snowden “stole very important information that has unfortunately fallen into a lot of the wrong hands,” and that he shouldn’t return home “without facing the music.”

‘I think there are really strong, legitimate arguments on both sides.’

Hillary Clinton

At the same time, however, she has endorsed the USA Freedom Act, which would end the NSA’s bulk data collection program, calling it “a good step forward in ongoing efforts to protect our security and civil liberties.” And at a conference earlier this year, Clinton told Re/Code’s Kara Swisher that encryption is “a classic hard choice,” but she hedged before offering up her plan for what to do about it. “I would be the first to say I don’t have the answer,” she said. “I think there are really strong, legitimate arguments on both sides.”

Vermont Senator Bernie Sanders, on the other hand, has been far more outspoken in his opposition of government surveillance. He received a round of applause at the first Democratic debate for voting against the PATRIOT Act and has said that, as president, he would shut down the NSA’s surveillance program altogether.

But national security is considered Sanders’ major weak spot. Even those who support his stance on inequality sometimes question his ability as commander-in-chief. The more fearful Americans become of the threat ISIS poses, the weaker Sanders’ stance on surveillance may appear to the electorate beyond Sanders’ base. After all, a recent poll showed that 56 percent of voters said they would give the government access to some personal data if it meant protecting the country from a terrorist attack.

On the other side of the aisle, candidates like Jeb Bush, Marco Rubio, Carly Fiorina, Donald Trump, and Chris Christie have all spoken out against encryption and the need for government surveillance. The one notable exception, of course, is Kentucky Sen. Rand Paul, who said at a conference last week that he believes governments should require warrants to access people’s communications. Still, that policy doesn’t apply to companies like Apple, which promises users that their data is encrypted so that it can’t be accessed even with a warrant.

The battle over how to balance security and privacy, of course, is nothing new in politics. Just last month, the Obama administration backed away from legislation that would have forced tech companies to decrypt messages for law enforcement. The move was seen as a win for technologists and privacy advocates alike.

Those same advocates are now hoping that fear won’t cause politicians to resume the fight against encryption. “The Paris attacks are absolutely tragic, but the response must not be to undermine cybersecurity for digital services on which many millions of people depend,” said Harley Geiger, senior counsel and advocacy director for the Center for Democracy & Technology. “Weakening encryption will also not prevent organized groups from using strong encryption. Difficult-to-crack encryption and apps will continue to be available on the Internet, even if governments seek to ban them.”

And yet, as calls for stronger national security spread post-Paris, candidates that support encryption may face added pressures from both the public and their Republican opponents to reevaluateor at the least, delineatewhere they stand on encryption. And when they do, they may find it’s not so easy to keep both sides happy.

See the original post here:
After Paris, Encryption Will Be a Key Issue in the 2016 …

Email encryption – Wikipedia

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

Email is prone to disclosure of information. Most emails are currently transmitted in the clear (not encrypted) form. By means of some available tools, persons other than the designated recipients can read the email contents.[1]

Email encryption can rely on public-key cryptography, in which users can each publish a public key that others can use to encrypt messages to them, while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send.

With the original design of email protocol, the communication between email servers was plain text, which posed a huge security risk. Over the years, various mechanisms have been proposed to encrypt the communication between email servers. Encryption may occur at the transport level (aka “hop by hop”) or end-to-end. Transport layer encryption is often easier to set up and use; end-to-end encryption provides stronger defenses, but can be more difficult to set up and use.

One of the most commonly used email encryption extensions is STARTTLS . It is a TLS (SSL) layer over the plaintext communication, allowing email servers to upgrade their plaintext communication to encrypted communication. Assuming that the email servers on both the sender and the recipient side support encrypted communication, an eavesdropper snooping on the communication between the mail servers cannot use a sniffer to see the email contents. Similar STARTTLS extensions exist for the communication between an email client and the email server (see IMAP4 and POP3, as stated by RFC 2595). STARTTLS may be used regardless of whether the email’s contents are encrypted using another protocol.

The encrypted message is revealed to, and can be altered by, intermediate email relays. In other words, the encryption takes place between individual SMTP relays, not between the sender and the recipient. This has both good and bad consequences. A key positive trait of transport layer encryption is that users do not need to do or change anything; the encryption automatically occurs when they send email. In addition, since receiving organizations can decrypt the email without cooperation of the end user, receiving organizations can run virus scanners and spam filters before delivering the email to the recipient. However, it also means that the receiving organization and anyone who breaks into that organization’s email system (unless further steps are taken) can easily read or modify the email. If the receiving organization is considered a threat, then end-to-end encryption is necessary.

The Electronic Frontier Foundation encourages the use of STARTTLS, and has launched the ‘STARTTLS Everywhere’ initiative to “make it simple and easy for everyone to help ensure their communications (over email) arent vulnerable to mass surveillance.”[2] Support for STARTTLS has become quite common; Google reports that on GMail 90% of incoming email and 90% of outgoing email was encrypted using STARTTLS by 2018-07-24.[3]

Mandatory certificate verification is historically not viable for Internet mail delivery without additional information, because many certificates are not verifiable and few want email delivery to fail in that case.[4] As a result, most email that is delivered over TLS uses only opportunistic encryption. DANE is a proposed standard that makes an incremental transition to verified encryption for Internet mail delivery possible.[5] The STARTTLS Everywhere project uses an alternative approach: they support a preload list of email servers that have promised to support STARTTLS, which can help detect and prevent downgrade attacks.

In end-to-end encryption, the data is encrypted and decrypted only at the end points. In other words, an email sent with end-to-end encryption would be encrypted at the source, unreadable to service providers like Gmail in transit, and then decrypted at its endpoint. Crucially, the email would only be decrypted for the end user on their computer and would remain in encrypted, unreadable form to an email service like Gmail, which wouldn’t have the keys available to decrypt it.[6] Some email services integrate end-to-end encryption automatically.

Notable protocols for end-to-end email encryption include:

OpenPGP is a data encryption standard that allows end-users to encrypt the email contents. There are various software and email-client plugins that allow users to encrypt the message using the recipient’s public key before sending it. At its core, OpenPGP uses a Public Key Cryptography scheme where each email address is associated with a public/private key pair.

OpenPGP provides a way for the end users to encrypt the email without any support from the server and be sure that only the intended recipient can read it. However, there are usability issues with OpenPGP it requires users to set up public/private key pairs and make the public keys available widely. Also, it protects only the content of the email, and not metadata an untrusted party can still observe who sent an email to whom. A general downside of end to end encryption schemeswhere the server does not have decryption keysis that it makes server side search almost impossible, thus impacting usability.

The Signed and Encrypted Email Over The Internet demonstration has shown that organizations can collaborate effectively using secure email. Previous barriers to adoption were overcome, including the use of a PKI bridge to provide a scalable public key infrastructure (PKI) and the use of network security guards checking encrypted content passing in and out of corporate network boundaries to avoid encryption being used to hide malware introduction and information leakage.

Transport layer encryption using STARTTLS must be set up by the receiving organization. This is typically straightforward; a valid certificate must be obtained and STARTTLS must be enabled on the receiving organization’s email server. To prevent downgrade attacks organizations can send their domain to the ‘STARTTLS Policy List'[7]

Most full-featured email clients provide native support for S/MIME secure email (digital signing and message encryption using certificates). Other encryption options include PGP and GNU Privacy Guard (GnuPG). Free and commercial software (desktop application, webmail and add-ons) are available as well.[8]

While PGP can protect messages, it can also be hard to use in the correct way. Researchers at Carnegie Mellon University published a paper in 1999 showing that most people couldn’t figure out how to sign and encrypt messages using the current version of PGP.[9] Eight years later, another group of Carnegie Mellon researchers published a follow-up paper saying that, although a newer version of PGP made it easy to decrypt messages, most people still struggled with encrypting and signing messages, finding and verifying other people’s public encryption keys, and sharing their own keys.[10]

Because encryption can be difficult for users, security and compliance managers at companies and government agencies automate the process for employees and executives by using encryption appliances and services that automate encryption. Instead of relying on voluntary co-operation, automated encryption, based on defined policies, takes the decision and the process out of the users’ hands. Emails are routed through a gateway appliance that has been configured to ensure compliance with regulatory and security policies. Emails that require it are automatically encrypted and sent.[11]

If the recipient works at an organization that uses the same encryption gateway appliance, emails are automatically decrypted, making the process transparent to the user. Recipients who are not behind an encryption gateway then need to take an extra step, either procuring the public key, or logging into an online portal to retrieve the message.[11][12]

Continue reading here:
Email encryption – Wikipedia

What is Encryption, and Why Are People Afraid of It?

With recent acts of terrorism in Paris and Lebanon, news media and government have been using the word encryption as if its somehow to blame. Nonsense. Encryption is easy to understand, and if youre not using it, you should be.

Like many technologies, encryption has the potential to be misused, but that does not make it dangerous. And it doesnt mean that people who use it are dangerous or bad. But since its so commonly misunderstood and currently a media boogeyman, a few minutes with How-To Geek will help get you caught up.

While computer scientists, developers, and cryptographers have created far smarter and complex methods for doing so, at its heart, encryption is simplytaking some information that makes sense and scrambling it so it become gibberish. Turning it back into real informationvideo files, images, or simple messagescan only be done by decrypting it back from gibberish using a method called a cipher, usually relying onimportant piece of information called a key.

Already there area lot of unusual words being thrown around. If youve ever written in a secret code when you were a child, youve encrypted a sentence.A cipher can be as simple as moving a letter down in the alphabet. For example, if we take the following sentence:

This is really geeky

With this simple encryption, A becomes B, and so on. This becomes:

Uijt jt sfbmmz hfflz

If you want to make it more difficult to understand, you can easily represent letters as numbers, when A is represented by a 1, and Z by 26. With our cipher, we simply add one to our number:

208919 919 1851121225 7551125

And then when we move our letters position with our A-becomes-B-method, our encrypted message now looks like this:

2191020 1020 1962131326 8661226

In our example, our method, or cipher, is to change letters to certain numbers and add to that number to encrypt. If we wanted to, we could call ourkeythe actual information that A = 2, Y = 26, and Z = 1.

With a code this simple, sharing keys isnt necessary as any codebreaker could decipher ourcode and figure out themessage. Thankfully, comparing modern encryption methods to this is like comparingan abacus to an iPad. Intheorythere are alot of similarities, but the methods used haveyears of study and genius applied to making them richer and more challenging to decrypt without the proper keysthat is, by the users who are doing the encrypting. Its almost impossible to decrypt using brute force methods or by reassembling data back into something that looks useful, so hackers and bad guys look to humans for the weak link in encryption, not the encryption methods themselves.

Its no secret that plenty of governments get the willies when they think aboutstrong encryption. Modern computers can encrypt text messaging, images, data files, even whole partitions on hard drives and the operating systems that run them, effectively locking out anyone with the keys needed to decrypt the information on them. These could contain anything, and when it could theoretically beanything, imaginations tend to run wild. They contain stolen nuclear codes, child pornography, all kinds of stolen government secrets or, more likely, your tax documents, bank transactions, kids pictures, and other personal information you dont want others to have access to.

A lot of attention was recently drawn to the ISIL-associated terrorism suspects using encrypted methods of communication with the popular messaging service WhatsApp. The boogeyman here is strong encryption allows spooky people to communicate about who-knows-what and many prominent government and intelligence officials are taking advantage of the situation, shaping narrative to say encryption is for bad people, terrorists, and hackers. Never waste a good crisis, as the saying goes.

Many government powers have approached the Googles and Apples of the world, asking them to create encryption with secret backdoor decryption methodsclosed-source methods of encryption that hide somethingnefariousor have master keys to cipher and decrypt anything using thatparticular method.

The current CEO of Apple, Tim Cook, was quoted as saying You cant have a backdoor thats only for the good guys. Because, basically, an intentionally engineered flaw like a backdoor encryption method totally weakens the integrity of a technology we use in many aspects of our lives. Theres absolutely no guarantee that simply because something isdesigned for the good guys to use, that bad guys wont figure out how to use it. It goes without saying once this happens, all data using these methods is no longer secure.

Without putting on our tinfoil hats and getting super political, historically, governments have a tendency of being afraid of their people, and do whatever they think they can get away with to maintain control. So, unsurprisingly, the idea of these little informational black boxes created by strong encryption makes them nervous.

Its probablypretty clear to you faster than you can say the terrorists have won putting a backdoor in an infrastructure as basic as encryption would make life for us much worse, since strong encryption standards are used in web browsers, email, banking, credit card transactions, and password storage. Making those less secure for all of us just isnt a good idea.

Encryption, thankfully, is becoming the default. If youve ever noticed that little lock icon in your web browsercongratulations! Youre using encryption to send and receive data from that website. You dontfeel like a bad guy, doyou?

Basically, by establishing a secure connection, your computer uses a public key to send scrambled information to the remote system, which it then decodes using a private key (since the public key can be downloaded by anyone, but only decrypted using the private key). Since it can be difficult to ensure that nobody can intercept your messages, emails, or banking data, but encryption can turn your information into gibberish that they cant use, so your transactions remain safe. Chances are, youre already doing lots of encrypted message and data transmission and you didnt even realize it.

Nearly everyone in tech is awareit needs to simply be standard and is pushing the idea of encryption by default. Simply because you dont have anything to hide doesnt mean you shouldnt value your privacy, particularly in these days when preventing cybercrime, data theft, and hacking scandals isbecoming more and more critical to our safety and financial well-being.

Speaking simply, computers and the Internet have allowed us to open ourselves up and become more vulnerable than ever before to these privacy concerns, and encryption is one of the only methods of keeping yourself safe. Many years ago, if you were speaking to someone face to face and saw nobody around, you could feel reasonably secure that nobody was eavesdropping on you. Now, without encryption, theres basically no privacy in any kind of communication, at all, ever.

When should a normal user incorporate encryption into their digital life? Certainly, if any of your messaging services or accounts offer HTTPS (HTTP over SSL, an encryption standard) you should opt-in. In this day and age, you shouldnt even have to opt-in; it should be on by default! If a service does not allow for encrypted connections and it allows you to send any kind of sensitive data (credit card numbers, family members names, phone numbers, Social Security numbers, etc.) simply opt not to usethat website. But realistically, any modern website with a login will most likely create a secure, encrypted connection.

Should you keep thepictures, documents and other important files on your PC in an encrypted container or disk? Perhaps. You can do thisby using encrypted file containers or by lockingwhole disks using software. Some years back,popular cross-platform encryption software TrueCrypt suddenly and mysteriously asked users to stop using their software, insisting their product was insecure, and shutdown all development.In a final message to their users,TrueCrypturged them to migrate their data tothe Microsoft product, Bitlocker,now part of some versions of Windows. TrueCrypt was a standard tool for whole disk encryption, along with other software like bcrypt or Filevault. Whole disk encryption is also possible using BitLocker, or, if you prefer open-source methods, by using LUKS onLinux systems, or the successor to TrueCrypt, VeraCrypt.

You very likely do not need to encrypt the files that are actually onyour PC to stop hackers and data thieves from taking them. It is not a bad idea to do so to keep important files in a crypt to keep them out of the hands of other people who may get a chance to use your computer. Encryption doesnt need to be spooky or dangerous; it can simply be thought of as a digital privacy fence, and a way to keep honest people honest. Simply because you like your neighbors doesnt mean you always want them to be able to watch you!

The same can be said for all digital messaging services, whether theyre on your phone, tablet, or on your PC. If youre not using encryption, you have little to no guarantee that your messages arent being intercepted by others, nefarious or not. If this matters to youand perhaps it should matter to all of usyou have an increasing number of options. It is worth noting that some services like iMessage from Apple send encrypted messages by default, but communicate through Apple servers, and they could conceivably be read and stored there.

Hopefully weve helped to dispel some of the misinformation surrounding this misunderstood technology. Simply because someone chooses to keep their information private doesnt mean that they are doing somethingsinister. Allowing the conversation about encryption to be entirely about terrorism and not about basic privacy and prevention of identity theft is fundamentally bad for all of us. Its not a thing to be feared or misunderstood, but rather a tool that all of us should use as we see fit, without the stigma of being used only for evil purposes.

If youre interested in learning more about encryption methods, here are some How-To Geek classics, as well as some software that we recommend to start incorporating encryption into your digital life.

How to Set Up BitLocker Encryption on Windows

3 Alternatives to the Now-Defunct TrueCrypt for Your Encryption Needs

HTG Explains: When Should You Use Encryption?

Image Credits:Christiaan Colen,Mark Fischer,Intel Free Press,Sarah(Flickr),Valery Marchive,Walt Jabsco.

Read the original post:
What is Encryption, and Why Are People Afraid of It?

Data encryption | cryptology | Britannica.com

Data encryption, also called encryption or encipherment, the process of disguising information as ciphertext, or data unintelligible to an unauthorized person. Conversely, decryption, or decipherment, is the process of converting ciphertext back into its original format. Manual encryption has been used since Roman times, but the term has become associated with the disguising of information via electronic computers. Encryption is a process basic to cryptology.

Computers encrypt data by applying an algorithmi.e., a set of procedures or instructions for performing a specified taskto a block of data. A personal encryption key, or name, known only to the transmitter of the message and its intended receiver, is used to control the algorithms encryption of the data, thus yielding unique ciphertext that can be decrypted only by using the key.

Since the late 1970s, two types of encryption have emerged. Conventional symmetric encryption requires the same key for both encryption and decryption. A common symmetric encryption system is the Advanced Encryption Standard (AES), an extremely complex algorithm approved as a standard by the U.S. National Institute of Standards and Technology. Asymmetric encryption, or public-key cryptography, requires a pair of keys; one for encryption and one for decryption. It allows disguised data to be transferred between allied parties at different locations without also having to transfer the (not encrypted) key. A common asymmetric encryption standard is the RSA (Rivest-Shamir-Adleman) algorithm.

Encryption keys selected at random and of sufficient length are considered almost impregnable. A key 10 characters long selected from the 256 available ASCII characters could take roughly 40 billion centuries to decode, assuming that the perpetrator was attempting 10,000 different keys per second.

Read the original:
Data encryption | cryptology | Britannica.com

How to Enable Full-Disk Encryption on Windows 10

Windows 10 sometimes uses encryption by default, and sometimes doesntits complicated. Heres how to check if your Windows 10 PCs storage is encrypted and how to encrypt it if it isnt.Encryption isnt just about stopping the NSAits about protecting your sensitivedata in case you ever lose your PC, which is something everyoneneeds.

Unlike all other modern consumer operating systemsmacOS, Chrome OS, iOS, and AndroidWindows 10 still doesnt offer integrated encryption tools to everyone. You may have to pay for the Professional edition of Windows 10 or use a third-party encryption solution.

RELATED: Windows 8.1 Will Start Encrypting Hard Drives By Default: Everything You Need to Know

Many new PCs that ship with Windows 10 will automatically have Device Encryption enabled.This feature was first introduced in Windows 8.1, andthere are specific hardware requirements for this. Not every PC will have this feature, but some will.

Theres another limitation, tooit only actually encrypts your driveif you sign into Windowswitha Microsoft account. Your recovery key is then uploaded to Microsofts servers. This will help you recover your files if you ever cant log into your PC. (This is also why the FBIlikely isnt too worried about this feature, but were just recommendingencryption as a means to protect your data fromlaptop thieves here. If youre worried about the NSA, you may want to use a different encryption solution.)

Device Encryption will also be enabled if you sign into an organizations domain. For example, you might sign into a domain owned by your employer or school. Your recovery key would then be uploaded to your organizations domain servers. However, this doesnt apply to the average persons PConly PCs joined to domains.

To check if Device Encryption is enabled, open the Settings app, navigate to System > About, and look for a Device encryption setting at the bottom of the About pane. If you dont see anything about Device Encryption here, your PC doesnt support Device Encryption and its not enabled. If Device Encryption is enabledor if you can enable it by signing in with a Microsoft accountyoull see a message saying so here.

RELATED: Should You Upgrade to the Professional Edition of Windows 10?

If Device Encryption isnt enabledor if you want a more powerful encryption solution that can also encrypt removable USB drives, for exampleyoull want to use BitLocker. Microsofts BitLocker encryption tool has been part of Windows for several versions now, and its generally well regarded. However, Microsoft still restricts BitLocker to Professional, Enterprise, and Education editions of Windows 10.

BitLocker is most secure on a computer that contains Trusted Platform Module (TPM) hardware, which most modern PCs do. You can quickly check whether your PC has TPM hardware from within Windows, or check with your computers manufacturer if youre not sure.If you built your own PC, you may able to add a TPM chip to it. Search for a TPM chip thats sold as an add-on module. Youll need one that supports the exact motherboard inside your PC.

RELATED: How to Use BitLocker Without a Trusted Platform Module (TPM)

Windows normally says BitLocker requires a TPM, but theres a hidden option that allows you to enable BitLocker without a TPM. Youll have to use a USB flash drive as a startup key that must be present every boot if you enable this option.

If you already have a Professional edition of Windows 10 installed on your PC, you can search for BitLocker in the Start menu and use the BitLocker control panel to enable it. If you upgraded for free from Windows 7 Professional or Windows 8.1 Professional, you should have Windows 10 Professional.

If you dont have a Professional edition of Windows 10, you can pay $99 to upgrade your Windows 10 Home to Windows 10 Professional. Just open the Settings app, navigate to Update & security > Activation, and click the Go to Store button.Youll gain access to BitLocker and the other features that Windows 10 Professional includes.

Security expert Bruce Schneier also likes a proprietary full-disk encryption tool for Windows named BestCrypt. Its fully functional on Windows 10 with modern hardware. However, this tool costs $99the same price as an upgrade to Windows 10 Professionalso upgrading Windows to take advantage of BitLocker may be a better choice.

RELATED: 3 Alternatives to the Now-Defunct TrueCrypt for Your Encryption Needs

Spending another $99 just to encrypt your hard drive for some additional security can be a tough sell when modern Windows PCs often only cost a few hundred bucks in the first place. You dont have to pay the extra money for encryption, because BitLocker isnt the only option. BitLocker is the most integrated, well-supported optionbut there are other encryption tools you can use.

The venerable TrueCrypt, an open-source full-disk encryption tool that is no longer being developed, has some issues with Windows 10 PCs. It cant encrypt GPT system partitions and boot them using UEFI, a configuration most Windows 10 PCs use. However, VeraCryptan open-source full-disk encryption tool based on the TrueCrypt source codedoes support EFI system partition encryption as of versions 1.18a and 1.19.

In other words, VeraCrypt should allow you to encrypt your Windows 10 PCs system partition for free.

RELATED: How to Secure Sensitive Files on Your PC with VeraCrypt

TrueCrypts developers did famously shut down development and declare TrueCrypt vulnerable and unsafe to use, but the jury is still out on whether this is true.Much of the discussion around this centers on whether the NSA and other security agencies have a way to crack this open-source encryption. If youre just encrypting your hard drive so thieves cant access your personal files if they steal your laptop, you dont have to worry about this. TrueCrypt should be more than secure enough. The VeraCrypt project has also made security improvements, and should potentially be more secure than TrueCrypt. Whether youre encrypting just a few files or your entire system partition, its what we recommend.

Wed like to see Microsoft give more Windows 10 users access to BitLockeror at least extend Device Encryption so it can be enabled on more PCs. Modern Windows computers should have built-in encryption tools, just like all other modern consumer operating systems do. Windows 10 users shouldnt have to pay extra or hunt down third-party software to protect their important data if their laptops are ever misplaced or stolen.

The rest is here:
How to Enable Full-Disk Encryption on Windows 10

After Paris, Encryption Will Be a Key Issue in the 2016 Race

When the Democratic presidential contenders gathered on the debate stage in Des Moines, Iowa, on Saturday, just hours after a series of terrorist attacks in Paris left at least 129 people dead, the candidates spent the early portion of their time on stage examining issues related to national security. They spoke of boots on the ground, regime changes, what role the United States ought to play in the fight against ISIS, and whether or not they use the term radical Islam.

But curiously, throughout the lengthy discussion, the one issue that was never mentionednot oncewas encryption. Thats lucky, at least for the candidates. As the world continues to reel from the Paris attacks, the debate over whether tech companies like Apple and Google are allowed to fully encrypt users communications will, no doubt, become one of the central dramas of the national security conversation going into the 2016 presidential race. It may also be among the toughest issues for the candidates, especially Democrats, to navigate.

Encryption may be among the toughest issues for the candidates, especially Democrats, to navigate.

Just yesterday, CIA director John Brennan said that he hoped the Paris attacks would serve as a wakeup call to those who oppose government surveillance in favor of personal privacy.

There are a lot of technological capabilities that are available right now that make it exceptionally difficult both technically as well as legally for intelligence security services to have insight that they need to uncover it,” he said, adding that terrorists have gone to school to figure out ways to evade intelligence officials.

Brennan attributed that fact, in part, to Edward Snowdens disclosures of the National Security Agencys bulk data collection programs, saying they tipped would-be terrorists off to surveillance tactics. In the past several years, because of a number of unauthorized disclosures and a lot of hand-wringing over the governments role in the effort to try to uncover these terrorists, he said, there have been some policy and legal and other actions that make our ability, collectively, internationally, to find these terrorists much more challenging.

This, of course, is not the first time weve heard these concerns from government officials. Just a day before the Paris attacks, the NSAs former general counsel, Matt Olsen, told an audience gathered in Des Moines that after Snowden came forward, the agency lost track of terrorists. Meanwhile, FBI director James Comey has been an outspoken critic of encryption, arguing that it enables criminals to go dark.

Whether encryption is really the security risk the government makes it out to be, of course, is still up for debate. We at WIRED have debated it plenty. Now it’s time for the presidential candidates to do the same.

Until now, the Democratic candidates in particular have been light on detail about where they stand on encryption and surveillance. This reticence stands to reason. By aligning themselves too closely with Washington’s intelligence community, they could alienate their Silicon Valley base, which is increasingly powerful in politics. But if they cater too much to the interests of tech companies such as Apple and Google, they could lose favor among voters who increasingly see national security as the country’s most pressing issue.

Former Secretary of State Hillary Clinton has walked an uneasy line on the subject of surveillance in the past. On one hand, she was a supporter of the controversial PATRIOT Act as a senator back in 2001, a decision that’s been widely criticized by Bernie Sanders’ camp. This summer, she also said that cybersecurity legislation such as the Cybersecurity Information Sharing Act, or CISA, which is already highly unpopular among privacy advocates, doesn’t go far enough in encouraging tech companies to share information with the US government. And during the first debate, she said Snowden “stole very important information that has unfortunately fallen into a lot of the wrong hands,” and that he shouldn’t return home “without facing the music.”

‘I think there are really strong, legitimate arguments on both sides.’

Hillary Clinton

At the same time, however, she has endorsed the USA Freedom Act, which would end the NSA’s bulk data collection program, calling it “a good step forward in ongoing efforts to protect our security and civil liberties.” And at a conference earlier this year, Clinton told Re/Code’s Kara Swisher that encryption is “a classic hard choice,” but she hedged before offering up her plan for what to do about it. “I would be the first to say I don’t have the answer,” she said. “I think there are really strong, legitimate arguments on both sides.”

Vermont Senator Bernie Sanders, on the other hand, has been far more outspoken in his opposition of government surveillance. He received a round of applause at the first Democratic debate for voting against the PATRIOT Act and has said that, as president, he would shut down the NSA’s surveillance program altogether.

But national security is considered Sanders’ major weak spot. Even those who support his stance on inequality sometimes question his ability as commander-in-chief. The more fearful Americans become of the threat ISIS poses, the weaker Sanders’ stance on surveillance may appear to the electorate beyond Sanders’ base. After all, a recent poll showed that 56 percent of voters said they would give the government access to some personal data if it meant protecting the country from a terrorist attack.

On the other side of the aisle, candidates like Jeb Bush, Marco Rubio, Carly Fiorina, Donald Trump, and Chris Christie have all spoken out against encryption and the need for government surveillance. The one notable exception, of course, is Kentucky Sen. Rand Paul, who said at a conference last week that he believes governments should require warrants to access people’s communications. Still, that policy doesn’t apply to companies like Apple, which promises users that their data is encrypted so that it can’t be accessed even with a warrant.

The battle over how to balance security and privacy, of course, is nothing new in politics. Just last month, the Obama administration backed away from legislation that would have forced tech companies to decrypt messages for law enforcement. The move was seen as a win for technologists and privacy advocates alike.

Those same advocates are now hoping that fear won’t cause politicians to resume the fight against encryption. “The Paris attacks are absolutely tragic, but the response must not be to undermine cybersecurity for digital services on which many millions of people depend,” said Harley Geiger, senior counsel and advocacy director for the Center for Democracy & Technology. “Weakening encryption will also not prevent organized groups from using strong encryption. Difficult-to-crack encryption and apps will continue to be available on the Internet, even if governments seek to ban them.”

And yet, as calls for stronger national security spread post-Paris, candidates that support encryption may face added pressures from both the public and their Republican opponents to reevaluateor at the least, delineatewhere they stand on encryption. And when they do, they may find it’s not so easy to keep both sides happy.

Go here to read the rest:
After Paris, Encryption Will Be a Key Issue in the 2016 Race

Does Encryption Really Help ISIS? Heres What You Need to …

There’s the war on terrorism, and then there’s the war on how to fight the war on terrorism.

With recent attacks in Paris, Beirut and Mali, some in governments and law-enforcement agencies are renewing their calls to expand electronic surveillance to thwart potential attacks. Communications that cant be tapped or unscrambled pose aseriousnational-security risk, authorities argue, because they can be used by terrorists tohidetheir activitiesand planning. Technology companies and cybersecurity experts generally takeadifferent view: If encrypted communications can be accessed by the government or a company — or anyone other than the sender and intended recipient — they inherently are vulnerable to bad actors and prying eyes.

Why is this such a complex and often heated debatewith noapparentresolution in sight? For starters, encryption is really complicated. Here’s what you need to know to understand the issues:

Encryption, sometimes called crypto by techies, is a fancy word for a type of code. Encryption schemes transform words into seeming gibberish. Heresa mereportionofencrypted textthat,if printed in full,would translate to”happyholidays:”

hQIMA2dX93ZaYL95AQ//ZSZ/n0VSK7ZZ9kkRk3X8nn+m2YLzHj5L4zrsrCesPOKw ZQG5FXuHz9/02Be3tyXelAiFpGdCh+Tdnx0r1wLOChitSPaydW0hcReG6cp9Nplk QZL5sYRr0NYWjx2EkwFO0j6lNcGMNo3qAoxMNe3rfENPjxpv1UCRl6nHfEmSk1BO swjBOUXrsWxbbphdJqSZtdWoPLlOnFftRjgqLe9hC9rmWF/Q7/RIkZ5TEYmSfJkI aGB3Vrf/XEwXOHuss+HgE9z/XalJtaNLCZeCgNgO/Lk26nVyS0R5XfNz9VtFszhT pjk2rpxMecOlCs4a62oSYykI63E04G0OZkZaPrUlir4GoSV4OVivFgbFDNtIq5Lk hX1TF3y/PsuVb8bF7XhvqCt/q9HF0n0LY9v+tJfMOT885c6uNX9Rm6ZUUFR++jgv X4EfNYSmX6HjmYTflqQyivWeTpGl13tQP7b+UppJr0v9vH7Wd0PmRdvLDhKHqCiq

Only a user or machine with the so-called encryption key can unscramblethe message to get its meaning. So the same phrase — “Happy Holidays” — would be encrypted differentlydepending on the software used and the people involved.

Once the province of spies, encryption is widely used on the Internet. The little padlock next to a Web address indicates the connection is encrypted. Wi-Fi routers, Gmail, Yahoo mail, Snapchats, tweets and 4G cellular phones all use some form of encryption,to protect personal information, such as passwords, location coordinates, bank-account and credit-card numbers and sometimes — depending on the type of encryption used — the text of messages and other content.

In addition to those receiving the data who need to decipher it, the companies that employ this technology typically hold keys, sothey canget to the information if they need to. Among other things, this letscustomers reset passwords, etc.It also allows companies to decrypt messages for the authorities when faced with lawful requests for customer records or the contents of communications.

In the past few years, several tech companies have adopted encryption schemes for which they say they dont hold the keys. Most notably, Apple Inc. and Alphabet Inc.s Google in 2014 released smartphone operating systems that, by default, they said precluded them from unlocking phones for law enforcement, even with a warrant.That’s because the companies said they would no longer maintain a key to unlock their devices’ encryption. Those keys would only be on the devices themselves and could only be unlockedwith users’ passwords.Before the switch, companies could comply with court orders to unlock phones, and usually did.

Here is FBI Director James Comey — who has called these actions an assault on law enforcement –testifying before Congress on the issue:

But tech and telecommunications companieswerecriticized after documents leaked byEdwardSnowden showedsomefirms cooperating with governmentsto allow access to some of their users’ communications. Companies also said the government was overstepping its monitoring activities without their knowledge, compromising user confidence in the privacy of their information. A lot of trust between the two sides was broken. Companies say that thenew encryption protocolswill make their products safer, because thieves and spies would have a harder time seeingand stealingtheir contents or communications.

Here’s Apple CEO Tim Cook, making this point at the Wall Street Journal’s WSJDLive tech conference in October:

The debate has widened as U.S. and European officialsalsostarted criticizing makers of apps designed to encrypt messages, such as Wickr, Signal and Telegram.Makers of theseapps have not changedtheir systemssince the Paris attacks.ButTelegram, which features both private chat and a Twitter-like public bulletin feature, saidrecently thatit had deactivated some public channels linked to the Islamic State. The shift, if small, was notable given Telegram founder Pavel Durov’s previous statements that his company “shouldn’t feel guilty” for reports that the app has been used by terrorists.

There is no evidence it played a role in the shootings and bombings in Paris. To the contrary, French media have reported some of the attackers coordinated using ordinary SMS text messages, which usually are easy for law enforcement to tap. However, Islamic State members have documented that they use some messaging apps that rely on strong encryption. Some U.S. officials have said this is a problem if the goal is to prevent another Islamic State attack. Here’s a tutorial used by the Islamic State to rate the relative strength of various communication apps:

Several reasons. One, technology companies in general chafe at the idea of the government telling them how to make products. When the Clinton administration in the 1990s proposed a system where the government would maintain the ability to decipher commercial communications through a so-called “Clipper chip,” the proposal was beat back due to civil liberties concerns. One alternative would have technology companies maintain all or part of the so-called master key, which they would only use if faced with a court order. Technology companies don’t like this solution because they fear it makes the key a target for hackers. In short, if someone steals the digital key,everything is potentially lost.It’s also unclear how such a system would work in practice.

Privately,some government officials say technology companies are overstating the risks of creating such a system. But technology companies counter the risks are real. The catch is that a lot of the risks are assumed and hypothetical. Building extra keys and loopholes into secure systems could, for example, introduce weaknesses from bugs, but it’s hard to know what those bugs are ahead of time. “The complexity of todays Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws,” wrote 15 cryptographers in a paper published by the Massachusetts Institute of Technology this summer. There is some precedent though for this concern. Washington once required American firms sell foreign customers only weaker, more easily cracked encryption to help U.S. spies keep tabs on overseas targets. Even though that requirement was dropped in the 1990s, the weakened encryption can still be found on computers and can now be exploited by other hackers. Lobbyists for tech firms such as Apple argue these problems would only be worse now. Because companies do more business overseas, they would likely have to replicate any deal they make with the United States. For instance, Apple sells a lot of iPhones in China. What if overseas governments demand the same types of keys?

In that case, all bets could be off. For instance, if an iPhone user uses iCloud backups for the content on their phone, Apple is able to hand over the latest backup if faced with a court order, the company says.Some cloud providers automatically erase such data after a period of time, but policies and procedures vary.

In January, Mr. Obama said, If we find evidence of a terrorist plot and despite having a phone number, despite having a social media address or email address, we cant penetrate that, thats a problem. The president and Mr. Comey have said they believe Silicon Valley should be able to come up with a solution. Congress also is examining the issue. On the other hand, former NSA Director Mike McConnell and other retired national security officials have publicly said that finding a way to maintain access to encrypted communications could be bad for security. The Obama administration has indicated that, for now, it doesnt want to issue orders to tech firms or push Congress for new laws.

Here’s Adm. Michael Rogers, head of the National Security Agency, at the WSJDLive conference urging government and the tech industry to bridge the gaps:

In 1999, a federal appeals court more or less ended the first “Crypto wars” when it ruled computer code, including encryption schemes, is protected speech under the First Amendment. Apple is fighting the Justice Department in a New York federal court over whether it should be forced to figure out a way to unlock an encrypted iPhone.

White House and congressional staffers have reached out to some Silicon Valley executives, asking them to come to Washington, D.C., for another round of encryption talks. Some lawmakers are seeking a so-called “Blue Ribbon” committee that would include experts from both sides of the debate. Sen. John McCain (R., Ariz.) has pledged to conduct hearings on the matter and pursue legislation. The British parliament meantime is exploring a new spy powers measure that could give authorities more power to force companies to be able to unscramble customer data.

More here:
Does Encryption Really Help ISIS? Heres What You Need to …

AES and RSA Encryption Explained

This is How Encryption with Boxcryptor Works

We encrypt files and thus provide increased protection against espionage and data theft. For encryption, we use a combination of AES-256 encryption and RSA encryption. Here we explain the two algorithms.

Advanced Encryption Standard (AES) is one of the most frequently used and most secure encryption algorithms available today. It is publicly accessible, and it is the cipher which the NSA uses for securing documents with the classification “top secret”. Its story of success started in 1997, when NIST (National Institute of Standards and Technology) started officially looking for a successor to the aging encryption standard DES. An algorithm named “Rijndael”, developed by the Belgian cryptographists Daemen and Rijmen, excelled in security as well as in performance and flexibility.

It came out on top of several competitors and was officially announced the new encryption standard AES in 2001. The algorithm is based on several substitutions, permutations and linear transformations, each executed on data blocks of 16 byte therefore the term blockcipher. Those operations are repeated several times, called rounds. During each round, a unique roundkey is calculated out of the encryption key, and incorporated in the calculations. Based on the block structure of AES, the change of a single bit, either in the key, or in the plaintext block, results in a completely different ciphertext block a clear advantage over traditional stream ciphers. The difference between AES-128, AES-192 and AES-256 finally is the length of the key: 128, 192 or 256 bit all drastic improvements compared to the 56 bit key of DES. By way of illustration: Cracking a 128 bit AES key with a state-of-the-art supercomputer would take longer than the presumed age of the universe. And Boxcryptor even uses 256 bit keys. As of today, no practicable attack against AES exists. Therefore, AES remains the preferred encryption standard for governments, banks and high security systems around the world.

RSA is one of the most successful, asymmetric encryption systems today. Originally discovered in 1973 by the British intelligence agency GCHQ, it received the classification top secret. We have to thank the cryptologists Rivest, Shamir and Adleman for its civil rediscovery in 1977. They stumbled across it during an attempt to solve another cryptographic problem.

As opposed to traditional, symmetric encryption systems, RSA works with two different keys: A public and a private one. Both work complementary to each other, which means that a message encrypted with one of them can only be decrypted by its counterpart. Since the private key cannot be calculated from the public key, the latter is generally available to the public.

Those properties enable asymmetric cryptosystems to be used in a wide array of functions, such as digital signatures. In the process of signing a document, a fingerprint encrypted with RSA, is attached to the file, and enables the receiver to verify both the sender and the integrity of the document. The security of RSA itself is mainly based on the mathematical problem of integer factorization. A message that is about to be encrypted is treated as one large number. When encrypting the message, it is raised to the power of the key, and divided with remainder by a fixed product of two primes. By repeating the process with the other key, the plaintext can be retrieved again. The best currently known method to break the encryption requires factorizing the product used in the division. Currently, it is not possible to calculate these factors for numbers greater than 768 bits. That is why modern cryptosystems use a minimum key length of 3072 bits.

Boxcryptor implements a combined encryption process based on asymmetric RSA and symmetric AES encryption. Every file has its own unique random file key which is generated when the file is being created.

See the article here:
AES and RSA Encryption Explained

Encryption: What it is and why its important – Norton

Encryption is the process of helping protect personal data by using a secret code to scramble it so that it cannot be read by anyone who doesnt have the code key. Today, vast amounts of personal information are managed online and stored in the cloud or on servers with an ongoing connection to the web. Its nearly impossible to do business of any kind without personal data ending up in a networked computer system, which is why its important to know how to help keep that data private.

Most legitimate websites use what is called Secure Sockets Layer (SSL), which is a form of encrypting data when it is being sent to and from a website. This keeps attackers from accessing that data while it is in transit. Look for the green padlock icon in the URL bar, and the S in the https:// to make sure you are conducting secure, encrypted transactions online.

Its a good idea to access sites utilizing SSL when:

3 reasons why encryption mattersWhy is encryption important? Here are three reasons:

1. Internet privacy concerns are real Encryption helps protect privacy by turning personal information into for your eyes only messages intended only for the parties that need them and no one else. You should make sure that your emails are being sent over an encrypted connection, or that you are encrypting each message. Most email clients come with the option for encryption in the settings menu, and if you check your email with a web browser, take a moment to ensure that SSL encryption is available.

2. Hacking is big businessHackers arent just bored kids in a basement anymore. Theyre big business, and in some cases, theyre multinational outfits. Large-scale data breaches that you may have heard about in the news demonstrate that people are out to steal personal information to fill their pockets.

3. Regulations demand it Healthcare providers are required by the Health Insurance Portability and Accountability Act (HIPAA) to implement security features that protect patients sensitive health information. Institutions of higher learning must take similar steps under the Family Education Rights and Privacy Act (FERPA), while retailers must contend with the Fair Credit Practices Act (FCPA) and similar laws. Encryption helps businesses stay compliant as well as helps protect the valuable data of their customers.

Read more:
Encryption: What it is and why its important – Norton

Email encryption in transit – Gmail Help

“,”text/html”).body.children[0]}function eg(a,b){if(!a)return fc;var c=document.createElement(“div”).style,d=hg(a);kb(d,function(e){var f=O.ad&&e in bg?e:e.replace(/^-(?:apple|css|epub|khtml|moz|mso?|o|rim|wap|webkit|xv)-(?=[a-z])/i,””);Ob(f,”–“)||Ob(f,”var”)||(e=Zf(a,e),e=zf(f,e,b),null!=e&&$f(c,f,e))});return Jc(c.cssText||””)}function ig(a){var b=Array.from(Rf(Hf,a,”getElementsByTagName”,[“STYLE”])),c=tb(b,function(e){return sb(Vf(e).cssRules)});c=dg(c);c.sort(function(e,f){e=sf(e.selectorText);a:{f=sf(f.selectorText);for(var g=Math.min(e.length,f.length),h=0;hn?1:lf?1:e”+c+””),ig(c),c=c.innerHTML);var d=document.createElement(“template”);if(“content”in d)d.innerHTML=c,d=d.content;else{var e=document.implementation.createHTMLDocument(“x”);d=e.body;e.body.innerHTML=c}c=document.createTreeWalker(d,NodeFilter.SHOW_ELEMENT|NodeFilter.SHOW_TEXT,null,!1);for(d=kg?new WeakMap:new mg;e=c.nextNode();){c:{var f=a;var g=e;switch(Xf(g)){case 3:f=Hg(f,g);break c;case 1:if(“TEMPLATE”==Wf(g).toUpperCase())f=null;else{var h=Wf(g).toUpperCase();if(h in f.R)var l=null;else f.T[h]?l=document.createElement(h):(l=Pe(“SPAN”),f.ha&&Tf(l,”data-sanitizer-original-tag”,h.toLowerCase()));if(l){var n=l,q=Sf(g);if(null!=q)for(var u=0;h=q[u];u++)if(h.specified){var t=f;var x=g,J=h,Y=J.name;if(Ob(Y,”data-sanitizer-“))t=null;else{var ba=Wf(x);J=J.value;var Pa={tagName:Qb(ba).toLowerCase(),attributeName:Qb(Y).toLowerCase()},wb={kf:void 0};”style”==Pa.attributeName&&(wb.kf=Uf(x));x=Eg(ba,Y);x in t.o?(t=t.o[x],t=t(J,Pa,wb)):(Y=Eg(null,Y),Y in t.o?(t=t.o[Y],t=t(J,Pa,wb)):t=null)}null===t||Tf(n,h.name,t)}f=l}else f=null}break c;default:f=null}}if(f){if(1==Xf(f)&&d.set(e,f),e=Yf(e),g=!1,e)h=Xf(e),l=Wf(e).toLowerCase(),n=Yf(e),11!=h||n?”body”==l&&n&&(h=Yf(n))&&!Yf(h)&&(g=!0):g=!0,h=null,g||!e?h=b:1==Xf(e)&&(h=d.get(e)),h.content&&(h=h.content),h.appendChild(f)}else Qe(e)}d.clear&&d.clear();a=b}else a=Pe(“SPAN”);0″)+1,a.lastIndexOf(“”))}else a=””;b=Db(“Output of HTML sanitizer”);Cb(b);Cb(b);return Hc(a,null)}function Hg(a,b){var c=b.data;(b=Yf(b))&&”style”==Wf(b).toLowerCase()&&!(“STYLE”in a.R)&&”STYLE”in a.T&&(c=uc(fg(c,a.w,B(function(d,e){return this.W(d,{Rj:e})},a))));return document.createTextNode(c)};var Ig=Pe(“DIV”);Ig.id=Ig[Za]||(Ig[Za]=++$a);function Jg(a){var b=new tg;b.W=Fg;b.T=ib;b.R=ib;b.H=Zb;b.ha=Zb;b=new sg(b);return Gg(b,a)}function Kg(a){var b=new sg(new tg);return Gg(b,a)};var Lg=”closure_listenable_”+(1E6*Math.random()|0),Mg=0;function Ng(){this.ha=this.ha;this.V=this.V}Ng.prototype.ha=!1;Ng.prototype.ld=function(){this.ha||(this.ha=!0,this.bc())};Ng.prototype.bc=function(){if(this.V)for(;this.V.length;)this.V.shift()()};var Og=!O.Ua||O.Ae(9),Pg=O.Ua&&!O.vb(“9”);!O.ad||O.vb(“528”);O.Yc&&O.vb(“1.9b”)||O.Ua&&O.vb(“8”)||O.ae&&O.vb(“9.5”)||O.ad&&O.vb(“528”);O.Yc&&!O.vb(“8”)||O.Ua&&O.vb(“9″);var Qg=function(){if(!A.addEventListener||!Object.defineProperty)return!1;var a=!1,b=Object.defineProperty({},”passive”,{get:function(){a=!0}});try{A.addEventListener(“test”,Ta,b),A.removeEventListener(“test”,Ta,b)}catch(c){}return a}();function Rg(a,b){this.type=a;this.o=this.target=b;this.w=!1;this.mi=!0}Rg.prototype.stopPropagation=function(){this.w=!0};Rg.prototype.preventDefault=function(){this.mi=!1};function Sg(a,b){Rg.call(this,a?a.type:””);this.relatedTarget=this.o=this.target=null;this.button=this.screenY=this.screenX=this.clientY=this.clientX=0;this.key=””;this.keyCode=0;this.metaKey=this.shiftKey=this.altKey=this.ctrlKey=!1;this.state=null;this.pointerId=0;this.pointerType=””;this.H=null;a&&this.init(a,b)}D(Sg,Rg);var Tg={2:”touch”,3:”pen”,4:”mouse”};Sg.prototype.init=function(a,b){var c=this.type=a.type,d=a.changedTouches&&a.changedTouches.length?a.changedTouches[0]:null;this.target=a.target||a.srcElement;this.o=b;if(b=a.relatedTarget){if(O.Yc){a:{try{Le(b.nodeName);var e=!0;break a}catch(f){}e=!1}e||(b=null)}}else”mouseover”==c?b=a.fromElement:”mouseout”==c&&(b=a.toElement);this.relatedTarget=b;d?(this.clientX=void 0!==d.clientX?d.clientX:d.pageX,this.clientY=void 0!==d.clientY?d.clientY:d.pageY,this.screenX=d.screenX||0,this.screenY=d.screenY||0):(this.clientX=void 0!==a.clientX?a.clientX:a.pageX,this.clientY=void 0!==a.clientY?a.clientY:a.pageY,this.screenX=a.screenX||0,this.screenY=a.screenY||0);this.button=a.button;this.keyCode=a.keyCode||0;this.key=a.key||””;this.ctrlKey=a.ctrlKey;this.altKey=a.altKey;this.shiftKey=a.shiftKey;this.metaKey=a.metaKey;this.pointerId=a.pointerId||0;this.pointerType=Ma(a.pointerType)?a.pointerType:Tg[a.pointerType]||””;this.state=a.state;this.H=a;a.defaultPrevented&&this.preventDefault()};Sg.prototype.stopPropagation=function(){Sg.Nc.stopPropagation.call(this);this.H.stopPropagation?this.H.stopPropagation():this.H.cancelBubble=!0};Sg.prototype.preventDefault=function(){Sg.Nc.preventDefault.call(this);var a=this.H;if(a.preventDefault)a.preventDefault();else if(a.returnValue=!1,Pg)try{if(a.ctrlKey||112=a.keyCode)a.keyCode=-1}catch(b){}};function Ug(a,b,c,d,e){this.listener=a;this.proxy=null;this.src=b;this.type=c;this.capture=!!d;this.ye=e;this.key=++Mg;this.sd=this.je=!1}function Vg(a){a.sd=!0;a.listener=null;a.proxy=null;a.src=null;a.ye=null};function Wg(a){this.src=a;this.o={};this.w=0}Wg.prototype.add=function(a,b,c,d,e){var f=a.toString();a=this.o[f];a||(a=this.o[f]=[],this.w++);var g=Xg(a,b,d,e);-1c.keyCode||void 0!=c.returnValue)){a:{var e=!1;if(0==c.keyCode)try{c.keyCode=-1;break a}catch(g){e=!0}if(e||void 0==c.returnValue)c.returnValue=!0}c=[];for(e=b.o;e;e=e.parentNode)c.push(e);a=a.type;for(e=c.length-1;!b.w&&0>>0);function dh(a){if(Xa(a))return a;a[nh]||(a[nh]=function(b){return a.handleEvent(b)});return a[nh]};function oh(){Ng.call(this);this.H=new Wg(this);this.Da=this;this.Ca=null}D(oh,Ng);oh.prototype[Lg]=!0;r=oh.prototype;r.xf=p(“Ca”);r.addEventListener=function(a,b,c,d){bh(this,a,b,c,d)};r.removeEventListener=function(a,b,c,d){jh(this,a,b,c,d)};r.tb=function(a){var b=this.xf();if(b){var c=[];for(var d=1;b;b=b.xf())c.push(b),++d}b=this.Da;d=a.type||a;if(Ma(a))a=new Rg(a,b);else if(a instanceof Rg)a.target=a.target||b;else{var e=a;a=new Rg(d,b);yb(a,e)}e=!0;if(c)for(var f=c.length-1;!a.w&&0a;a++)ph[a]=”ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=”.charAt(a),qh[ph[a]]=a,62>2;e=(e&3)>4;g=(g&15)>6;l&=63;h||(l=64,f||(g=64));c.push(b[n],b[e],b[g],b[l])}return c.join(“”)};try{return JSON.stringify(this.w&&Bh(this),Eh)}finally{Uint8Array.prototype.toJSON=a}}:function(){return JSON.stringify(this.w&&Bh(this),Eh)};function Eh(a,b){return Na(b)&&(isNaN(b)||Infinity===b||-Infinity===b)?String(b):b}P.prototype.toString=function(){Dh(this);return this.w.toString()};function Fh(a){this.o=a;this.V=”after”;this.W=”below”;this.T=!0}r=Fh.prototype;r.Yf=function(a){this.R=a;return this};r.Bi=function(a){this.V=a;return this};r.Ii=function(a){this.W=a;return this};r.Xf=function(a){this.T=a;return this};r.open=function(){var a=this;this.w||(this.w=function(){return Gh(a)},window.addEventListener(“resize”,this.w),window.addEventListener(“scroll”,this.w));Gh(this);F(this.o,”popup–active”,!0)};r.close=function(){F(this.o,”popup–active”,!1);this.w&&(window.removeEventListener(“resize”,this.w),window.removeEventListener(“scroll”,this.w),this.w=void 0)};function Gh(a){a.H=a.R.getBoundingClientRect();var b=Hh(a,”before”==a.V?[“before”,”after”]:[“after”,”before”]),c=Hh(a,”above”==a.W?[“above”,”below”]:[“below”,”above”]);a.o.style.left=Ih(a,b)+”px”;a.o.style.top=Ih(a,c)+”px”;F(a.o,”popup–before”,”before”==b);F(a.o,”popup–after”,”after”==b);F(a.o,”popup–above”,”above”==c);F(a.o,”popup–below”,”below”==c)}function Hh(a,b){var c=b[0];b=v(b);for(var d=b.next();!d.done;d=b.next()){d=d.value;a:{var e=Ih(a,d);switch(d){case “before”:case “after”:e=Math.min(e,0)+Math.min(window.innerWidth-e-a.o.offsetWidth,0);break a;case “above”:case “below”:e=Math.min(e,0)+Math.min(window.innerHeight-e-a.o.offsetHeight,0);break a}e=0}if(0>>0),u=[[“js_request_id”,q],[“rr”,1],[“lc”,1]],t=Lh();0>>0);a={Od:c,Ej:bi(a,b,c),onLoad:b.onLoad,onError:b.onError||k(),If:b.If||k(),Lh:b.Lh||k(),Jg:b.Jg,mk:b.rb,Sf:b.Sf};b.ub&&(“IFRAME”==b.ub.nodeName?(a.window=b.ub.contentWindow,a.ub=a.window.document.body):(a.window=window,a.ub=b.ub));return a}function bi(a,b,c){var d=a.R;”undefined”!=typeof a.w&&(d=a.w.replace(//+$/,””));d+=”/apis/render?”;var e=a.V,f=a.ma,g=b.helpcenter,h=a.ha,l=a.W,n=a.ua,q=a.ta,u=a.ka,t=b.rb,x=b.Lf,J=b.Bf,Y=b.Wp;c=[“js_request_id.”+c];if(b.Bd)for(var ba in b.Bd)c.push(ba+”.”+b.Bd[ba]);a={v:1,key:e,request_source:f,helpcenter:g,hl:h,authuser:l,visit_id:n,view_id:q,psd:u,page_type:t,id:x,components:J,exclude_components:Y,extra_params:c,mendel_ids:a.T};b=””;for(var Pa in a)ba=a[Pa],void 0!=ba&&(Array.isArray(ba)&&(ba=ba.join()),b&&(b+=”&”),b+=Pa+”=”+encodeURIComponent(ba.toString()));return d+b}function ai(a,b,c){try{var d=JSON.parse(c)}catch(e){b.onError({type:1,message:c});return}if(404!=d.application_error&&d.html){if(b.Sf){if(!d.page_metadata||!d.page_metadata.page_type){b.onError({type:4});return}if(mf.get(d.page_metadata.page_type)!=b.mk){b.onError({type:3});return}}d.page_metadata&&b.If(d.page_metadata);d.fingerprint&&b.Lh(d.fingerprint);b.ub?di(a,b,d.html):b.Jg(function(e){“IFRAME”==e.nodeName?(b.window=e.contentWindow,b.ub=b.window.document.body):(b.window=window,b.ub=e);di(a,b,d.html)})}else b.onError({type:2})}function di(a,b,c){b.window.sc_scope=b.ub;b.onLoad&&(b.window[b.Od]=function(d){b.onLoad(d.getChild(b.Od))});b.ub.innerHTML=c;c=Array.from(b.ub.getElementsByTagName(“script”));a.H(b,c)}Zh.prototype.H=function(a,b){for(;02*this.H&&fi(this),!0):!1};function fi(a){if(a.H!=a.w.length){for(var b=0,c=0;b=d.w.length)throw nf;var f=d.w[b++];return a?f:d.o[f]};return e};function gi(a,b){return Object.prototype.hasOwnProperty.call(a,b)};var hi=/^(?:([^:/?#.]+):)?(?://(?:([^/?#]*)@)?([^/#?]*?)(?::([0-9]+))?(?=[/#?]|$))?([^?#]+)?(?:?([^#]*))?(?:#([sS]*))?$/;function ii(a){a=a.match(hi)[1]||null;!a&&A.self&&A.self.location&&(a=A.self.location.protocol,a=a.substr(0,a.length-1));return a?a.toLowerCase():””};var ji=0;function ki(a,b){this.element=a;this.o=b;this.H=null;this.$f()}r=ki.prototype;r.$f=function(){var a=this;this.o||(this.o=K().querySelector(‘[data-material-menu-trigger-for=”‘+this.element.dataset.materialMenuId+'”]’));this.o.addEventListener(“click”,function(b){return a.Kf(b)});this.o.addEventListener(“keydown”,function(b){“Enter”===b.key&&a.Kf(b)});this.element.addEventListener(“keydown”,function(b){switch(b.key){case “ArrowUp”:b.preventDefault();li(a,-1);break;case “ArrowDown”:b.preventDefault(),li(a,1)}});this.Ji()&&this.element.addEventListener(“click”,function(){return a.Lg()});mi(this);G(this.element,”material-menu–match-trigger-width”)&&(this.element.style.minWidth=this.o.getBoundingClientRect().width+”px”);this.w=(new cf({className:”material-menu-backdrop”,he:”material-menu-backdrop–active”})).Bb(function(){a.T.close();a.w.Pa();a.o.classList.remove(“material-menu-trigger–open”);a.o.removeAttribute(“aria-expanded”);a.H&&a.H()}).Pd(this.element);F(this.element,”material-menu–ready”);this.T=(new Fh(this.element)).Yf(this.o).Bi(G(this.element,”material-menu–before”)?”before”:”after”).Ii(G(this.element,”material-menu–above”)?”above”:”below”).Xf(!G(this.element,”material-menu–no-overlap-trigger”))};function mi(a){var b=”material-menu-“+ji++;a.o.setAttribute(“aria-haspopup”,!0);a.o.setAttribute(“aria-controls”,b);a.element.setAttribute(“role”,”menu”);a.element.id=b}r.Ji=aa(!0);function li(a,b){a=Ze(a.element,”.material-menu__item”);var c=a.indexOf(document.activeElement);c=-1==c?0:(c+b+a.length)%a.length;a[c].focus()}r.Vf=function(a){!id()&&(2>a||5a.w&&(a.w++,b.next=a.o,a.o=b)};function xi(a){A.setTimeout(function(){throw a;},0)}var yi;function zi(){var a=A.MessageChannel;”undefined”===typeof a&&”undefined”!==typeof window&&window.postMessage&&window.addEventListener&&!E(“Presto”)&&(a=function(){var e=document.createElement(“IFRAME”);e.style.display=”none”;e.src=””;document.documentElement.appendChild(e);var f=e.contentWindow;e=f.document;e.open();e.write(“”);e.close();var g=”callImmediate”+Math.random(),h=”file:”==f.location.protocol?”*”:f.location.protocol+”//”+f.location.host;e=B(function(l){if((“*”==h||l.origin==h)&&l.data==g)this.port1.onmessage()},this);f.addEventListener(“message”,e,!1);this.port1={};this.port2={postMessage:function(){f.postMessage(g,h)}}});if(“undefined”!==typeof a&&!Ac()){var b=new a,c={},d=c;b.port1.onmessage=function(){if(La(c.next)){c=c.next;var e=c.cb;c.cb=null;e()}};return function(e){d.next={cb:e};d=d.next;b.port2.postMessage(0)}}return”undefined”!==typeof document&&”onreadystatechange”in document.createElement(“SCRIPT”)?function(e){var f=document.createElement(“SCRIPT”);f.onreadystatechange=function(){f.onreadystatechange=null;f.parentNode.removeChild(f);f=null;e();e=null};document.documentElement.appendChild(f)}:function(e){A.setTimeout(e,0)}};function Ai(){this.w=this.o=null}var Ci=new vi(function(){return new Bi},function(a){a.reset()});Ai.prototype.add=function(a,b){var c=Ci.get();c.set(a,b);this.w?this.w.next=c:this.o=c;this.w=c};Ai.prototype.remove=function(){var a=null;this.o&&(a=this.o,this.o=this.o.next,this.o||(this.w=null),a.next=null);return a};function Bi(){this.next=this.scope=this.o=null}Bi.prototype.set=function(a,b){this.o=a;this.scope=b;this.next=null};Bi.prototype.reset=function(){this.next=this.scope=this.o=null};function Di(a,b){Ei||Fi();Gi||(Ei(),Gi=!0);Hi.add(a,b)}var Ei;function Fi(){if(A.Promise&&A.Promise.resolve){var a=A.Promise.resolve(void 0);Ei=function(){a.then(Ii)}}else Ei=function(){var b=Ii;!Xa(A.setImmediate)||A.Window&&A.Window.prototype&&!E(“Edge”)&&A.Window.prototype.setImmediate==A.setImmediate?(yi||(yi=zi()),yi(b)):A.setImmediate(b)}}var Gi=!1,Hi=new Ai;function Ii(){for(var a;a=Hi.remove();){try{a.o.call(a.scope)}catch(b){xi(b)}wi(Ci,a)}Gi=!1};function Ji(a){if(!a)return!1;try{return!!a.$goog_Thenable}catch(b){return!1}};function Ki(a){this.o=0;this.W=void 0;this.R=this.w=this.H=null;this.T=this.V=!1;if(a!=Ta)try{var b=this;a.call(void 0,function(c){Li(b,2,c)},function(c){Li(b,3,c)})}catch(c){Li(this,3,c)}}function Mi(){this.next=this.context=this.w=this.H=this.o=null;this.R=!1}Mi.prototype.reset=function(){this.context=this.w=this.H=this.o=null;this.R=!1};var Ni=new vi(function(){return new Mi},function(a){a.reset()});function Oi(a,b,c){var d=Ni.get();d.H=a;d.w=b;d.context=c;return d}Ki.prototype.then=function(a,b,c){return Pi(this,Xa(a)?a:null,Xa(b)?b:null,c)};Ki.prototype.$goog_Thenable=!0;Ki.prototype.cancel=function(a){0==this.o&&Di(function(){var b=new Qi(a);Ri(this,b)},this)};function Ri(a,b){if(0==a.o)if(a.H){var c=a.H;if(c.w){for(var d=0,e=null,f=null,g=c.w;g&&(g.R||(d++,g.o==a&&(e=g),!(e&&1

Search

Clear search

Close search

Google apps

Main menu

S/MIME is used to supportenhanced encryption in transit, and automatically encrypts your outgoing emails if it can.

Note: These steps only work if you haveS/MIME enabled on your account.

When you’re sending or receiving messages, you can see the level of encryption a message has. The color of the icon will change based on the level of encryption.

If you’re writing a message and see the red lock icon, consider removing these addresses or deleting the confidential information. To see which address is unencrypted, click View Details.

If you received a message with the red lock icon and the message contained particularly sensitive content, let the sender know and they can contact their email service provider.

If the person youre emailing is using an email service that doesnt encrypt all messages using S/MIME or TLS, their emails might not be secure. However,messages are encrypted in S/MIME whenever possible.

For S/MIME to work, to either sign or receive S/MIME encrypted mail, a user must have a valid S/MIME cert from a trusted root.

S/MIME is a long standing protocol which allows encrypted and signed messages to be sent using standard mail delivery SMTP.

It uses public key cryptography to:

Note: A message can’t be decrypted if the user’s key isn’t uploaded when the message is delivered. Learn more about uploading certificates.

Opportunistic TLS (STARTTLS) is a protocol that helps provide privacy between communicating applications and their users during email delivery. When a server and client communicate, TLS ensures that no third party can overhear or tamper with any messages.

For delivery TLS to work, the email delivery services of both the sender and the receiver always have to use TLS.

Learn more about TLS email encryption.

Was this article helpful?

How can we improve it?

YesNo

Search Help Center

//www.google.com/tools/feedback/metric/report

17

See original here:
Email encryption in transit – Gmail Help