File Encryption

How to Encrypt Files for Secure Email Transmission or Storage

Why Encrypt?

Massachusetts Law requires that legally-protected personal financial information be encrypted if sent over public networks, such as the internet. You may also need to protect information your office considers confidential, regardless of any legal requirement. This document describes ways to encrypt files prior to sending them via e-mail or storing them.

What is Encryption?

Encryption protects the contents of a file from being read by anyone who doesn’t have the encryption key. When encrypting a document or file, you will usually need to supply an encryption key in the form of a password or passphrase, which is then used to transform the document’s contents in such a way as to make the document unreadable. The encrypted document will need to have the password entered before it can be opened.

Important: Once a document has been encrypted, you can not open it without the password. Consider that it may be years before the file is needed, and if the password is forgotten, the file is worthless. Don’t rely on your memory. Make sure that passwords are stored some place safe before encrypting important information and make sure the passwords (or the location of the passwords) are made available to the appropriate faculty or staff.

What can be Encrypted?

Fortunately nearly all portable devices and files can be password protected.  Windows and Mac laptops can be protected with BitLocker and FileVault.  Portable flash (thumb) drives, or external harddrives can be secured with those programs.  Word, Excel and PDFs can be password protected.  Or a collection of files can be “zipped” for secure transfer.

Portable devices like iPhones and tablets can (and always should!) be protected with a passcode.

So how Do I Encrypt a Document?

Microsoft Office

A number of widely-used software applications can encrypt documents, including Microsoft Office Word, Excel, and PowerPoint, version 2007 and above.

Office 2007 on a PC:  Click the Office Button in the top right corner.   Prepare > Encrypt Document, and enter a password.

Office 2010, 2013 and 2016 on a PC:  Click File > Info > Protect Document.  Encrypt with a password and enter a password.

Mac Office (older versions):  Word menu > Preferences > Personal Settings > Security.  Encrypt with a password and click OK.

Mac Word 2016:  Click Review > Protect Document. On the Review tab, Protect Document is highlighted.  Under Security, select enter a password to open the document. Enter a password.  Click OK.

Mac Excel 2016:  Click File > Passwords.  Enter a password in the Password to open field.

Adobe Acrobat XI Professional (PDF)

Open the PDF and choose Tools > Protection > Encrypt > Encrypt with Password. (If the Protection panel is not visible, choose View > Tools > Protection.)

If you receive a prompt, click Yes to change the security.
Select Require A Password To Open The Document, then type the password in the corresponding field. For each keystroke, the password strength meter evaluates your password and indicates the password strength using color patterns.
Select an Acrobat version from the Compatibility menu. Choose a version equal to or lower than the recipients’ version of Acrobat or Reader.   Acrobat X and later is recommended.
Click OK. At the prompt to confirm the password, retype the appropriate password in the box and click OK.

 

General-Purpose Encryption Tools for Windows

7-Zip is a free Windows program which can compress files to save space when storing them or transmitting them across a network. 7-Zip creates a compressed archive file which can contain one or many files. The archive file can be encrypted and then securely sent as an attachment via e-mail. 7-Zip works with any kind of file (Word, Excel, PowerPoint, PDF, JPG, etc).

7-Zip can compress files using the standard WinZip archive format. This means that the archive file can be opened by anyone using Windows XP, Vista, or Windows 7, provided they know the password.

Steps:

  1. Download and install 7-Zip
    • You can download 7-zip from www.7-zip.org
    • Download 7-Zip 4.65 (2009-02-03) for Windows, 32-bit (or later version)
    • When the download is complete, run the downloaded file, which will have a name similar to 7z465.exe
    • Take the defaults for all prompts.
  2. Use 7-Zip to encrypt a file and send it via Outlook or GMail
    • Choose Start > Programs > 7-Zip > 7-Zip File Manager.
    • The 7-Zip File Manager application will load.
    • Navigate to the location where the file(s) to encrypt reside.
    • Right-click on the name of the file to encrypt.
    • If using Outlook:
      • Choose 7-Zip > Compress and Email…
      • Set the Archive format to Zip.
      • Enter a password and re-enter it for confirmation.  Use a long, complex password.
      • Click Ok to create the compressed and encrypted archive file. This archive file will have a .zip extension and will automatically be added as an attachment to a new email message in Outlook.
    • If using GMail or other mail client:
      • Right-click on the file name to encrypt and choose 7-Zip > Add to Archive..
      • Set the Archive format to Zip.
      • Enter a password and re-enter it for confirmation. Use a long, complex password.
      • The zip file will be created in the same location as the original file.
      • Add it as an attachment to your e-mail message.
  3. Send the archive file as an attachment to the recipient by e-mail
  4. Communicate the password to the intended recipient by some manner other than e-mail, such as a text message or phone call.
  5. The recipient will be able to double-click on the archive file to open it.
  6. They will be prompted to enter the password you used to encrypt the file.

Notes:

  • It’s possible that the recipient’s email system may block files with a .zip file extension. If this is the case, you can try renaming the encrypted archive from .zip to, for example, .zzp and then resending it as an attachment.
  • Some mail systems may block all encrypted files. If so, you will need to contact the intended recipient and ask what, if any, methods of transferring encrypted files they will accept.
  • By default, 7-Zip uses ZipCrypto as its encryption method. The advantage of ZipCrypto is that recipients using Windows can unencrypt ZipCrypto files without the need for any special software such as 7-Zip. The disadvantage of ZipCrypto is that the encryption method is not as strong as more modern methods. This means under certain circumstances, it may be possible for someone with access to the encrypted file to decrypt it, especially if they have some knowledge of the file’s contents. For example, if the email message accompanying the encrypted attachment repeats some of the information in the encrypted file, it may be possible to break the encryption with special-purpose software.

To substantially improve the strength of the encryption, change the encryption method from ZipCrypto to AES256. The disadvantage is that recipient must have a program such as 7-Zip or WinZip to decrypt the file.

General-Purpose Encryption Tools for Mac OS X

The Mac OS comes with a program named Disk Utility, which can be found in Applications > Utilities. You can use Disk Utility to create an encrypted disk image, which can hold one or more files or folders. Once created, the Disk Image is stored as a file, which can be burned to a CD, copied to another disk or sent via e-mail as an attachment to another Mac user.

Steps:

  1. After launching the Disk Utility, select File > New Blank Image… from the menu.
  2. Enter a name for the new image in the Save As box.
  3. Select a reasonable size for the new disk image that’s large enough to hold the file(s) you plan to encrypt.
  4. Select the AES-128 encryption method or AES-256 for the strongest encryption.
  5. Select Sparse Disk Image for the Image Format to minimize the size of the image file.
  6. Click the Create button.
  7. When prompted, enter an encryption password. Make sure to uncheck the Remember password (add to keychain) check box so that the disk image isn’t automatically decrypted when you open it.
  8. The disk image will mount automatically on the Desktop as a disk after it’s created.
  9. You can copy & paste or drag and drop folders or files into the disk image to encrypt them.
  10. to unmount the disk image, drag its icon to the trash.
  11. From now on, the disk image will not mount unless the encryption password is entered.
  12. The disk image file can be found in the Documents folder. Its name will consist of the image name you gave it in step 2 + .sparseimage. Double-click on it to mount it.
  13. This file can be copied, moved, or sent as an e-mail attachment if it’s not too large for the mail server to handle.

Stuffit

Stuffit is a commercial product for MacOS which can compress and encrypt files. The cost is $29.95 per Mac but it is free to download and try out. If you only need to be able to decrypt or uncompress files sent to you by someone else, you can use Stuffit Expander, which is free. Download either at www.stuffit.com.