Return to: U of M Home

What's Inside

Related Links

1-HELP

System Status

Encrypting Stored Data

Encryption is the conversion of data into a form, called ciphertext, that cannot be easily understood by unauthorized people.  Decryption is the process of converting encrypted data back into its original form, so it can be understood.

Before using encryption programs, evaluate if it is absolutely necessary to store confidential or private data on this computer or mobile computing device (e.g., PDA or USB flash drive). Consult with your local technical support staff.  If you need to store private data, take steps to encrypt the data to help prevent unauthorized disclosure of private data. For laptops, data encryption is just one of the required steps in the University's Securing Private Data Standard.

There is a variety of encryption software available for common operating systems. Some software encrypts the entire hard disk, while others have an option to encrypt specific files or folders on the hard disk. Some operating systems, such as Microsoft Windows and Apple Macintosh have an option to turn on the operating systems built-in encryption software. There are also some readily available data encryption products from third party vendors. Some are even free.

No matter what product you choose, here are some important reminders:

  • Consult with your local technical support staff.
  • Read about the encryption product.  Understand how to configure the software, where to store the keys and what is  encrypted.  Some products do NOT encrypt the files when they are e-mailed or saved to external media. 
  • Encryption is dependent on using strong passwords or passphrases.
  • Download encryption software from reputable company Web sites. Some encryption products may install a backdoor for hackers, adware, spyware or viruses.
  • All encrypted data can be permanently lost if you forget the encryption password (or passphrase). If you decide to save them, decryption keys should be locked in a a safe location.
  • Do not decrypt a file and store in a temporary file someplace. If this occurs, be sure to securely wipe/erase the file from disk.
  • Consider setting up a secure folder or disk partition on the computer for storing private data.
  • Properly done (good software, strong password, etc.), encryption is good protection for laptops and portable devices that may get lost or stolen as well as other computers.

Below are options for various operating systems/media: Macintosh, Unix, Windows and USB flash drives.

Windows

Below are some products used within the University by some departments.  Be sure to download the software from a reputable site and periodically check the vendor web site for security patches or updates that must be applied.

Product

Windows Platforms

Options

Web site

Notes

Windows Encrypting File System (EFS)

XP, Vista and 2003

Built into the Windows Operating System

http://support.microsoft.com/kb/223316/EN-US/

 File and folder encryption. See Required Steps for EFS.

Files emailed or saved to external media are  NOT encrypted.

BestCrypt

XP, 2000, Vista and 2003

Free trial, purchase

http://www.jetico.com/index.htm#/bcrypt7.htm

 virtual drive encryption

GNU Privacy Guard (open source version of PGP)

XP and 2000

Free

http://www.gnupg.org/

 File and folder encryption *

PGP commercial

XP, 2000, Vista and 2003

Purchase

http://www.pgp.com/products/desktop/index.html

 File, folder, whole disk or virtual disk encryption. Includes a feature to securely wipe or shred individual files. The gold standard of encryption, but more complex.
Pointsec   Purchase, under state contract http://www.checkpoint.com/products/datasecurity/index.html Full disk encryption

State Contract (for University-owned computers):
http://www.oet.state.mn.us/itproducts/software/security/pointsec/index.html
SafeGuard Easy XP, 2000 and 2003 Purchase http://americas.utimaco.com/safeguard_easy/ Full disk encryption
SecureZip XP, 2000, Vista and 2003 Purchase http://www.pkware.com/home_and_small_office/
products/windows/securezip/		 File and folder encryption.

TrueCrypt

XP,  2000, Vista and 2003

Free

http://www.truecrypt.org/

 Folder encryption, directory or virtual drive

* With the Windows Privacy Tray for GnuPG, this allows for easy encryption, decryption and file shredding options. See http://www.gpg4win.org/.

Macintosh

Below are some products used within the University by some departments. Be sure to download the software from a reputable site and periodically check the vendor web site for security patches or updates that must be applied.

Product

Macintosh Platforms

Options

Web site

Notes

Mac File Vault

Mac OS X or higher

Built into the Macintosh Operating System

http://www.apple.com/macosx/features/filevault/

 Folder encryption
Mac GNU Privacy Guard Mac OS X 10.1 or higher Free

http://macgpg.sourceforge.net/

 File and folder encryption

Pointsec

 

Purchase, under state contract

http://www.checkpoint.com/products/datasecurity/index.html

Full disk encryption

State Contract (for University-owned computers):
http://www.oet.state.mn.us/itproducts/software/security/pointsec/index.html
TrueCrypt Mac OS X Free http://www.truecrypt.org/  Folder encryption

Macintosh OS X has native 128-bit encryption, called File Vault. File Vault encrypts the contents for a user's home directory.

Note:

  • Company administrators can set up a computer-wide master password as a safeguard in the event someone forgets their login password.

Unix

Be sure to download the software from a reputable site and periodically check the vendor web site for security patches or updates that must be applied.

Product

Platforms

Options

Web site

Notes
GNU Privacy Guard (open source version of PGP) Unix, Linux Free

http://www.gnupg.org/

 File and folder encryption
Pointsec Linux Purchase, under state contract http://www.checkpoint.com/products/datasecurity/index.html Full disk encryption

State Contract (for University-owned computers):
http://www.oet.state.mn.us/itproducts/software/security/pointsec/index.html

SecureZip

Unix, Linux

Free trial, Purchase

http://www.pkware.com/home_and_small_office/
products/server/securezip/

 File and folder encryption
TrueCrypt Linux Free http://www.truecrypt.org/ Folder encryption

USB flash drives

USB flash drives are available with encryption to protect the contents. As with all software, periodically check the vendor web site for security patches or updates that must be applied.

Other third party encryption software is also available to encrypt data on USB flash drives. Be sure to download the software from a reputable site and periodically check the vendor web site for security patches or updates that must be applied.

Product

Options

Web site

Notes
PGP Commercial Purchase http://www.pgp.com/products/desktop/index.html  
Pointsec Purchase, under state contract http://www.checkpoint.com/products/datasecurity/index.html

State Contract (for University-owned computers):
http://www.oet.state.mn.us/itproducts/software/security/pointsec/index.html
SafeGuard Easy Purchase http://americas.utimaco.com/safeguard_easy/  

TrueCrypt

Free

http://www.truecrypt.org/

  

Note: The University of Minnesota has no business relationship and makes no endorsement of any product listed.