Dateiverschluesselung einsetzen/en: Unterschied zwischen den Versionen

ZIM HilfeWiki - das Wiki
(Die Seite wurde neu angelegt: „{{translated page |origin=Dateiverschlüsselung einsetzen |lang=en |translated title=Use file encryption }} This article explains the options available when us…“)
 
K (Deleted Link to non existent Sites for Veracrypt and Cryptomator)
 
(13 dazwischenliegende Versionen von 4 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
 
{{translated page
 
{{translated page
|origin=Dateiverschlüsselung einsetzen
+
|origin=Dateiverschluesselung einsetzen
 
|lang=en
 
|lang=en
|translated title=Use file encryption
+
|translated title=Using Data Encryption
 
}}
 
}}
This article explains the options available when using file encryption. It focuses on the storage of data at network locations and how to protect the data stored there from unauthorized access and manipulation.
+
This article explains which software options are available for data encryption and how they can be used in practice.
 +
== Background ==
 +
=== Why should I use file encryption? ===
 +
Data encryption is an important measure to protect the contents of your files from unauthorized reading or manipulation. It is mandatory for handling personal data on local terminals or shared storage areas (network or cloud storage). For further and more detailed information, refer to the article  [[Daten_sicher_aufbewahren/en|Keeping your Data Secure]] as well as the [https://www.uni-paderborn.de/fileadmin/informationssicherheit/20200702_Richtlinie_Sciebo_v1.pd sciebo policy (german)] and the [https://www.uni-paderborn.de/fileadmin/informationssicherheit/20200702_Schutzbedarf_Informationsklassen_v1.pdf overview about data classes and their required protection (german)].
 +
<br />
 +
=== What do I have to consider when encrypting data? ===
 +
* Encrypting data is an additional effort that costs resources (your time, system resources, possibly additional software, and financial resources). Consider in advance whether you work with confidential data only occasionally and need encryption only occasionally or work with confidential data often to very often.
 +
* To encrypt data, electronic keys are required, which are used to encrypt and decrypt data. These are usually passwords or certificates. Once encrypted, data can only be decrypted with the corresponding password or certificate. The loss of the key means the loss of the data, because without the key, the data can usually not be recovered. You must therefore store your keys very well.
 +
* If other people are to have legitimate access to your encrypted data, they need your key. Consider in advance whether you only want to encrypt your own data or whether you want to work in a group with encrypted data and corresponding keys. Of the software presented here, only the paid software Boxcryptor Enterprise supports a common key management for groups.
 +
=== Application areas of data encryption ===
 +
The following areas of application can be distinguished:
 +
* You want to encrypt single files or file folders once or occasionally to send them e.g. by email, store them in the cloud, protect the content from admins. The classic office programs Word, Excel, Acrobat offer the possibility to save encrypted files. For a collection of links to instructions on how to do this, see [[#External Help Pages | External Help Pages]]. This is suitable if you occasionally want to encrypt a file from this application area. Alternatively, you can use a special encryption program. This is recommended when you also want to encrypt files of a different type or even entire folders. The information security team recommends the open-source solution 7.zip for Windows. You can find instructions in the list below.
 +
* You want to encrypt several files or a folder occasionally and save this state for yourself or others: Again, there are several options to manually encrypt multiple files or a folder. The information security team recommends using Windows 7.zip to create an encrypted archive. Instructions can be found in the list below.
 +
* Encrypt an entire partition or hard disk: The advantage of encrypting an entire partition or hard disk is that the data stored there is automatically encrypted or decrypted each time it is accessed. This is particularly useful when using confidential data on mobile devices, in shared storage areas such as network storage and in cloud environments. For mobile devices, the operating systems Android, Windows and MacOS offer system programs. Current smartphones and tablets already store all data encrypted on the internal disks.
 +
<br />
 +
You can find a brief overview of various programs to help you select the encryption software that is best suited for you and your team under [[#Software | Software]].
  
== Why should I use file encryption? ==
+
== Use Encryption Software ==
When working with personal data, it can quickly happen that these data have a special need for protection. Since remote data storage devices do not provide protection of confidentiality (access by third parties) or integrity (manipulation of data), it is necessary to additionally secure data worthy of protection.
+
=== Preparations ===
 +
'''Sciebo'''<br />
 +
In order to use encryption in Sciebo comfortably, you should in any case install the synchronisation client of Sciebo (Download (sciebo.de). This allows you to work with Sciebo as if it were on your own hard drive and ensures that your data is always kept up to date.
 +
For instructions on how to apply for and install or use the software, see [[Sciebo]] and the official Sciebo help pages: https://www.sciebo.de/anleitung/desktop.html <br />
  
Which data is particularly worthy of protection is usually only known in the event of damage, so a special duty of care applies when storing data with external services.
+
'''Network storage'''<br />
The official Sciebo user regulations of the University of Paderborn {{warning|link to the user regulations is missing}} provide an assessment of which data must be encrypted or may not be stored in Sciebo at all. You can use this user policy as a guide for file exchange over the network until a basic user policy for other services, such as network storage, is in place.
+
In order to work with the network storage and encrypted files, you should first mount the network storage.  
 +
You can find instructions here in the help wiki: [[Netzlaufwerk einbinden | Mount network storage (german)]] <br />
  
== Use encryption programs ==
+
'''OneDrive''' <br />
An encryption program simplifies your work with encrypted files.
+
To be able to work with encrypted files in OneDrive, you should obtain OneDrive in advance from the university (e.g. via Office 365: https://hilfe.uni-paderborn.de/Office_365_Education_registrieren) and install the client. <br />
Usually, this involves generating file(s) that are stored encrypted and protected against manipulation by a cryptographic hash procedure.
+
When using Office 365, please observe the relevant data protection information: https://hilfe.uni-paderborn.de/Datenschutzhinweise_zu_MSOPB<br />
After entering the correct password, these files are decrypted, checked and then made available as an additional drive in the operating system.
 
  
It is important to choose the right program, as the programs often want to achieve different protection goals. These are often not immediately apparent to the user. There are programs that only encrypt but do not protect against manipulation and also programs that only protect against manipulation but do not offer confidentiality.
+
=== Software ===
 +
Below are the instructions for the Windows and MacOS system programs for hard disk encryption, and a selection of programs that can be used to encrypt files on the network.
 +
<br /> <br />
 +
'''Windows'''<br />
 +
In Windows 10, Microsoft offers device encryption and standard BitLocker encryption. The encryption is suitable for local hard disks. You can find more details here:
 +
* [[BitLocker_Verschluesselung_unter_Windows_mit_TPM]]
 +
* [[BitLocker_Verschluesselung_unter_Windows_ohne_TPM]]
  
== Arrangements ==
+
<br />
 +
'''macOS''' <br />
 +
Apple offers for MacOS with FileVault a possibility to protect the local hard disk. For instructions on how to use it, refer to [[FileVault unter macOS]].
 +
<br />
  
=== Sciebo ===
+
'''iOS and iPadOS''' <br>
To use encryption conveniently, you should always install the Sciebo synchronization client. This allows you to work comfortably with Sciebo and ensures that your data is always kept up to date.
+
On iPhones and iPads, the '''"Extended data protection for iCloud"''' can be activated. This protects parts of the data stored by Apple in the iCloud with end-to-end encryption.
 +
* https://support.apple.com/de-de/102651
  
Installation instructions can be found on the official Sciebo help pages: https://www.sciebo.de/anleitung/desktop.html
+
'''7.zip'''<br />
 +
7.zip is an open-source software program that creates an encrypted archive from files and directories. This archive can be shared, sent by email or simply kept at your place for backup. For instructions on using it, refer to [[Dateiverschluesselung mit 7-ZIP unter Windows 10]].
 +
<br /> <br />
 +
'''Cryptomator'''<br />
 +
Cryptomator is an open-source tool for the encryption of file folders - so-called safes. All data in these safes are automatically encrypted or decrypted by Cryptomator when accessed. The tool is therefore particularly suitable for the encryption of your data on mobile devices, in network storage and in the cloud. Cryptomator exists for all common operating systems, requires no account creation and is, with the exception of the smartphone apps, free of charge.<br />
 +
<br />
  
=== Network storage ===
+
'''VeraCrypt''' <br />
To be able to work comfortably with the network storage, you should first mount the network storage.
+
VeraCrypt is an open-source software, which can be used to implement various types of encryption, especially of removable and hard disks.
 
+
VeraCrypt can also be used to encrypt container files and thus with cloud storage services.<br />
You can find instructions here in the help wiki: [[Netzlaufwerk einbinden]]
+
The use of VeraCrypt is aimed at experienced users, as it offers many setting options that are not relevant for the standard user. VeraCrypt exists for Windows, MacOS and Linux.<br />
 
+
<br /><br />
== Programs ==
 
Below is a selection of programs that can be used to encrypt files in a network.
 
 
 
=== Cryptomator ===
 
Cryptomator is an open source tool that can be downloaded for free.
 
There are versions for all common platforms and smartphones.
 
 
 
You can find the latest version of Cryptomator in the download area of https://cryptomator.org/
 
 
 
==== Installation and Setup (Windows) ====
 
 
 
===== Sciebo specific configuration =====
 
This first step is optional. It is only meant to help you find your personal Sciebo folder easily. If you have no problems with this, you can skip it.
 
 
 
[[Datei:Screenshot scibo Tray.png|links|mini|350px]]
 
<br>
 
* Right click on the Sciebo symbol at the bottom right
 
* If the Sciebo symbol is not displayed, it may be hidden behind the up arrow
 
<br clear=all>
 
[[Datei:Screenshot scibo einstellungen.png|links|mini|350px]]
 
<br>
 
* click on "Folder >>sciebo<< open"
 
<br clear=all>
 
[[Datei:Screenshot scibo schnellzugriff anheften.png|links|mini|350px]]
 
<br>
 
* Now you will see your personal sciebo folder
 
* Right click on the lettering "DeepL Access" on the left-hand side
 
* Now pin the folder in the context menu
 
<br clear=all>
 
 
 
===== General configuration =====
 
* [https://cryptomator.org/de/downloads/#macDownload Download] the Cryptomator program
 
* Install Cryptomator. Here you can use the default settings.
 
* Some antivirus programs block the installation of Cryptomator with a warning message. As long as you have downloaded the installation file from the above link, you can ignore this.
 
<br clear=all>
 
[[Datei:Screenshot Cryptomator Tresor erstellen.png|links|mini|350px]]
 
<br>
 
* After installation Cryptomator must be set up
 
* To encrypt files with Cryptomator, we need an encrypted drive These are called vaults by Cryptomator.
 
* On the left side you can see the already existing vaults. The list is empty, so we start by creating a new vault.
 
* With a click on the + symbol you open the options
 
* Click on "Create safe"
 
<br clear=all>
 
 
 
[[Datei:Screenshot Cryptomator Ordner auswaehlen.png|links|mini|350px]]
 
<br>
 
* As storage location we select the "sciebo" folder or any other folder for example on the network storage. If you followed the sciebo instructions, you will find it directly in the DeepL access
 
* As file name we assign an unambiguous term, here as example "safe"
 
* With a click on "Save" we continue
 
<br clear=all>
 
 
 
[[Datei:Screenshot Cryptomator passwort vergeben.png|links|mini|350px]]
 
<br>
 
* Now we assign a password for our encrypted drive
 
* The password should have at least 10 characters and consist of uppercase letters, lowercase letters, numbers and special characters
 
* Cryptomator informs you directly about how secure your chosen password is
 
* Repeat the password and complete the step with "Create safe
 
<br clear=all>
 
 
 
[[Datei:Screenshot Cryptomator Tresor entsperren.png|links|mini|350px]]
 
<br>
 
* We have now created a vault and already encrypted it with Cryptomator
 
* To use it, we must first unlock it
 
* Enter the password for the safe and then click on "Unlock safe".
 
<br clear=all>
 
 
 
[[Datei:Screenshot Cryptomator Tresor oeffnen.png|links|mini|350px]]
 
<br>
 
* To use our vault, we call up Windows Explorer
 
* Click on "This PC" on the left side
 
* Under the network addresses you will now find a new network drive, which can be opened with a double click
 
* All files moved here are now automatically encrypted
 
<br clear=all>
 
 
 
=== Veracrypt ===
 
With Veracrypt different types of encryption can be implemented.
 
However, the focus of this article is on creating a secure container file that can be synchronized with Sciebo.
 
The use of Veracrypt is rather aimed at experienced users, as it offers many setting options that are not relevant for the standard user.
 
 
 
You can find the latest version of Veracrypt in the download area of https://www.veracrypt.fr/
 
 
 
==== Installation and Setup (Windows) ====
 
For instructions on how to create an encrypted container with Veracrypt, visit the VeraCrypt web pages:
 
[https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html Veracrypt Beginner's Tutorial]
 
 
 
=== Encryption capabilities of Office programs ===
 
==== Single documents ====
 
For the distribution it is also possible to protect the files themselves. For this purpose, the individual programs often offer the possibility to secure the files with a password. For this purpose we ask you to use the help pages of the respective program used, as we cannot list and compare all programs here. We also cannot give any guarantee about the quality and type of encryption. Please consider this list only as an indication.
 
 
 
Common programs that can encrypt individual documents:
 
* Adobe Reader, FoxIt PDF
 
* Microsoft Office (Word, PowerPoint, Excel, ...)
 
* LibreOffice, OpenOffice
 
 
 
==== Multiple documents ====
 
If you want to share several files encrypted at once, common compression programs (7-Zip, WinRAR, ...) can set passwords on file archives. But please keep in mind that a recipient will unpack the files and thus store unencrypted files locally on his system. This kind of file sharing is also not recommended for collaborative work, because the documents have to be protected again and again, which consumes a lot of time and data that other solutions do more elegantly.
 
 
 
== Important ==
 
Never send unencrypted e-mails with passwords! Please send the passwords in another way or use encrypted communication.
 
  
 +
=== Important ===
 +
Never send passwords in clear text by e-mail if you want to give other people access to encrypted data. Send passwords by other means or use encrypted communication.
 +
<br />
 
For Sciebo, it is also important to ensure that at no time are the unencrypted files stored in the synchronization folder, as these can be synchronized immediately and theoretically restored even after deletion.
 
For Sciebo, it is also important to ensure that at no time are the unencrypted files stored in the synchronization folder, as these can be synchronized immediately and theoretically restored even after deletion.
Please check if the encryption works correctly by downloading and opening the encrypted files e.g. via the Sciebo website.
+
Please check (using an unproblematic test file) whether the encryption works correctly by downloading and opening the encrypted files e.g. via the Sciebo website. If the correct file content is displayed without decryption, there is a configuration error.<br />
If the correct file content is displayed, there is a configuration error.
+
<br />
 
+
=== External Help Pages ===
Furthermore, you must be aware that if you lose your password, the files are irretrievably deleted.
+
The following pages contain general assistance for the individual software.<br />
There is no service provider who can restore these files.
 
 
 
== External help pages ==
 
The following pages contain general assistance for the individual programs.
 
 
These pages are not checked for up-to-dateness and should only be a first point of contact for further problems.
 
These pages are not checked for up-to-dateness and should only be a first point of contact for further problems.
 +
<br />
 +
* [https://www.uni-due.de/zim/services/sciebo/verschluesselung.php Information on Sciebo encryption at the University of Duisburg Essen (german)]<br />
 +
* [https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html Veracrypt Beginner's Tutorial]<br />
 +
* [https://helpx.adobe.com/en/acrobat/using/securing-pdfs-passwords.html Protecting a PDF with Acrobat with a password]<br />
 +
* [https://support.microsoft.com/en-gb/office/password-protect-a-document-in-word-for-mac-5dc20870-62ea-43b1-ab0b-39426a57cff1 Password protection of a Microsoft Office document on Mac]<br />
 +
* [https://support.microsoft.com/en-us/office/protect-an-excel-file-7359d4ae-7213-4ac2-b058-f75e9311b599 Password Protecting an Excel File on Windows].
  
https://www.uni-due.de/zim/services/sciebo/verschluesselung.php
+
== See also ==
 
+
'''Working safely with your own operating system'''
[https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html Veracrypt Beginner's Tutorial]
+
* [[Datensicherung | Data backup (german)]]
 +
'''File Encryption'''
 +
* [[Dateiverschluesselung_einsetzen/en|Using Data Encryption]]
 +
* [[Daten_sicher_teilen/en|Sharing Data Securely]]
 +
* [[Daten_sicher_aufbewahren/en|Keeping your Data Secure]]
 +
'''Password security'''
 +
* [[Schuetzen_Sie_Ihr_Passwort/en|Protect your password]]
 +
* [[Uni-Account: Passwort vergessen/en|Uni account: Forgot your password?]]
 +
* [[Passwoerter_verwalten_mit_KeePass/en|Managing Passwords with KeePass]]
 +
'''Phishing'''
 +
* [[Hinweise_zu_Phishing-E-Mails/en|Notes on phishing e-mails]]
 +
'''Mail Security'''
 +
* [[Signierte_E-Mails/en|Signed E-mails]]
 +
* [[E-Mail-Zertifikate | E-mail Certificates (S-MIME) (german)]]
 +
'''Viruses/Trojans'''
 +
* [[Antivirensoftware | Antivirus software installations (german)]]
 +
* [[Virenschutz_unter_Windows/en|Antivirus protection for Windows]]
 +
* [[Virenschutz_unter_macOS/en|Antivirus protection for macOS]]

Aktuelle Version vom 13. November 2024, 10:01 Uhr

Die deutsche Version finden Sie auf der Seite Dateiverschlüsselung einsetzen

This article explains which software options are available for data encryption and how they can be used in practice.

Background[Bearbeiten | Quelltext bearbeiten]

Why should I use file encryption?[Bearbeiten | Quelltext bearbeiten]

Data encryption is an important measure to protect the contents of your files from unauthorized reading or manipulation. It is mandatory for handling personal data on local terminals or shared storage areas (network or cloud storage). For further and more detailed information, refer to the article Keeping your Data Secure as well as the sciebo policy (german) and the overview about data classes and their required protection (german).

What do I have to consider when encrypting data?[Bearbeiten | Quelltext bearbeiten]

  • Encrypting data is an additional effort that costs resources (your time, system resources, possibly additional software, and financial resources). Consider in advance whether you work with confidential data only occasionally and need encryption only occasionally or work with confidential data often to very often.
  • To encrypt data, electronic keys are required, which are used to encrypt and decrypt data. These are usually passwords or certificates. Once encrypted, data can only be decrypted with the corresponding password or certificate. The loss of the key means the loss of the data, because without the key, the data can usually not be recovered. You must therefore store your keys very well.
  • If other people are to have legitimate access to your encrypted data, they need your key. Consider in advance whether you only want to encrypt your own data or whether you want to work in a group with encrypted data and corresponding keys. Of the software presented here, only the paid software Boxcryptor Enterprise supports a common key management for groups.

Application areas of data encryption[Bearbeiten | Quelltext bearbeiten]

The following areas of application can be distinguished:

  • You want to encrypt single files or file folders once or occasionally to send them e.g. by email, store them in the cloud, protect the content from admins. The classic office programs Word, Excel, Acrobat offer the possibility to save encrypted files. For a collection of links to instructions on how to do this, see External Help Pages. This is suitable if you occasionally want to encrypt a file from this application area. Alternatively, you can use a special encryption program. This is recommended when you also want to encrypt files of a different type or even entire folders. The information security team recommends the open-source solution 7.zip for Windows. You can find instructions in the list below.
  • You want to encrypt several files or a folder occasionally and save this state for yourself or others: Again, there are several options to manually encrypt multiple files or a folder. The information security team recommends using Windows 7.zip to create an encrypted archive. Instructions can be found in the list below.
  • Encrypt an entire partition or hard disk: The advantage of encrypting an entire partition or hard disk is that the data stored there is automatically encrypted or decrypted each time it is accessed. This is particularly useful when using confidential data on mobile devices, in shared storage areas such as network storage and in cloud environments. For mobile devices, the operating systems Android, Windows and MacOS offer system programs. Current smartphones and tablets already store all data encrypted on the internal disks.


You can find a brief overview of various programs to help you select the encryption software that is best suited for you and your team under Software.

Use Encryption Software[Bearbeiten | Quelltext bearbeiten]

Preparations[Bearbeiten | Quelltext bearbeiten]

Sciebo
In order to use encryption in Sciebo comfortably, you should in any case install the synchronisation client of Sciebo (Download (sciebo.de). This allows you to work with Sciebo as if it were on your own hard drive and ensures that your data is always kept up to date. For instructions on how to apply for and install or use the software, see Sciebo and the official Sciebo help pages: https://www.sciebo.de/anleitung/desktop.html

Network storage
In order to work with the network storage and encrypted files, you should first mount the network storage. You can find instructions here in the help wiki: Mount network storage (german)

OneDrive
To be able to work with encrypted files in OneDrive, you should obtain OneDrive in advance from the university (e.g. via Office 365: https://hilfe.uni-paderborn.de/Office_365_Education_registrieren) and install the client.
When using Office 365, please observe the relevant data protection information: https://hilfe.uni-paderborn.de/Datenschutzhinweise_zu_MSOPB

Software[Bearbeiten | Quelltext bearbeiten]

Below are the instructions for the Windows and MacOS system programs for hard disk encryption, and a selection of programs that can be used to encrypt files on the network.

Windows
In Windows 10, Microsoft offers device encryption and standard BitLocker encryption. The encryption is suitable for local hard disks. You can find more details here:


macOS
Apple offers for MacOS with FileVault a possibility to protect the local hard disk. For instructions on how to use it, refer to FileVault unter macOS.

iOS and iPadOS
On iPhones and iPads, the "Extended data protection for iCloud" can be activated. This protects parts of the data stored by Apple in the iCloud with end-to-end encryption.

7.zip
7.zip is an open-source software program that creates an encrypted archive from files and directories. This archive can be shared, sent by email or simply kept at your place for backup. For instructions on using it, refer to Dateiverschlüsselung mit 7-ZIP unter Windows.

Cryptomator
Cryptomator is an open-source tool for the encryption of file folders - so-called safes. All data in these safes are automatically encrypted or decrypted by Cryptomator when accessed. The tool is therefore particularly suitable for the encryption of your data on mobile devices, in network storage and in the cloud. Cryptomator exists for all common operating systems, requires no account creation and is, with the exception of the smartphone apps, free of charge.

VeraCrypt
VeraCrypt is an open-source software, which can be used to implement various types of encryption, especially of removable and hard disks. VeraCrypt can also be used to encrypt container files and thus with cloud storage services.
The use of VeraCrypt is aimed at experienced users, as it offers many setting options that are not relevant for the standard user. VeraCrypt exists for Windows, MacOS and Linux.


Important[Bearbeiten | Quelltext bearbeiten]

Never send passwords in clear text by e-mail if you want to give other people access to encrypted data. Send passwords by other means or use encrypted communication.
For Sciebo, it is also important to ensure that at no time are the unencrypted files stored in the synchronization folder, as these can be synchronized immediately and theoretically restored even after deletion. Please check (using an unproblematic test file) whether the encryption works correctly by downloading and opening the encrypted files e.g. via the Sciebo website. If the correct file content is displayed without decryption, there is a configuration error.

External Help Pages[Bearbeiten | Quelltext bearbeiten]

The following pages contain general assistance for the individual software.
These pages are not checked for up-to-dateness and should only be a first point of contact for further problems.

See also[Bearbeiten | Quelltext bearbeiten]

Working safely with your own operating system

File Encryption

Password security

Phishing

Mail Security

Viruses/Trojans


Bei Fragen oder Problemen wenden Sie sich bitte telefonisch oder per E-Mail an uns:

Tel. IT: +49 (5251) 60-5544 Tel. Medien: +49 (5251) 60-2821 E-Mail: zim@uni-paderborn.de

Das Notebook-Café ist die Benutzerberatung des ZIM - Sie finden uns in Raum I0.401

Wir sind zu folgenden Zeiten erreichbar:


Mo-Do Fr
Vor-Ort-Support 08:30 - 16:00 08:30 - 14:00
Telefonsupport 08:30 - 16:00 08:30 - 14:00


Das ZIM:Servicecenter Medien auf H1 hat aktuell zu folgenden Zeiten geöffnet:

Mo-Do Fr
08:00 - 16:00 08:00 - 14:30
Cookies helfen uns bei der Bereitstellung des ZIM HilfeWikis. Bei der Nutzung vom ZIM HilfeWiki werden die in der Datenschutzerklärung beschriebenen Cookies gespeichert.