From 8e3bd2589e85be36206eb309b08d1bd15993ce0d Mon Sep 17 00:00:00 2001 From: rollsicecream Date: Sun, 11 Feb 2024 04:29:54 +0000 Subject: [PATCH] Convert Encryption to HTML admonitions (#2400) Signed-off-by: Daniel Gray --- docs/encryption.md | 403 ++++++++++++++++++++++++++------------------- 1 file changed, 238 insertions(+), 165 deletions(-) diff --git a/docs/encryption.md b/docs/encryption.md index c39fdcd6..059228c8 100644 --- a/docs/encryption.md +++ b/docs/encryption.md @@ -13,27 +13,32 @@ The options listed here are multi-platform and great for creating encrypted back ### Cryptomator (Cloud) -!!! recommendation +
- ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ align=right } +![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ align=right } - **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider. +**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider. - [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" } - [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute } +[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation} +[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" } +[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute } - ??? downloads +
+Downloads - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator) - - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163) - - [:simple-android: Android](https://cryptomator.org/android) - - [:simple-windows11: Windows](https://cryptomator.org/downloads) - - [:simple-apple: macOS](https://cryptomator.org/downloads) - - [:simple-linux: Linux](https://cryptomator.org/downloads) - - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator) +- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator) +- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163) +- [:simple-android: Android](https://cryptomator.org/android) +- [:simple-windows11: Windows](https://cryptomator.org/downloads) +- [:simple-apple: macOS](https://cryptomator.org/downloads) +- [:simple-linux: Linux](https://cryptomator.org/downloads) +- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator) + +
+ +
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders. @@ -43,41 +48,51 @@ Cryptomator's documentation details its intended [security target](https://docs. ### Picocrypt (File) -!!! recommendation +
- ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ align=right } +![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ align=right } - **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features. +**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features. - [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary } - [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" } - [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute } +[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary } +[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" } +[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute } - ??? downloads +
+Downloads - - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases) - - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases) - - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases) +- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases) +- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases) +- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases) + +
+ +
### VeraCrypt (Disk) -!!! recommendation +
- ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right } - ![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right } +![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right } +![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right } - **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication. +**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication. - [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary } - [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation} - [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" } - [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute } +[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary } +[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation} +[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" } +[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute } - ??? downloads +
+Downloads - - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html) - - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html) - - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html) +- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html) +- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html) +- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html) + +
+ +
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed. @@ -91,99 +106,119 @@ For encrypting the drive your operating system boots from, we generally recommen ### BitLocker -!!! recommendation +
- ![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right } +![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right } - **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/). +**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/). - [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation} +[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation} + + + +
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites. -??? example "Enabling BitLocker on Windows Home" +
+Enabling BitLocker on Windows Home - To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide. +To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide. - 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style": +1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style": + ```powershell + powershell Get-Disk + ``` - ``` - powershell Get-Disk - ``` +2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`: + ```powershell + powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm + ``` - 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`: +3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**. +4. Login with your admin account and type this in the command prompt to start encryption: + ```powershell + manage-bde -on c: -used + ``` - ``` - powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm - ``` +5. Close the command prompt and continue booting to regular Windows. +6. Open an admin command prompt and run the following commands: + ```powershell + manage-bde c: -protectors -add -rp -tpm + manage-bde -protectors -enable c: + manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt + ``` - 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**. +
+

Tip

- 4. Login with your admin account and type this in the command prompt to start encryption: +Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data. - ``` - manage-bde -on c: -used - ``` +
- 5. Close the command prompt and continue booting to regular Windows. - - 6. Open an admin command prompt and run the following commands: - - ``` - manage-bde c: -protectors -add -rp -tpm - manage-bde -protectors -enable c: - manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt - ``` - - !!! tip - - Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data. +
### FileVault -!!! recommendation +
- ![FileVault logo](assets/img/encryption-software/filevault.png){ align=right } +![FileVault logo](assets/img/encryption-software/filevault.png){ align=right } - **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip. +**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip. - [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation} +[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation} + + + +
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery. ### Linux Unified Key Setup -!!! recommendation +
- ![LUKS logo](assets/img/encryption-software/luks.png){ align=right } +![LUKS logo](assets/img/encryption-software/luks.png){ align=right } - **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers. +**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers. - [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary } - [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation} - [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" } +[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary } +[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation} +[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" } -??? example "Creating and opening encrypted containers" + - ``` - dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress - sudo cryptsetup luksFormat /path-to-file - ``` +
- #### Opening encrypted containers - We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface. - ``` - udisksctl loop-setup -f /path-to-file - udisksctl unlock -b /dev/loop0 - ``` +
+Creating and opening encrypted containers -!!! note "Remember to back up volume headers" +```bash +dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress +sudo cryptsetup luksFormat /path-to-file +``` - We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with: +#### Opening encrypted containers - ``` - cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img - ``` +We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface. + +```bash +udisksctl loop-setup -f /path-to-file +udisksctl unlock -b /dev/loop0 +``` + +
+ +
+

Remember to back up volume headers

+ +We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with: + +```bash +cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img +``` + +
## Command-line @@ -191,36 +226,45 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht ### Kryptor -!!! recommendation +
- ![Kryptor logo](assets/img/encryption-software/kryptor.png){ align=right } +![Kryptor logo](assets/img/encryption-software/kryptor.png){ align=right } - **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG. +**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG. - [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute } +[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary } +[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation} +[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" } +[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute } - ??? downloads +
+Downloads - - [:simple-windows11: Windows](https://www.kryptor.co.uk) - - [:simple-apple: macOS](https://www.kryptor.co.uk) - - [:simple-linux: Linux](https://www.kryptor.co.uk) +- [:simple-windows11: Windows](https://www.kryptor.co.uk) +- [:simple-apple: macOS](https://www.kryptor.co.uk) +- [:simple-linux: Linux](https://www.kryptor.co.uk) + +
+ +
### Tomb -!!! recommendation +
- ![Tomb logo](assets/img/encryption-software/tomb.png){ align=right } +![Tomb logo](assets/img/encryption-software/tomb.png){ align=right } - **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work). +**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work). - [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute } +[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary } +[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation} +[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" } +[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute } + + + +
## OpenPGP @@ -228,99 +272,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf). -!!! tip "Use future defaults when generating a key" +
+

Use future defaults when generating a key

- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/): +When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/): - ```bash - gpg --quick-gen-key alice@example.com future-default - ``` +```bash +gpg --quick-gen-key alice@example.com future-default +``` + +
### GNU Privacy Guard -!!! recommendation +
- ![GNU Privacy Guard logo](assets/img/encryption-software/gnupg.svg){ align=right } +![GNU Privacy Guard logo](assets/img/encryption-software/gnupg.svg){ align=right } - **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government. +**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government. - [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation} - [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" } +[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation} +[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" } - ??? downloads +
+Downloads - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) - - [:simple-windows11: Windows](https://gpg4win.org/download.html) - - [:simple-apple: macOS](https://gpgtools.org) - - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary) +- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) +- [:simple-windows11: Windows](https://gpg4win.org/download.html) +- [:simple-apple: macOS](https://gpgtools.org) +- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary) + +
+ +
### GPG4win -!!! recommendation +
- ![GPG4win logo](assets/img/encryption-software/gpg4win.svg){ align=right } +![GPG4win logo](assets/img/encryption-software/gpg4win.svg){ align=right } - **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005. +**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005. - [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation} - [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" } - [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute } +[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation} +[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" } +[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute } - ??? downloads +
+Downloads - - [:simple-windows11: Windows](https://gpg4win.org/download.html) +- [:simple-windows11: Windows](https://gpg4win.org/download.html) + +
+ +
### GPG Suite -!!! note +
+

Note

- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices. +We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices. -!!! recommendation +
- ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right } +
- **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS. +![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right } - We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support. +**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS. - [:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" } +We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support. - ??? downloads +[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation} +[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" } - - [:simple-apple: macOS](https://gpgtools.org) +
+Downloads + +- [:simple-apple: macOS](https://gpgtools.org) + +
+ +
### OpenKeychain -!!! recommendation +
- ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right } +![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right } - **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). +**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). - [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" } +[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation} +[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" } - ??? downloads +
+Downloads - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) +- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) + +
+ +
## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. -!!! example "This section is new" +
+

This section is new

- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. +We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +
### Minimum Qualifications