mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2024-07-01 17:11:32 +00:00
Convert Encryption to HTML admonitions (#2400)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
parent
cd4181a7fc
commit
8e3bd2589e
|
@ -13,7 +13,7 @@ The options listed here are multi-platform and great for creating encrypted back
|
|||
|
||||
### Cryptomator (Cloud)
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ align=right }
|
||||
|
||||
|
@ -25,7 +25,8 @@ The options listed here are multi-platform and great for creating encrypted back
|
|||
[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
|
||||
|
||||
??? downloads
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
|
||||
|
@ -35,6 +36,10 @@ The options listed here are multi-platform and great for creating encrypted back
|
|||
- [:simple-linux: Linux](https://cryptomator.org/downloads)
|
||||
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
|
||||
|
||||
Some Cryptomator cryptographic libraries have been [audited](https://community.cryptomator.org/t/has-there-been-a-security-review-audit-of-cryptomator/44) by Cure53. The scope of the audited libraries includes: [cryptolib](https://github.com/cryptomator/cryptolib), [cryptofs](https://github.com/cryptomator/cryptofs), [siv-mode](https://github.com/cryptomator/siv-mode) and [cryptomator-objc-cryptor](https://github.com/cryptomator/cryptomator-objc-cryptor). The audit did not extend to [cryptolib-swift](https://github.com/cryptomator/cryptolib-swift), which is a library used by Cryptomator for iOS.
|
||||
|
@ -43,7 +48,7 @@ Cryptomator's documentation details its intended [security target](https://docs.
|
|||
|
||||
### Picocrypt (File)
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ align=right }
|
||||
|
||||
|
@ -53,15 +58,20 @@ Cryptomator's documentation details its intended [security target](https://docs.
|
|||
[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
|
||||
|
||||
??? downloads
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
|
||||
- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
|
||||
- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
### VeraCrypt (Disk)
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right }
|
||||
![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right }
|
||||
|
@ -73,12 +83,17 @@ Cryptomator's documentation details its intended [security target](https://docs.
|
|||
[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
|
||||
|
||||
??? downloads
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
|
||||
- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
|
||||
- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
|
||||
|
||||
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
|
||||
|
@ -91,7 +106,7 @@ For encrypting the drive your operating system boots from, we generally recommen
|
|||
|
||||
### BitLocker
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right }
|
||||
|
||||
|
@ -99,49 +114,53 @@ For encrypting the drive your operating system boots from, we generally recommen
|
|||
|
||||
[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
|
||||
|
||||
??? example "Enabling BitLocker on Windows Home"
|
||||
<details class="example" markdown>
|
||||
<summary>Enabling BitLocker on Windows Home</summary>
|
||||
|
||||
To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
|
||||
|
||||
1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
|
||||
|
||||
```
|
||||
```powershell
|
||||
powershell Get-Disk
|
||||
```
|
||||
|
||||
2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
|
||||
|
||||
```
|
||||
```powershell
|
||||
powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
|
||||
```
|
||||
|
||||
3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
|
||||
|
||||
4. Login with your admin account and type this in the command prompt to start encryption:
|
||||
|
||||
```
|
||||
```powershell
|
||||
manage-bde -on c: -used
|
||||
```
|
||||
|
||||
5. Close the command prompt and continue booting to regular Windows.
|
||||
|
||||
6. Open an admin command prompt and run the following commands:
|
||||
|
||||
```
|
||||
```powershell
|
||||
manage-bde c: -protectors -add -rp -tpm
|
||||
manage-bde -protectors -enable c:
|
||||
manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
|
||||
```
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
|
||||
|
||||
</div>
|
||||
|
||||
</details>
|
||||
|
||||
### FileVault
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![FileVault logo](assets/img/encryption-software/filevault.png){ align=right }
|
||||
|
||||
|
@ -149,11 +168,15 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
|
|||
|
||||
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
|
||||
|
||||
### Linux Unified Key Setup
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![LUKS logo](assets/img/encryption-software/luks.png){ align=right }
|
||||
|
||||
|
@ -163,35 +186,47 @@ We recommend storing a local recovery key in a secure place as opposed to using
|
|||
[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
|
||||
|
||||
??? example "Creating and opening encrypted containers"
|
||||
</details>
|
||||
|
||||
```
|
||||
</div>
|
||||
|
||||
<details class="example" markdown>
|
||||
<summary>Creating and opening encrypted containers</summary>
|
||||
|
||||
```bash
|
||||
dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
|
||||
sudo cryptsetup luksFormat /path-to-file
|
||||
```
|
||||
|
||||
#### Opening encrypted containers
|
||||
|
||||
We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
|
||||
```
|
||||
|
||||
```bash
|
||||
udisksctl loop-setup -f /path-to-file
|
||||
udisksctl unlock -b /dev/loop0
|
||||
```
|
||||
|
||||
!!! note "Remember to back up volume headers"
|
||||
</details>
|
||||
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Remember to back up volume headers</p>
|
||||
|
||||
We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
|
||||
|
||||
```
|
||||
```bash
|
||||
cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
|
||||
```
|
||||
|
||||
</div>
|
||||
|
||||
## Command-line
|
||||
|
||||
Tools with command-line interfaces are useful for integrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script).
|
||||
|
||||
### Kryptor
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![Kryptor logo](assets/img/encryption-software/kryptor.png){ align=right }
|
||||
|
||||
|
@ -203,15 +238,20 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
|
|||
[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
|
||||
|
||||
??? downloads
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-windows11: Windows](https://www.kryptor.co.uk)
|
||||
- [:simple-apple: macOS](https://www.kryptor.co.uk)
|
||||
- [:simple-linux: Linux](https://www.kryptor.co.uk)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
### Tomb
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![Tomb logo](assets/img/encryption-software/tomb.png){ align=right }
|
||||
|
||||
|
@ -222,13 +262,18 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
|
|||
[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
## OpenPGP
|
||||
|
||||
OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is [complex](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options.
|
||||
|
||||
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
|
||||
|
||||
!!! tip "Use future defaults when generating a key"
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Use future defaults when generating a key</p>
|
||||
|
||||
When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
|
||||
|
||||
|
@ -236,9 +281,11 @@ When encrypting with PGP, you have the option to configure different options in
|
|||
gpg --quick-gen-key alice@example.com future-default
|
||||
```
|
||||
|
||||
</div>
|
||||
|
||||
### GNU Privacy Guard
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![GNU Privacy Guard logo](assets/img/encryption-software/gnupg.svg){ align=right }
|
||||
|
||||
|
@ -249,16 +296,21 @@ When encrypting with PGP, you have the option to configure different options in
|
|||
[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
|
||||
- [:simple-windows11: Windows](https://gpg4win.org/download.html)
|
||||
- [:simple-apple: macOS](https://gpgtools.org)
|
||||
- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
### GPG4win
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![GPG4win logo](assets/img/encryption-software/gpg4win.svg){ align=right }
|
||||
|
||||
|
@ -270,17 +322,25 @@ When encrypting with PGP, you have the option to configure different options in
|
|||
[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
|
||||
|
||||
??? downloads
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-windows11: Windows](https://gpg4win.org/download.html)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
### GPG Suite
|
||||
|
||||
!!! note
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
|
||||
|
||||
!!! recommendation
|
||||
</div>
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right }
|
||||
|
||||
|
@ -293,13 +353,18 @@ When encrypting with PGP, you have the option to configure different options in
|
|||
[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-apple: macOS](https://gpgtools.org)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
### OpenKeychain
|
||||
|
||||
!!! recommendation
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right }
|
||||
|
||||
|
@ -310,18 +375,26 @@ When encrypting with PGP, you have the option to configure different options in
|
|||
[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
## Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
!!! example "This section is new"
|
||||
<div class="admonition example" markdown>
|
||||
<p class="admonition-title">This section is new</p>
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
</div>
|
||||
|
||||
### Minimum Qualifications
|
||||
|
||||
- Cross-platform encryption apps must be open source.
|
||||
|
|
Loading…
Reference in New Issue
Block a user