Using Data Encryption
This article explains which software options are available for data encryption and how they can be used in practice.
Why should I use file encryption?
Data encryption is an important measure to protect the contents of your files from unauthorized reading or manipulation. It is mandatory for handling personal data on local terminals or shared storage areas (network or cloud storage). For further and more detailed information, refer to the article Keeping your Data Secure as well as the sciebo policy (german) and the overview about data classes and their required protection (german).
What do I have to consider when encrypting data?
- Encrypting data is an additional effort that costs resources (your time, system resources, possibly additional software, and financial resources). Consider in advance whether you work with confidential data only occasionally and need encryption only occasionally or work with confidential data often to very often.
- To encrypt data, electronic keys are required, which are used to encrypt and decrypt data. These are usually passwords or certificates. Once encrypted, data can only be decrypted with the corresponding password or certificate. The loss of the key means the loss of the data, because without the key, the data can usually not be recovered. You must therefore store your keys very well.
- If other people are to have legitimate access to your encrypted data, they need your key. Consider in advance whether you only want to encrypt your own data or whether you want to work in a group with encrypted data and corresponding keys. Of the software presented here, only the paid software Boxcryptor Enterprise supports a common key management for groups.
Application areas of data encryption
The following areas of application can be distinguished:
- You want to encrypt single files or file folders once or occasionally to send them e.g. by email, store them in the cloud, protect the content from admins. The classic office programs Word, Excel, Acrobat offer the possibility to save encrypted files. For a collection of links to instructions on how to do this, see External Help Pages. This is suitable if you occasionally want to encrypt a file from this application area. Alternatively, you can use a special encryption program. This is recommended when you also want to encrypt files of a different type or even entire folders. The information security team recommends the open-source solution 7.zip for Windows. You can find instructions in the list below.
- You want to encrypt several files or a folder occasionally and save this state for yourself or others: Again, there are several options to manually encrypt multiple files or a folder. The information security team recommends using Windows 7.zip to create an encrypted archive. Instructions can be found in the list below.
- Encrypt an entire partition or hard disk: The advantage of encrypting an entire partition or hard disk is that the data stored there is automatically encrypted or decrypted each time it is accessed. This is particularly useful when using confidential data on mobile devices, in shared storage areas such as network storage and in cloud environments. For mobile devices, the operating systems Android, Windows and MacOS offer system programs. Current smartphones and tablets already store all data encrypted on the internal disks.
You can find a brief overview of various programs to help you select the encryption software that is best suited for you and your team under Software.
Use Encryption Software
In order to use encryption in Sciebo comfortably, you should in any case install the synchronisation client of Sciebo (Download (sciebo.de). This allows you to work with Sciebo as if it were on your own hard drive and ensures that your data is always kept up to date. For instructions on how to apply for and install or use the software, see Sciebo and the official Sciebo help pages: https://www.sciebo.de/anleitung/desktop.html
In order to work with the network storage and encrypted files, you should first mount the network storage. You can find instructions here in the help wiki: Mount network storage (german)
To be able to work with encrypted files in OneDrive, you should obtain OneDrive in advance from the university (e.g. via Office 365: https://hilfe.uni-paderborn.de/Office_365_Education_registrieren) and install the client.
When using Office 365, please observe the relevant data protection information: https://hilfe.uni-paderborn.de/Datenschutzhinweise_zu_MSOPB
Below are the instructions for the Windows and MacOS system programs for hard disk encryption, and a selection of programs that can be used to encrypt files on the network.
In Windows 10, Microsoft offers device encryption and standard BitLocker encryption. The encryption is suitable for local hard disks. Microsoft's own instructions for this can be found at: Device encryption in Windows 10 (microsoft.com)
Apple offers for MacOS with FileVault a possibility to protect the local hard disk. For instructions on how to use it, refer to FileVault under MacOS Mojave (german).
7.zip is an open-source software program that creates an encrypted archive from files and directories. This archive can be shared, sent by email or simply kept at your place for backup. For instructions on using it, refer to Data Encryption with 7.zip.
Cryptomator is an open-source tool for the encryption of file folders - so-called safes. All data in these safes are automatically encrypted or decrypted by Cryptomator when accessed. The tool is therefore particularly suitable for the encryption of your data on mobile devices, in network storage and in the cloud. Cryptomator exists for all common operating systems, requires no account creation and is, with the exception of the smartphone apps, free of charge.
For an installation guide for Cryptomator, refer to Cryptomator.
VeraCrypt is an open-source software, which can be used to implement various types of encryption, especially of removable and hard disks. VeraCrypt can also be used to encrypt container files and thus with cloud storage services.
The use of VeraCrypt is aimed at experienced users, as it offers many setting options that are not relevant for the standard user. VeraCrypt exists for Windows, MacOS and Linux.
For installation instructions for VeraCrypt, refer to VeraCrypt.
Boxcryptor is a commercial software for file encryption, which is especially used with cloud storage and is developed by a German company. There is a free version for individual use.
The User Box Cryptor is used via a downloadable client. This client exists for Windows and MacOS, in a reduced version for Linux and as an app for iOS and Android.
For installation instructions for Boxcryptor, refer to Boxcryptor.
Never send passwords in clear text by e-mail if you want to give other people access to encrypted data. Send passwords by other means or use encrypted communication.
For Sciebo, it is also important to ensure that at no time are the unencrypted files stored in the synchronization folder, as these can be synchronized immediately and theoretically restored even after deletion. Please check (using an unproblematic test file) whether the encryption works correctly by downloading and opening the encrypted files e.g. via the Sciebo website. If the correct file content is displayed without decryption, there is a configuration error.
External Help Pages
The following pages contain general assistance for the individual software.
These pages are not checked for up-to-dateness and should only be a first point of contact for further problems.
Information on Sciebo encryption at the University of Duisburg Essen (german)
Veracrypt Beginner's Tutorial
Protecting a PDF with Acrobat with a password
Password protection of a Microsoft Office document on Mac
Password Protecting an Excel File on Windows.
Working safely with your own operating system