File Encryption with Veracrypt or GPG
How to encrypt files with free and open source tools
Problem
- Sensitive information is being sent or stored online with no protection or encryption.
- Sensitive files need to be protected in case a computer or storage device is stolen or lost or there is a break-in in the client’s office.
- Backups are currently stored with no protection or encryption.
- Need to send sensitive data to a specific person encrypting the data with their public key and uploading it to a hosting service.
Solution
VeraCrypt
VeraCrypt is a multi-platform free and open source tool that helps encrypt files or entire storage devices. It can also be used to store sensitive files in a hidden volume, that cannot be found even if the standard encrypted volume is accessed.
It is the recommended tool for encrypting files or external storage devices.
If the client is a high-risk user, we should strongly recommend they verify the installer against its PGP signature (available in the downloads page next to each installer) before launching the installation, guiding them step by step with instructions on how to do it.
Encrypt Files with GPG
If the client already uses GPG and needs to encrypt single files for their personal usage or to share them with other people who use GPG, GPG-encryption can also be used.
Linux
Users who already have a PGP key can encrypt and decrypt files using GPG.
-
Command line:
-
To encrypt:
gpg -c filename
-
To decrypt:
gpg filename.gpg
-
-
GUI:
- Gnome - Seahorse and Nautilus:
- KDE - KGpg and Konqueror or Dolphin_
macOS
For Mac users, please refer to Article #76: Encrypt files on a Mac with GpgTools for encrypting files using GPG Tools.
Windows
If the client has already installed Gpg4win, they can use GpgEX and Kleopatra to encrypt and decrypt files.
Windows users who only need to share encrypted files with other Windows users, can use the in-built Encrypting File System (EFS) feature to encrypt their files.
Comments
More alternatives for file encryption:
- AesCrypt - AES Crypt is free and open source file encryption software available on several operating systems that uses the industry standard Advanced Encryption Standard (AES) to easily and securely encrypt files
- Safe - Safe is a free and open software application to encrypt files. It runs on Windows and macOS.
If the client needs to encrypt the hard drive of their computer, see Article #166: FAQ - Full-Disk Encryption (FDE).
If the client needs to encrypt an external storage device, see Article #214: Encrypt an External Storage Device with VeraCrypt.
For secure online storage, also see Article #282: Recommendations on Secure File Sharing and File Storage.