diff --git a/i18n/ar/encryption.md b/i18n/ar/encryption.md
index e09ff924..d774167a 100644
--- a/i18n/ar/encryption.md
+++ b/i18n/ar/encryption.md
@@ -14,27 +14,32 @@ The options listed here are multi-platform and great for creating encrypted back
### Cryptomator (Cloud)
-!!! recommendation
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** es una solución de cifrado diseñada para guardar archivos de forma privada en cualquier proveedor en la nube. Le permite crear bóvedas que se almacenan en una unidad virtual, cuyo contenido está cifrado y sincronizado con su proveedor de almacenamiento en la nube.
-
- [:octicons-home-16: Página Principal](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Política de privacidad" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentación}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Código Fuente" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribuir }
-
- ??? downloads "Descargas"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** es una solución de cifrado diseñada para guardar archivos de forma privada en cualquier proveedor en la nube. Le permite crear bóvedas que se almacenan en una unidad virtual, cuyo contenido está cifrado y sincronizado con su proveedor de almacenamiento en la nube.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator utiliza el cifrado AES-256 para cifrar tanto los archivos como los nombres de los archivos. Cryptomator no puede cifrar metadatos como las marcas de la fecha de acceso, modificación y creación, ni el número y tamaño de los archivos y carpetas.
@@ -44,41 +49,51 @@ La documentación de Cryptomator detalla su intención con respecto a su [objeti
### Picocrypt (Archivo)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** es una herramienta de cifrado pequeña y simple que proporciona un cifrado moderno. Picocrypt utiliza el cifrado seguro XChaCha20 y la función de derivación de clave Argon2id para proporcionar un alto nivel de seguridad. Utiliza los módulos x/crypto estándar de Go para sus funciones de cifrado.
-
- [:octicons-repo-16: Repositorio](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Código Fuente" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribuir }
-
- ??? downloads "Descargas"
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** es una herramienta de cifrado pequeña y simple que proporciona un cifrado moderno. Picocrypt utiliza el cifrado seguro XChaCha20 y la función de derivación de clave Argon2id para proporcionar un alto nivel de seguridad. Utiliza los módulos x/crypto estándar de Go para sus funciones de cifrado.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disco)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** es una utilidad de software gratuito con el código fuente disponible que se utiliza para el cifrado sobre la marcha. Puede crear un disco cifrado virtual dentro de un archivo, cifrar una partición o cifrar todo el dispositivo de almacenamiento con autenticación previa al arranque.
-
- [:octicons-home-16: Página Principal](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentación}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Código Fuente" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribuir }
-
- ??? downloads "Descargas"
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** es una utilidad de software gratuito con el código fuente disponible que se utiliza para el cifrado sobre la marcha. Puede crear un disco cifrado virtual dentro de un archivo, cifrar una partición o cifrar todo el dispositivo de almacenamiento con autenticación previa al arranque.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt es una bifurcación del proyecto TrueCrypt ya descontinuado. Según sus desarrolladores, se implementaron mejoras de seguridad y se abordaron los problemas planteados por la auditoría inicial del código de TrueCrypt.
@@ -92,100 +107,119 @@ Para cifrar la unidad desde la que inicia el sistema operativo, por lo general r
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** es la solución de cifrado de volumen completo incluida con Microsoft Windows. La principal razón por la que recomendamos utilizarlo para encriptar la unidad de arranque, es por su [uso de TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, una compañía forense, ha publicado sobre esta característica en [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentación}
+{ align=right }
+
+**BitLocker** es la solución de cifrado de volumen completo incluida con Microsoft Windows. La principal razón por la que recomendamos utilizarlo para encriptar la unidad de arranque, es por su [uso de TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, una compañía forense, ha publicado sobre esta característica en [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentación}
+
+
+
+
BitLocker es [únicamente compatible](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) en las versiones Pro, Enterprise y Education de Windows. Se puede habilitar en las ediciones Home siempre que cumplan con los requisitos previos.
-??? example "Habilitación de BitLocker en Windows Home"
+
+Enabling BitLocker on Windows Home
- Para habilitar BitLocker en las ediciones "Home" de Windows, debe tener particiones formateadas con una [tabla de partición GUID](https://es.wikipedia.org/wiki/Tabla_de_particiones_GUID) y tener un módulo TPM (v1.2, 2.0+) dedicado. Puede que necesite [desactivar la característica del "Cifrado de dispositivo" que no es de Bitlocker](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (que es inferior porque envía tu clave de recuperación a los servidores de Microsoft) si ya está activado en su dispositivo antes de seguir esta guía.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Abra un símbolo del sistema y verifique el formato de la tabla de particiones de su unidad con el siguiente comando. Debería ver "**GPT**" listado bajo "Partition Style":
+1. Abra un símbolo del sistema y verifique el formato de la tabla de particiones de su unidad con el siguiente comando. Debería ver "**GPT**" listado bajo "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Ejecute este comando (en un símbolo del sistema ejecutado como administrador) para verificar su versión de TPM. Debería ver `2.0` o `1.2` junto a `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Ejecute este comando (en un símbolo del sistema ejecutado como administrador) para verificar su versión de TPM. Debería ver `2.0` o `1.2` junto a `SpecVersion`:
+3. Acceda a [Opciones avanzadas de inicio](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). Debe reiniciar mientras pulsa la tecla F8 antes de que se inicie Windows y entrar en el símbolo del sistema ** en **Solucionar problemas** → **Opciones avanzadas** → **Símbolo del sistema**.
+4. Inicie sesión con su cuenta de administrador y escriba esto en el símbolo del sistema para iniciar el cifrado:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Cierre el símbolo del sistema y continúe con el arranque normal de Windows.
+6. Abra un símbolo del sistema como administrador y ejecute los siguientes comandos:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Acceda a [Opciones avanzadas de inicio](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). Debe reiniciar mientras pulsa la tecla F8 antes de que se inicie Windows y entrar en el símbolo del sistema ** en **Solucionar problemas** → **Opciones avanzadas** → **Símbolo del sistema**.
+
+
Consejo
- 4. Inicie sesión con su cuenta de administrador y escriba esto en el símbolo del sistema para iniciar el cifrado:
+ Haga una copia de seguridad de `BitLocker-Recovery-Key.txt` en su escritorio para un dispositivo de almacenamiento independiente. La pérdida de este código de recuperación puede resultar en la pérdida de datos.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** es la solución de cifrado de volúmenes sobre la marcha integrada en macOS. FileVault se recomienda porque [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) las capacidades de seguridad de hardware presentes en un SoC Apple Silicon o un Chip de Seguridad T2.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentación}
+{ align=right }
+
+**FileVault** es la solución de cifrado de volúmenes sobre la marcha integrada en macOS. FileVault se recomienda porque [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) las capacidades de seguridad de hardware presentes en un SoC Apple Silicon o un Chip de Seguridad T2.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentación}
+
+
+
+
Recomendamos almacenar una clave de recuperación local en un lugar seguro en lugar de utilizar su cuenta de iCloud para la recuperación.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** es el método FDE por defecto para Linux. Puede utilizarse para cifrar volúmenes completos, particiones o crear contenedores cifrados.
-
- [:octicons-home-16: Página Principal](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentación}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Código Fuente" }
+{ align=right }
-??? example "Creación y apertura de contenedores cifrados"
+**LUKS** es el método FDE por defecto para Linux. Puede utilizarse para cifrar volúmenes completos, particiones o crear contenedores cifrados.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Página Principal](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentación}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Código Fuente" }
+
- #### Apertura de contenedores cifrados
- Recomendamos abrir contenedores y volúmenes con `udisksctl` ya que utiliza [Polkit](https://en.wikipedia.org/wiki/Polkit). La mayoría de los gestores de archivos, como los incluidos en los entornos de escritorio más populares, pueden desbloquear archivos cifrados. Herramientas como [udiskie](https://github.com/coldfix/udiskie) pueden ejecutarse en la bandeja del sistema y proporcionar una interfaz de usuario útil.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! nota "Recuerde hacer una copia de seguridad de las cabeceras de volumen"
+
+Creating and opening encrypted containers
- Le recomendamos que siempre haga [copias de seguridad de las cabeceras LUKS](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) en caso de fallo parcial de la unidad. Esto se puede hacer con:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). La mayoría de los gestores de archivos, como los incluidos en los entornos de escritorio más populares, pueden desbloquear archivos cifrados. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+Le recomendamos que siempre haga [copias de seguridad de las cabeceras LUKS](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) en caso de fallo parcial de la unidad. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** es una herramienta de cifrado y firma de archivos gratuita y de código abierto que hace uso de algoritmos criptográficos modernos y seguros. Pretende ser una versión mejorada de [age](https://github.com/FiloSottile/age) y [Minisign](https://jedisct1.github.io/minisign/) para ofrecer una alternativa sencilla y más fácil a GPG.
-
- [:octicons-home-16: Página Principal](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Política de Privacidad" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentación}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Código Fuente" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribuir }
-
- ??? downloads "Descargas"
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** es una herramienta de cifrado y firma de archivos gratuita y de código abierto que hace uso de algoritmos criptográficos modernos y seguros. Pretende ser una versión mejorada de [age](https://github.com/FiloSottile/age) y [Minisign](https://jedisct1.github.io/minisign/) para ofrecer una alternativa sencilla y más fácil a GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** es un empaquetador de shell de línea de comandos para LUKS. Admite esteganografía a través de [herramientas de terceros](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Página Principal](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentación}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Código Fuente" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribuir }
+{ align=right }
+
+**Tomb** es un empaquetador de shell de línea de comandos para LUKS. Admite esteganografía a través de [herramientas de terceros](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Página Principal](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentación}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Código Fuente" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribuir }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP es a veces necesario para tareas específicas como la firma digital y el
Al cifrar con PGP, tiene la opción de configurar diferentes opciones en su archivo `gpg.conf`. Recomendamos utilizar las opciones estándar especificadas en las preguntas frecuentes de los usuarios de [GnuPG](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Utilice future defaults al generar una clave"
+
+
Use future defaults when generating a key
- Al [generar claves](https://www.gnupg.org/gph/en/manual/c14.html) sugerimos usar el comando `future-default` ya que esto instruirá a GnuPG a usar criptografía moderna como [Curve25519](https://es.wikipedia.org/wiki/Curve25519#Popularidad) y [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GNUPG** es una alternativa con licencia GPL a la suite de software criptográfico PGP. GnuPG cumple con [RFC 4880](https://tools.ietf.org/html/rfc4880), que es la especificación actual del IETF de OpenPGP. El proyecto GnuPG ha estado trabajando en un [borrador actualizado](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) en un intento de modernizar OpenPGP. GnuPG forma parte del proyecto de software GNU de la Fundación para el Software Libre y ha recibido un importante [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) del gobierno alemán.
-
- [:octicons-home-16: Página Principal](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Política de Privacidad" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentación}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Código Fuente" }
-
- ??? downloads "Descargas"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GNUPG** es una alternativa con licencia GPL a la suite de software criptográfico PGP. GnuPG cumple con [RFC 4880](https://tools.ietf.org/html/rfc4880), que es la especificación actual del IETF de OpenPGP. El proyecto GnuPG ha estado trabajando en un [borrador actualizado](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) en un intento de modernizar OpenPGP. GnuPG forma parte del proyecto de software GNU de la Fundación para el Software Libre y ha recibido un importante [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) del gobierno alemán.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** es un paquete para Windows de [Intevation y g10 Code](https://gpg4win.org/impressum.html). Incluye [varias herramientas](https://gpg4win.org/about.html) que pueden ayudarle a utilizar GPG en Microsoft Windows. El proyecto fue iniciado y originalmente [financiado por](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) la Oficina Federal de Seguridad de la Información (BSI) de Alemania en 2005.
-
- [:octicons-home-16: Página Principal](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Política de Privacidad" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentación}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Código Fuente" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribuir }
-
- ??? downloads "Descargas"
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** es un paquete para Windows de [Intevation y g10 Code](https://gpg4win.org/impressum.html). Incluye [varias herramientas](https://gpg4win.org/about.html) que pueden ayudarle a utilizar GPG en Microsoft Windows. El proyecto fue iniciado y originalmente [financiado por](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) la Oficina Federal de Seguridad de la Información (BSI) de Alemania en 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! nota
+
+
Nota
- Sugerimos [Canary Mail](email-clients.md#canary-mail) para utilizar PGP con el correo electrónico en dispositivos iOS.
+Sugerimos [Canary Mail](email-clients.md#canary-mail) para utilizar PGP con el correo electrónico en dispositivos iOS.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** proporciona soporte OpenPGP para [Apple Mail](email-clients.md#apple-mail) y macOS.
+
+Recomendamos echar un vistazo a sus [Primeros pasos](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) y [Base de conocimientos](https://gpgtools.tenderapp.com/kb) para obtener ayuda.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** es una implementación de GnuPG para Android. Es comúnmente requerido por clientes de correo como [K-9 Mail](email-clients.md#k-9-mail) y [FairEmail](email-clients.md#fairemail) y otras aplicaciones Android para proporcionar soporte de cifrado. Cure53 completó una [auditoría de seguridad](https://www.openkeychain.org/openkeychain-3-6) de OpenKeychain 3.6 en octubre de 2015. Los detalles técnicos sobre la auditoría y las soluciones de OpenKeychain pueden consultarse [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Página Principal](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Política de Privacidad" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentación}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Código Fuente" }
-
- ??? downloads "Descargas"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** es una implementación de GnuPG para Android. Es comúnmente requerido por clientes de correo como [K-9 Mail](email-clients.md#k-9-mail) y [FairEmail](email-clients.md#fairemail) y otras aplicaciones Android para proporcionar soporte de cifrado. Cure53 completó una [auditoría de seguridad](https://www.openkeychain.org/openkeychain-3-6) de OpenKeychain 3.6 en octubre de 2015. Los detalles técnicos sobre la auditoría y las soluciones de OpenKeychain pueden consultarse [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criterios
**Por favor, tenga en cuenta que no estamos afiliados con ninguno de los proyectos que recomendamos.** Además de [nuestros criterios estándar](about/criteria.md), hemos desarrollado un conjunto claro de requisitos que nos permiten ofrecer recomendaciones objetivas. Sugerimos que usted se familiarice con esta lista, antes de decidir utilizar un proyecto y realizar su propia investigación para asegurarse de que es la elección ideal para usted.
-!!! example "Esta sección es nueva"
+
+
Esta sección es nueva
- Estamos trabajando en establecer criterios definidos para cada sección de nuestra página, y esto puede estar sujeto a cambios. Si tiene alguna duda sobre nuestros criterios, por favor [pregunte en nuestro foro](https://discuss.privacyguides.net/latest) y no asuma que no hemos tenido en cuenta algo a la hora de hacer nuestras recomendaciones si no aparece aquí. Son muchos los factores que se tienen en cuenta y se debaten cuando recomendamos un proyecto, y documentar cada uno de ellos es un trabajo en curso.
+Estamos trabajando en establecer criterios definidos para cada sección de nuestra página, y esto puede estar sujeto a cambios. Si tiene alguna duda sobre nuestros criterios, por favor [pregunte en nuestro foro](https://discuss.privacyguides.net/latest) y no asuma que no hemos tenido en cuenta algo a la hora de hacer nuestras recomendaciones si no aparece aquí. Son muchos los factores que se tienen en cuenta y se debaten cuando recomendamos un proyecto, y documentar cada uno de ellos es un trabajo en curso.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** est une solution de chiffrement conçue pour enregistrer vos fichiers de manière privée vers n'importe quel fournisseur de cloud. Il vous permet de créer des coffres-forts qui sont stockés sur un disque virtuel, dont le contenu est chiffré et synchronisé avec votre fournisseur de stockage cloud.
-
- [:octicons-home-16: Page d'accueil](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Politique de Confidentialité" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Code Source" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribuer }
-
- ??? downloads "Téléchargements"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** est une solution de chiffrement conçue pour enregistrer vos fichiers de manière privée vers n'importe quel fournisseur de cloud. Il vous permet de créer des coffres-forts qui sont stockés sur un disque virtuel, dont le contenu est chiffré et synchronisé avec votre fournisseur de stockage cloud.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator utilise le chiffrement AES-256 pour chiffrer les fichiers et les noms de fichiers. Cryptomator ne peut pas chiffrer certaines métadonnées telles que les dates et heures d'accès, de modification et de création, ni le nombre et la taille des fichiers et des dossiers.
@@ -44,41 +49,51 @@ La documentation de Cryptomator détaille sa [cible de sécurité](https://docs.
### Picocrypt (Fichier)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** est un outil de chiffrement léger et simple qui fournit un chiffrement moderne. Picocrypt utilise le chiffrement sécurisé XChaCha20 et la fonction de dérivation de clé Argon2id pour assurer un haut niveau de sécurité. Il utilise les modules x/crypto standards de Go pour ses fonctions de chiffrement.
-
- [:octicons-repo-16: Dépôt](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Code source" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribuer }
-
- ??? downloads "Téléchargements"
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** est un outil de chiffrement léger et simple qui fournit un chiffrement moderne. Picocrypt utilise le chiffrement sécurisé XChaCha20 et la fonction de dérivation de clé Argon2id pour assurer un haut niveau de sécurité. Il utilise les modules x/crypto standards de Go pour ses fonctions de chiffrement.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disque)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** est un utilitaire gratuit et open source pour le chiffrement de fichiers/dossiers à la volée. Il peut créer un disque virtuel chiffré dans un fichier, chiffrer une partition ou l'ensemble du périphérique de stockage avec une authentification avant le démarrage.
-
- [:octicons-home-16: Page d'accueil](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Code source" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribuer }
-
- ??? downloads "Téléchargements"
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** est un utilitaire gratuit et open source pour le chiffrement de fichiers/dossiers à la volée. Il peut créer un disque virtuel chiffré dans un fichier, chiffrer une partition ou l'ensemble du périphérique de stockage avec une authentification avant le démarrage.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt est un dérivé du projet TrueCrypt, qui a été abandonné. Selon ses développeurs, des améliorations de la sécurité ont été apportées et les problèmes soulevés par l'audit initial du code de TrueCrypt ont été résolus.
@@ -92,100 +107,119 @@ Pour chiffrer le disque à partir duquel votre système d'exploitation démarre,
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** est la solution de chiffrement intégral de volume fournie avec Microsoft Windows. La principale raison pour laquelle nous le recommandons pour le chiffrement de votre disque de démarrage est son [utilisation du TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, une société d'expertise judiciaire, a écrit sur cette fonctionnalité dans [Comprendre la protection TPM de BitLocker](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/fr-fr/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** est la solution de chiffrement intégral de volume fournie avec Microsoft Windows. La principale raison pour laquelle nous le recommandons pour le chiffrement de votre disque de démarrage est son [utilisation du TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, une société d'expertise judiciaire, a écrit sur cette fonctionnalité dans [Comprendre la protection TPM de BitLocker](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/fr-fr/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker est [uniquement pris en charge](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) sur les éditions Pro, Entreprise et Éducation de Windows. Il peut être activé sur les éditions Famille à condition qu'elles remplissent les pré-requis.
-??? example "Activer BitLocker sur Windows Famille"
+
+Enabling BitLocker on Windows Home
- Pour activer BitLocker sur les éditions "Famille" de Windows, vous devez formater vos partitions avec une [Table de Partitionnement GUID](https://fr.wikipedia.org/wiki/GUID_Partition_Table) et disposer d'un module TPM dédié (v1.2, 2.0+). Il se peut que vous deviez [désactiver la fonctionnalité "Chiffrement de l'appareil" non-Bitlocker](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (qui est inférieure car elle envoie votre clé de récupération aux serveurs de Microsoft) si elle est déjà activée sur votre appareil avant de suivre ce guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Ouvrez une invite de commande et vérifiez le format de la table de partition de votre disque à l'aide de la commande suivante. Vous devriez voir "**GPT**" listé sous "Style de partition" :
+1. Ouvrez une invite de commande et vérifiez le format de la table de partition de votre disque à l'aide de la commande suivante. Vous devriez voir "**GPT**" listé sous "Style de partition" :
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Exécutez cette commande (dans une invite de commande administrateur) pour vérifier la version de votre TPM. Vous devriez voir `2.0` ou `1.2` listé à côté de `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Exécutez cette commande (dans une invite de commande administrateur) pour vérifier la version de votre TPM. Vous devriez voir `2.0` ou `1.2` listé à côté de `SpecVersion`:
+3. Accédez à [Options de démarrage avancées](https://support.microsoft.com/fr-fr/windows/options-de-d%C3%A9marrage-avanc%C3%A9es-y-compris-le-mode-sans-%C3%A9chec-b90e7808-80b5-a291-d4b8-1a1af602b617). Vous devez redémarrer en appuyant sur la touche F8 avant que Windows ne démarre et aller dans l'*invite de commande* dans **Dépannage** → **Options avancées** → **Invite de commande**.
+4. Connectez-vous avec votre compte administrateur et tapez ceci dans l'invite de commande pour lancer le chiffrement:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Fermez l'invite de commande et continuez le démarrage vers Windows normalement.
+6. Ouvrez une invite de commande administrateur et exécutez les commandes suivantes:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Accédez à [Options de démarrage avancées](https://support.microsoft.com/fr-fr/windows/options-de-d%C3%A9marrage-avanc%C3%A9es-y-compris-le-mode-sans-%C3%A9chec-b90e7808-80b5-a291-d4b8-1a1af602b617). Vous devez redémarrer en appuyant sur la touche F8 avant que Windows ne démarre et aller dans l'*invite de commande* dans **Dépannage** → **Options avancées** → **Invite de commande**.
+
+
Tip
- 4. Connectez-vous avec votre compte administrateur et tapez ceci dans l'invite de commande pour lancer le chiffrement:
+ Sauvegardez le fichier `BitLocker-Recovery-Key.txt` de votre ordinateur de bureau sur un périphérique de stockage distinct. La perte de ce code de récupération peut entraîner la perte de données.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** est la solution de chiffrement de volume à la volée intégrée à macOS. FileVault est recommandé parce qu'il [tire profit](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) de capacités de sécurité matérielle présentes sur un SoC de silicium Apple ou une Puce de Sécurité T2.
-
- [:octicons-info-16:](https://support.apple.com/fr-fr/guide/mac-help/mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** est la solution de chiffrement de volume à la volée intégrée à macOS. FileVault est recommandé parce qu'il [tire profit](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) de capacités de sécurité matérielle présentes sur un SoC de silicium Apple ou une Puce de Sécurité T2.
+
+[:octicons-info-16:](https://support.apple.com/fr-fr/guide/mac-help/mh11785/mac){ .card-link title=Documentation}
+
+
+
+
Nous recommandons de stocker une clé de récupération locale dans un endroit sûr plutôt que d'utiliser votre compte iCloud pour la récupération.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** est la méthode de chiffrement de disque par défaut pour Linux. Elle peut être utilisée pour chiffrer des volumes complets, des partitions ou créer des conteneurs chiffrés.
-
- [:octicons-home-16: Page d'accueil](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Code source" }
+{ align=right }
-??? example "Créer et ouvrir des conteneurs chiffrés"
+**LUKS** est la méthode de chiffrement de disque par défaut pour Linux. Elle peut être utilisée pour chiffrer des volumes complets, des partitions ou créer des conteneurs chiffrés.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Page d'accueil](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Code source" }
+
- #### Ouvrir des conteneurs chiffrés
- Nous recommandons d'ouvrir les conteneurs et les volumes avec `udisksctl` car cela utilise [Polkit](https://fr.wikipedia.org/wiki/Polkit). La plupart des gestionnaires de fichiers, tels que ceux inclus dans les environnements de bureau les plus courants, peuvent déverrouiller les fichiers chiffrés. Des outils comme [udiskie](https://github.com/coldfix/udiskie) peuvent s'exécuter dans la barre d'état système et fournir une interface utilisateur utile.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "N'oubliez pas de sauvegarder les en-têtes de volume"
+
+Creating and opening encrypted containers
- Nous vous recommandons de toujours [sauvegarder vos en-têtes LUKS](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) en cas de panne partielle du lecteur. Cela peut être fait avec :
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). La plupart des gestionnaires de fichiers, tels que ceux inclus dans les environnements de bureau les plus courants, peuvent déverrouiller les fichiers chiffrés. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+Nous vous recommandons de toujours [sauvegarder vos en-têtes LUKS](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) en cas de panne partielle du lecteur. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** est un outil gratuit et open source de chiffrement et de signature de fichiers qui utilise des algorithmes cryptographiques modernes et sécurisés. Il vise à être une meilleure version d'[age](https://github.com/FiloSottile/age) et [Minisign](https://jedisct1.github.io/minisign/) pour fournir une alternative simple et facile à GPG.
-
- [:octicons-home-16: Page d'accueil](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Politique de confidentialité" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Code source" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribuer }
-
- ??? downloads "Téléchargements"
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** est un outil gratuit et open source de chiffrement et de signature de fichiers qui utilise des algorithmes cryptographiques modernes et sécurisés. Il vise à être une meilleure version d'[age](https://github.com/FiloSottile/age) et [Minisign](https://jedisct1.github.io/minisign/) pour fournir une alternative simple et facile à GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** est un outil pour LUKS en ligne de commande shell. Il prend en charge la stéganographie via des [outils tiers](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Page d'accueil](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Code source" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribuer }
+{ align=right }
+
+**Tomb** est un outil pour LUKS en ligne de commande shell. Il prend en charge la stéganographie via des [outils tiers](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Page d'accueil](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Code source" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribuer }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP est parfois nécessaire pour des tâches spécifiques telles que la sign
Lorsque vous chiffrez avec PGP, vous avez la possibilité de configurer différentes options dans votre fichier `gpg.conf` . Nous recommandons de suivre les options standard spécifiées dans la [FAQ de l'utilisateur de GnuPG](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Utiliser future-defaults lors de la génération d'une clé"
+
+
Use future defaults when generating a key
- Lorsque vous [générez des clés](https://www.gnupg.org/gph/en/manual/c14.html), nous vous suggérons d'utiliser la commande `future-default` car elle demandera à GnuPG d'utiliser de la cryptographie moderne telle que [Curve25519](https://fr.wikipedia.org/wiki/Curve25519) et [Ed25519](https://ed25519.cr.yp.to/) :
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@exemple.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** est une alternative sous licence GPL de la suite de logiciels cryptographiques PGP. GnuPG est conforme [RFC 4880](https://tools.ietf.org/html/rfc4880), qui est la spécification actuelle de l'IETF pour OpenPGP. Le projet GnuPG a travaillé sur une [nouvelle ébauche](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) dans le but de moderniser OpenPGP. GnuPG fait partie du projet logiciel GNU de la Free Software Foundation et a reçu un [financement](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) majeur du gouvernement allemand.
-
- [:octicons-home-16: Page d'accueil](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Politique de confidentialité" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Code source" }
-
- ??? downloads "Téléchargements"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** est une alternative sous licence GPL de la suite de logiciels cryptographiques PGP. GnuPG est conforme [RFC 4880](https://tools.ietf.org/html/rfc4880), qui est la spécification actuelle de l'IETF pour OpenPGP. Le projet GnuPG a travaillé sur une [nouvelle ébauche](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) dans le but de moderniser OpenPGP. GnuPG fait partie du projet logiciel GNU de la Free Software Foundation et a reçu un [financement](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) majeur du gouvernement allemand.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** est un paquet pour Windows de [Intevation et g10 Code](https://gpg4win.org/impressum.html). Il comprend [divers outils](https://gpg4win.org/about.html) qui peuvent vous aider à utiliser GPG sous Microsoft Windows. Le projet a été lancé et initialement [financé par](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) l'Office Fédéral allemand pour la Sécurité de l'Information (BSI) en 2005.
-
- [:octicons-home-16: Page d'accueil](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Politique de confidentialité" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Code source" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribuer }
-
- ??? downloads "Téléchargements"
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** est un paquet pour Windows de [Intevation et g10 Code](https://gpg4win.org/impressum.html). Il comprend [divers outils](https://gpg4win.org/about.html) qui peuvent vous aider à utiliser GPG sous Microsoft Windows. Le projet a été lancé et initialement [financé par](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) l'Office Fédéral allemand pour la Sécurité de l'Information (BSI) en 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note "À noter"
+
+
Note
- Nous suggérons [Canary Mail](email-clients.md#canary-mail) pour utiliser PGP avec les e-mails sur les appareils iOS.
+Nous suggérons [Canary Mail](email-clients.md#canary-mail) pour utiliser PGP avec les e-mails sur les appareils iOS.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** fournit un support OpenPGP pour [Courrier Apple](email-clients.md#apple-mail) et macOS.
+
+Nous vous recommandons de consulter leurs [Premiers pas](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) et leur [Base de connaissances](https://gpgtools.tenderapp.com/kb) pour obtenir de l'aide.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** est une implémentation Android de GnuPG. Elle est généralement requise par les clients de messagerie comme [K-9 Mail](email-clients.md#k-9-mail) et [FairEmail](email-clients.md#fairemail) et d'autres applications Android pour fournir la prise en charge du chiffrement. Cure53 a réalisé un [audit de sécurité](https://www.openkeychain.org/openkeychain-3-6) d'OpenKeychain 3.6 en octobre 2015. Les détails techniques concernant l'audit et les solutions d'OpenKeychain peuvent être trouvés [ici](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Page d'accueil](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Politique de confidentialité" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Code source" }
-
- ??? downloads "Téléchargements"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** est une implémentation Android de GnuPG. Elle est généralement requise par les clients de messagerie comme [K-9 Mail](email-clients.md#k-9-mail) et [FairEmail](email-clients.md#fairemail) et d'autres applications Android pour fournir la prise en charge du chiffrement. Cure53 a réalisé un [audit de sécurité](https://www.openkeychain.org/openkeychain-3-6) d'OpenKeychain 3.6 en octobre 2015. Les détails techniques concernant l'audit et les solutions d'OpenKeychain peuvent être trouvés [ici](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Critères
**Veuillez noter que nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour nous permettre de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous.
-!!! example "Cette section est récente"
+
+
Cette section est nouvelle
- Nous travaillons à l'établissement de critères définis pour chaque section de notre site, et celles-ci peuvent être sujet à changement. Si vous avez des questions sur nos critères, veuillez [poser la question sur notre forum](https://discuss.privacyguides.net/latest) et ne supposez pas que nous n'avons pas pris en compte un élément dans nos recommandations s'il ne figure pas dans la liste. De nombreux facteurs sont pris en compte et discutés lorsque nous recommandons un projet, et la documentation de chacun d'entre eux est en cours.
+Nous travaillons à l'établissement de critères définis pour chaque section de notre site, et celles-ci peuvent être sujet à changement. Si vous avez des questions sur nos critères, veuillez [poser la question sur notre forum](https://discuss.privacyguides.net/latest) et ne supposez pas que nous n'avons pas pris en compte un élément dans nos recommandations s'il ne figure pas dans la liste. De nombreux facteurs sont pris en compte et discutés lorsque nous recommandons un projet, et la documentation de chacun d'entre eux est en cours.
+
+
- { align=right }
-
- **Cryptomator** הוא פתרון הצפנה המיועד לשמירה פרטית של קבצים לכל ספק ענן. הוא מאפשר לך ליצור כספות המאוחסנות בכונן וירטואלי, שתוכנן מוצפן ומסונכרן עם ספק אחסון הענן שלך.
-
- [:octicons-home-16: דף הבית](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="מדיניות פרטיות" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=תיעוד}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="קוד מקור" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=לתרומה }
-
- ??? downloads "הורדות"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** הוא פתרון הצפנה המיועד לשמירה פרטית של קבצים לכל ספק ענן. הוא מאפשר לך ליצור כספות המאוחסנות בכונן וירטואלי, שתוכנן מוצפן ומסונכרן עם ספק אחסון הענן שלך.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator משתמש בהצפנת AES-256 כדי להצפין קבצים ושמות קבצים. Cryptomator אינו יכול להצפין מטא-נתונים כגון חותמות זמן של גישה, שינוי ויצירה, וגם לא את המספר והגודל של קבצים ותיקיות.
@@ -44,41 +49,51 @@ Cryptomator משתמש בהצפנת AES-256 כדי להצפין קבצים וש
### Picocrypt (קובץ)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** הוא כלי הצפנה קטן ופשוט המספק הצפנה מודרנית. Picocrypt משתמש בצופן המאובטח XChaCha20 ובפונקציית גזירת מפתח Argon2id כדי לספק רמת אבטחה גבוהה. הוא משתמש במודולי x/crypto הסטנדרטיים של Go עבור תכונות ההצפנה שלו.
-
- [:octicons-repo-16: מאגר](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="קוד מקור" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=לתרומה }
-
- ??? downloads "הורדות"
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** הוא כלי הצפנה קטן ופשוט המספק הצפנה מודרנית. Picocrypt משתמש בצופן המאובטח XChaCha20 ובפונקציית גזירת מפתח Argon2id כדי לספק רמת אבטחה גבוהה. הוא משתמש במודולי x/crypto הסטנדרטיים של Go עבור תכונות ההצפנה שלו.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (דיסק)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** הוא כלי תוכנה חופשית קוד פתוח המשמש להצפנה תוך כדי תנועה. זה יכול ליצור דיסק מוצפן וירטואלי בתוך קובץ, להצפין מחיצה או להצפין את כל התקן האחסון עם אימות לפני אתחול.
-
- [:octicons-home-16: דף הבית](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=תיעוד}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="קוד מקור" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=לתרומה }
-
- ??? downloads "הורדות"
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** הוא כלי תוכנה חופשית קוד פתוח המשמש להצפנה תוך כדי תנועה. זה יכול ליצור דיסק מוצפן וירטואלי בתוך קובץ, להצפין מחיצה או להצפין את כל התקן האחסון עם אימות לפני אתחול.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt הוא מזלג של פרויקט TrueCrypt שהופסק. על פי המפתחים שלה, שיפורים באבטחה יושמו וטופלו בעיות שעלו בביקורת הקוד הראשונית של TrueCrypt.
@@ -92,100 +107,119 @@ Truecrypt [נבדק מספר פעמים](https://en.wikipedia.org/wiki/TrueCrypt
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** הוא פתרון ההצפנה המלא המצורף ל-Microsoft Windows. הסיבה העיקרית שאנו ממליצים עליה להצפנת כונן האתחול שלך היא בגלל [השימוש ב-TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, חברה לזיהוי פלילי, כתבה על תכונה זו ב-[הבנת BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=תיעוד}
+{ align=right }
+
+**BitLocker** הוא פתרון ההצפנה המלא המצורף ל-Microsoft Windows. הסיבה העיקרית שאנו ממליצים עליה להצפנת כונן האתחול שלך היא בגלל [השימוש ב-TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, חברה לזיהוי פלילי, כתבה על תכונה זו ב-[הבנת BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=תיעוד}
+
+
+
+
BitLocker [ נתמך רק](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) במהדורות Pro, Enterprise ו- Education של Windows. ניתן להפעיל אותו במהדורות ביתיות בתנאי שהן עומדות בדרישות המוקדמות.
-??? example "הפעלת BitLocker ב-Windows Home""
+
+Enabling BitLocker on Windows Home
- כדי להפעיל את BitLocker במהדורות "בית" של Windows, חייבות להיות לך מחיצות מעוצבות עם [טבלת מחיצות GUID](https://en.wikipedia.org/wiki/GUID_Partition_Table) ובעלות TPM ייעודי (v1.2, 2.0+) מודול. ייתכן שיהיה עליך [להשבית את הפונקציונליות של "הצפנת מכשיר" שאינה של Bitlocker](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) ( שהוא נחות מכיוון שהוא שולח את מפתח השחזור שלך לשרתים של מיקרוסופט) אם הוא מופעל במכשיר שלך כבר לפני ביצוע המדריך הזה.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. פתח שורת פקודה ובדוק את תבנית טבלת המחיצות של הכונן באמצעות הפקודה הבאה. אתה אמור לראות את "**GPT**" ברשימה תחת "סגנון מחיצה":
+1. פתח שורת פקודה ובדוק את תבנית טבלת המחיצות של הכונן באמצעות הפקודה הבאה. אתה אמור לראות את "**GPT**" ברשימה תחת "סגנון מחיצה":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. הפעל פקודה זו (בשורת פקודה של אדמין) כדי לבדוק את גרסת ה-TPM שלך. אתה אמור לראות את `2.0` או `1.2` לצד `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. הפעל פקודה זו (בשורת פקודה של אדמין) כדי לבדוק את גרסת ה-TPM שלך. אתה אמור לראות את `2.0` או `1.2` לצד `SpecVersion`:
+3. גישה ל[אפשרויות הפעלה מתקדמות](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). עליך לאתחל מחדש תוך כדי לחיצה על מקש F8 לפני הפעלת Windows ולהיכנס ל *שורת הפקודה* ב **פתרון בעיות** → **אפשרויות מתקדמות** → **שורת הפקודהPrompt**.
+4. התחבר עם חשבון הניהול שלך והקלד זאת בשורת הפקודה כדי להתחיל בהצפנה:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. סגור את שורת הפקודה והמשך אתחול ל-Windows רגיל.
+6. פתח שורת פקודה של מנהל מערכת והפעל את הפקודות הבאות:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. גישה ל[אפשרויות הפעלה מתקדמות](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). עליך לאתחל מחדש תוך כדי לחיצה על מקש F8 לפני הפעלת Windows ולהיכנס ל *שורת הפקודה* ב **פתרון בעיות** → **אפשרויות מתקדמות** → **שורת הפקודהPrompt**.
+
+
Tip
- 4. התחבר עם חשבון הניהול שלך והקלד זאת בשורת הפקודה כדי להתחיל בהצפנה:
+ גיבוי 'BitLocker-Recovery-Key.txt' בשולחן העבודה שלך להתקן אחסון נפרד. אובדן קוד שחזור זה עלול לגרום לאובדן נתונים.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** הוא פתרון הצפנת נפח תוך כדי תנועה המובנה ב-macOS. FileVault מומלץ כי זה [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) יכולות אבטחת חומרה הקיימות בשבב אפל סיליקון SoC או T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=תיעוד}
+{ align=right }
+
+**FileVault** הוא פתרון הצפנת נפח תוך כדי תנועה המובנה ב-macOS. FileVault מומלץ כי זה [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) יכולות אבטחת חומרה הקיימות בשבב אפל סיליקון SoC או T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=תיעוד}
+
+
+
+
אנו ממליצים לאחסן מפתח שחזור מקומי במקום מאובטח, בניגוד לשימוש בחשבון iCloud שלך לשחזור.
### הגדרת מפתח מאוחדת של לינוקס
-!!! recommendation
+
- { align=right }
-
- **LUKS** היא שיטת ברירת המחדל של FDE עבור לינוקס. ניתן להשתמש בו כדי להצפין אמצעי אחסון מלאים, מחיצות או ליצור מיכלים מוצפנים.
-
- [:octicons-home-16: דף הבית](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=תיעוד}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="קוד מקור" }
+{ align=right }
-??? example "יצירה ופתיחה של גורמים מכילים מוצפנים"
+**LUKS** היא שיטת ברירת המחדל של FDE עבור לינוקס. ניתן להשתמש בו כדי להצפין אמצעי אחסון מלאים, מחיצות או ליצור מיכלים מוצפנים.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: דף הבית](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=תיעוד}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="קוד מקור" }
+
- #### פתיחת קונטיינרים מוצפנים
- אנו ממליצים לפתוח מיכלים ואמצעי אחסון עם `udisksctl` כפי שהוא משתמש ב [Polkit](https://en.wikipedia.org/wiki/Polkit). רוב מנהלי הקבצים, כמו אלה הכלולים בסביבות שולחן עבודה פופולריות, יכולים לפתוח קבצים מוצפנים. כלים כמו [udiskie](https://github.com/coldfix/udiskie) יכול לפעול במגש המערכת ולספק ממשק משתמש מועיל.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "זכור לגבות את כותרות עוצמת הקול"
+
+Creating and opening encrypted containers
- אנו ממליצים לך תמיד [לגבות את כותרות ה-LUKS שלך](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) במקרה של כשל חלקי בכונן. ניתן לעשות זאת עם:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/קובץ.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). רוב מנהלי הקבצים, כמו אלה הכלולים בסביבות שולחן עבודה פופולריות, יכולים לפתוח קבצים מוצפנים. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+אנו ממליצים לך תמיד [לגבות את כותרות ה-LUKS שלך](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) במקרה של כשל חלקי בכונן. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** הוא כלי הצפנת וחתימה של קבצים חינמי ופתוח העושה שימוש באלגוריתמים קריפטוגרפיים מודרניים ומאובטחים. המטרה היא להיות גרסה טובה יותר של [age](https://github.com/FiloSottile/age) ו [Minisign](https://jedisct1.github.io/minisign/) כדי לספק חלופה פשוטה וקלה יותר ל GPG.
-
- [:octicons-home-16: דף הבית](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="מדיניות פרטיות" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=תיעוד}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="קוד מקור" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=לתרומה }
-
- ??? downloads "הורדות"
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** הוא כלי הצפנת וחתימה של קבצים חינמי ופתוח העושה שימוש באלגוריתמים קריפטוגרפיים מודרניים ומאובטחים. המטרה היא להיות גרסה טובה יותר של [age](https://github.com/FiloSottile/age) ו [Minisign](https://jedisct1.github.io/minisign/) כדי לספק חלופה פשוטה וקלה יותר ל GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** הוא מעטפת מעטפת שורת פקודה עבור LUKS. הוא תומך בסטגנוגרפיה באמצעות [כלים של צד שלישי](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: דף הבית](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=תיעוד}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="קוד מקור" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=לתרומה }
+{ align=right }
+
+**Tomb** הוא מעטפת מעטפת שורת פקודה עבור LUKS. הוא תומך בסטגנוגרפיה באמצעות [כלים של צד שלישי](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: דף הבית](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=תיעוד}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="קוד מקור" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=לתרומה }
+
+
+
+
## OpenPGP
@@ -230,100 +273,128 @@ BitLocker [ נתמך רק](https://support.microsoft.com/en-us/windows/turn-on-d
בעת הצפנה באמצעות PGP, יש לך אפשרות להגדיר אפשרויות שונות בקובץ `gpg.conf` שלך. אנו ממליצים להישאר עם האפשרויות הסטנדרטיות המפורטות ב[שאלות הנפוצות של משתמשי GnuPG ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "השתמש בברירות מחדל עתידיות בעת יצירת מפתח"
+
+
Use future defaults when generating a key
- כאשר [יוצרים מפתחות](https://www.gnupg.org/gph/en/manual/c14.html) אנו מציעים להשתמש בפקודה `future-default` מכיוון שזו תנחה את GnuPG להשתמש בקריפטוגרפיה מודרנית כגון [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) ו [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** היא חלופה ברישיון GPL לחבילת PGP של תוכנות הצפנה. GnuPG תואם ל-[RFC 4880](https://tools.ietf.org/html/rfc4880), שהוא מפרט ה-IETF הנוכחי של OpenPGP. פרויקט GnuPG עבד על [טיוטה מעודכנת](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) בניסיון לחדש את OpenPGP. GnuPG הוא חלק מפרויקט התוכנה GNU של קרן התוכנה החופשית וקיבל [מימון] גדול (https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) מממשלת גרמניה.
-
- [:octicons-home-16: דף הבית](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="מדיניות פרטיות" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=תיעוד}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="קוד מקור" }
-
- ??? downloads "הורדות"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** היא חלופה ברישיון GPL לחבילת PGP של תוכנות הצפנה. GnuPG תואם ל-[RFC 4880](https://tools.ietf.org/html/rfc4880), שהוא מפרט ה-IETF הנוכחי של OpenPGP. פרויקט GnuPG עבד על [טיוטה מעודכנת](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) בניסיון לחדש את OpenPGP. GnuPG הוא חלק מפרויקט התוכנה GNU של קרן התוכנה החופשית וקיבל [מימון] גדול (https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) מממשלת גרמניה.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** היא חבילה עבור Windows מ-[Intevation ו-g10 Code](https://gpg4win.org/impressum.html). הוא כולל [כלים שונים](https://gpg4win.org/about.html) שיכולים לסייע לך בשימוש ב-GPG ב-Microsoft Windows. הפרויקט יזם ובמקור [מומן על ידי](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) המשרד הפדרלי של גרמניה למידע אבטחה (BSI) בשנת 2005.
-
- [:octicons-home-16: דף הבית](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="מדיניות פרטיות" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=תיעוד}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="קוד מקור" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=לתרומה }
-
- ??? downloads "הורדות"
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** היא חבילה עבור Windows מ-[Intevation ו-g10 Code](https://gpg4win.org/impressum.html). הוא כולל [כלים שונים](https://gpg4win.org/about.html) שיכולים לסייע לך בשימוש ב-GPG ב-Microsoft Windows. הפרויקט יזם ובמקור [מומן על ידי](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) המשרד הפדרלי של גרמניה למידע אבטחה (BSI) בשנת 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note "הערה"
+
+
Note
- אנו מציעים [Canary Mail](email-clients.md#canary-mail) לשימוש ב-PGP עם אימייל במכשירי iOS.
+אנו מציעים [Canary Mail](email-clients.md#canary-mail) לשימוש ב-PGP עם אימייל במכשירי iOS.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** מספקת תמיכה ב-OpenPGP עבור [Apple Mail](email-clients.md#apple-mail) ו-macOS.
+
+אנו ממליצים להסתכל על [השלבים הראשונים](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup- gpgtools-create-a-new-key-your-first-encrypted-email) ו-[בסיס ידע](https://gpgtools.tenderapp.com/kb) לתמיכה.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** הוא יישום אנדרואיד של GnuPG. זה נדרש בדרך כלל על ידי לקוחות דואר כגון [K-9 Mail](email-clients.md#k-9-mail) ו- [FairEmail](email-clients.md#fairemail) ואפליקציות Android אחרות כדי לספק תמיכה בהצפנה. Cure53 השלימה [ביקורת אבטחה](https://www.openkeychain.org/openkeychain-3-6) של OpenKeychain 3.6 באוקטובר 2015. פרטים טכניים על הביקורת והפתרונות של OpenKeychain ניתן למצוא [כאן](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: דף הבית](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="מדיניות פרטיות" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=תיעוד}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="קוד מקור" }
- :octicons-heart-16:{ .card-link title="ניתן לתרום באפליקציה" }
-
- ??? downloads "הורדות"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** הוא יישום אנדרואיד של GnuPG. זה נדרש בדרך כלל על ידי לקוחות דואר כגון [K-9 Mail](email-clients.md#k-9-mail) ו- [FairEmail](email-clients.md#fairemail) ואפליקציות Android אחרות כדי לספק תמיכה בהצפנה. Cure53 השלימה [ביקורת אבטחה](https://www.openkeychain.org/openkeychain-3-6) של OpenKeychain 3.6 באוקטובר 2015. פרטים טכניים על הביקורת והפתרונות של OpenKeychain ניתן למצוא [כאן](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## קריטריונים
**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך.
-!!! example "חלק זה הוא חדש"
+
+
This section is new
- אנו עובדים על קביעת קריטריונים מוגדרים לכל קטע באתר שלנו, והדבר עשוי להשתנות. אם יש לך שאלות כלשהן לגבי הקריטריונים שלנו, אנא [שאל בפורום שלנו](https://discuss.privacyguides.net/latest) ואל תניח שלא שקלנו משהו כשהצענו את ההמלצות שלנו אם הוא לא רשום כאן. ישנם גורמים רבים שנחשבים ונדונים כאשר אנו ממליצים על פרויקט, ותיעוד כל אחד מהם הוא עבודה בתהליך.
+אנו עובדים על קביעת קריטריונים מוגדרים לכל קטע באתר שלנו, והדבר עשוי להשתנות. אם יש לך שאלות כלשהן לגבי הקריטריונים שלנו, אנא [שאל בפורום שלנו](https://discuss.privacyguides.net/latest) ואל תניח שלא שקלנו משהו כשהצענו את ההמלצות שלנו אם הוא לא רשום כאן. ישנם גורמים רבים שנחשבים ונדונים כאשר אנו ממליצים על פרויקט, ותיעוד כל אחד מהם הוא עבודה בתהליך.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Követelmények
**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra.
-!!! example "Ez a szakasz új"
+
+
This section is new
- Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka.
+Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka.
+
+
- { align=right }
-
- **Cryptomator** adalah solusi enkripsi yang dirancang untuk menyimpan berkas secara pribadi ke penyedia layanan awan mana pun. Ini memungkinkan Anda untuk membuat brankas yang disimpan di penyimpanan virtual, yang isinya dienkripsi dan disinkronkan dengan penyedia penyimpanan awan Anda.
-
- [:octicons-home-16: Laman Beranda](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Kebijakan Privasi" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Dokumentasi}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Kode Sumber" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Berkontribusi }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** adalah solusi enkripsi yang dirancang untuk menyimpan berkas secara pribadi ke penyedia layanan awan mana pun. Ini memungkinkan Anda untuk membuat brankas yang disimpan di penyimpanan virtual, yang isinya dienkripsi dan disinkronkan dengan penyedia penyimpanan awan Anda.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ Untuk mengenkripsi kandar tempat sistem operasi Anda melakukan but, kami umumnya
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. Alasan utama kami merekomendasikannya untuk mengenkripsi kandar but Anda adalah karena [penggunaan TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, sebuah perusahaan forensik, telah menulis tentang fitur ini di [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. Alasan utama kami merekomendasikannya untuk mengenkripsi kandar but Anda adalah karena [penggunaan TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, sebuah perusahaan forensik, telah menulis tentang fitur ini di [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. Anda mungkin perlu [menonaktifkan fungsionalitas "Enkripsi perangkat" non-Bitlocker](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (yang inferior karena mengirimkan kunci pemulihan Anda ke server Microsoft) jika sudah diaktifkan di perangkat Anda sebelum mengikuti panduan ini.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Kriteria
**Harap diperhatikan bahwa kami tidak berafiliasi dengan proyek-proyek yang kami rekomendasikan.** Selain [kriteria standar kami](about/criteria.md), kami telah mengembangkan serangkaian persyaratan yang jelas untuk memungkinkan kami memberikan rekomendasi yang objektif. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan penelitian sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda.
-!!! contoh "Bagian ini baru"
+
+
This section is new
- Kami sedang berupaya menetapkan kriteria yang jelas untuk setiap bagian dari situs kami, dan hal ini dapat berubah sewaktu-waktu. Jika Anda memiliki pertanyaan mengenai kriteria kami, silakan [tanyakan di forum](https://discuss.privacyguides.net/latest) dan jangan berasumsi bahwa kami tidak mempertimbangkan sesuatu saat membuat rekomendasi jika tidak tercantum di sini. Ada banyak faktor yang dipertimbangkan dan didiskusikan saat kami merekomendasikan sebuah proyek, dan mendokumentasikan setiap faktor tersebut merupakan sebuah pekerjaan yang sedang berjalan.
+Kami sedang berupaya menetapkan kriteria yang jelas untuk setiap bagian dari situs kami, dan hal ini dapat berubah sewaktu-waktu. Jika Anda memiliki pertanyaan mengenai kriteria kami, silakan [tanyakan di forum](https://discuss.privacyguides.net/latest) dan jangan berasumsi bahwa kami tidak mempertimbangkan sesuatu saat membuat rekomendasi jika tidak tercantum di sini. Ada banyak faktor yang dipertimbangkan dan didiskusikan saat kami merekomendasikan sebuah proyek, dan mendokumentasikan setiap faktor tersebut merupakan sebuah pekerjaan yang sedang berjalan.
+
+
- { align=right }
-
- **Cryptomator** è una soluzione per la crittografia progettata per salvare privatamente i file di qualsiasi provider cloud. Ti consente di creare cassaforti memorizzate su un'unità virtuale, i cui contenuti sono crittografati e sincronizzati con il tuo fornitore d'archiviazione su cloud.
-
- [:octicons-home-16: Home](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Politica sulla Privacy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentazione}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Codice Sorgente" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribuisci }
-
- ??? downloads "Scarica"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator&gl=it)
- - [:simple-appstore: App Store](https://apps.apple.com/it/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/it/apps/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** è una soluzione per la crittografia progettata per salvare privatamente i file di qualsiasi provider cloud. Ti consente di creare cassaforti memorizzate su un'unità virtuale, i cui contenuti sono crittografati e sincronizzati con il tuo fornitore d'archiviazione su cloud.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator utilizza la crittografiaa AES-256 per crittografare i file e i loro nomi. Cryptomator non può crittografare i metadati come marche orarie d'accesso, modifica e creazione, né il numero e le dimensioni dei file e delle cartelle.
@@ -44,41 +49,51 @@ La documentazione di Cryptomator ne descrive l'[obiettivo di sicurezza](https://
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** è un strumento semplice e di piccole dimensioni che fornisce tecniche di crittografia moderna. Picocrypt utilizza il cifrario sicuro XChaCha20 e la funzione di derivazione della chiave Argon2id per fornire un alto livello di sicurezza. Utilizza i moduli standard x/crypto di Go per le sue funzionalità di sicurezza.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Codice Sorgente" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribuisci }
-
- ??? downloads "Scarica"
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** è un strumento semplice e di piccole dimensioni che fornisce tecniche di crittografia moderna. Picocrypt utilizza il cifrario sicuro XChaCha20 e la funzione di derivazione della chiave Argon2id per fornire un alto livello di sicurezza. Utilizza i moduli standard x/crypto di Go per le sue funzionalità di sicurezza.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disco)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** è un'utility libera con sorgente disponibile, utilizzata per la crittografia al volo. Può creare un disco virtuale crittografato in un file, crittografare una partizione o crittografare l'intero dispositivo di archiviazione con l'autenticazione antecedente l'avvio.
-
- [:octicons-home-16: Home](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentazione}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Codice Sorgente" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribuisci }
-
- ??? downloads "Scarica"
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** è un'utility libera con sorgente disponibile, utilizzata per la crittografia al volo. Può creare un disco virtuale crittografato in un file, crittografare una partizione o crittografare l'intero dispositivo di archiviazione con l'autenticazione antecedente l'avvio.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt è un fork del progetto abbandonato TrueCrypt. Secondo i suoi sviluppatori, sono stati implementati dei miglioramenti alla sicurezza e, i problemi sollevati dall'iniziale controllo del codice di TrueCrypt sono stati risolti.
@@ -92,100 +107,119 @@ Per crittografare l'unità da cui si avvia il sistema operativo, in genere si co
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** è il programma di crittografia completa del volume, integrato con Microsoft Windows. Il motivo principale per cui lo consigliamo per la crittografia dell'unità di avvio è il suo [utilizzo di TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, una società di analisi forense, ha scritto su questa funzione in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentazione}
+{ align=right }
+
+**BitLocker** è il programma di crittografia completa del volume, integrato con Microsoft Windows. Il motivo principale per cui lo consigliamo per la crittografia dell'unità di avvio è il suo [utilizzo di TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, una società di analisi forense, ha scritto su questa funzione in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentazione}
+
+
+
+
BitLocker è [supportato soltanto](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) dalle edizioni Pro, Enterprise ed Education di Windows. Può essere abilitato sulle edizioni Home, ammesso che soddisfino i prerequisiti.
-??? example "Attivare BitLocker su Windows Home"
+
+Enabling BitLocker on Windows Home
- Per abilitare BitLocker sulle edizioni "Home" di Windows, devi avere le partizioni formattate con una [Tabella di Partizione GUID](https://it.wikipedia.org/wiki/GUID_Partition_Table) e disporre di un modulo TPM (v1.2, 2.0+) dedicato. Potrebbe essere necessario [disabilitare la funzionalità "Crittografia dispositivo" non-Bitlocker](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (che è inferiore perché invia la chiave di recupero ai server di Microsoft) se è già attiva sul dispositivo prima di seguire questa guida.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Apri il prompt dei comandi e verifica il formato della tabella di partizione dell'unità, con il seguente comando. Dovresti vedere "**GPT**" elencato sotto "Stile di Partizione":
+1. Apri il prompt dei comandi e verifica il formato della tabella di partizione dell'unità, con il seguente comando. Dovresti vedere "**GPT**" elencato sotto "Stile di Partizione":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Esegui questo comando (nel prompt dei comandi da admin), per verificare la tua versione di TPM. Dovresti vedere `2.0` o `1.2`, elencato affianco a `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Esegui questo comando (nel prompt dei comandi da admin), per verificare la tua versione di TPM. Dovresti vedere `2.0` o `1.2`, elencato affianco a `SpecVersion`:
+3. Accedi alle [Opzioni di Avvio Avanzate](https://support.microsoft.com/it-it/windows/opzioni-di-avvio-avanzate-inclusa-la-modalit%C3%A0-provvisoria-b90e7808-80b5-a291-d4b8-1a1af602b617). Devi riavviare premendo il tasto F8, prima dell'avvio di Windows e andare nel *prompt dei comandi* in **Risoluzione dei Problemi** → **Opzioni Avanzate** → **Prompt dei Comandi**.
+4. Accedi con il tuo profilo da amministratore e digita nel prompt dei comandi questo comando, per avviare la crittografia:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Chiudi il prompt dei comandi e procedi con l'avvio regolare di Windows.
+6. Apri il prompt dei comandi con privilegi da amministratore ed esegui i seguenti comandi:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Accedi alle [Opzioni di Avvio Avanzate](https://support.microsoft.com/it-it/windows/opzioni-di-avvio-avanzate-inclusa-la-modalit%C3%A0-provvisoria-b90e7808-80b5-a291-d4b8-1a1af602b617). Devi riavviare premendo il tasto F8, prima dell'avvio di Windows e andare nel *prompt dei comandi* in **Risoluzione dei Problemi** → **Opzioni Avanzate** → **Prompt dei Comandi**.
+
+
Suggerimento
- 4. Accedi con il tuo profilo da amministratore e digita nel prompt dei comandi questo comando, per avviare la crittografia:
+Esegui il backup di 'BitLocker-Recovery-Key.txt' sul tuo desktop, in un dispositivo d'archiviazione separato. La perdita del codice di recupero potrebbe risultare nella perdita dei dati.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** è la soluzione per la crittografia rapida dei volumi, integrata su macOS. FileVault è consigliata perché [sfrutta](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) le funzionalità di sicurezza hardware presenti su un SoC in silicio o un Chip di Sicurezza T2 di Apple.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentazione}
+{ align=right }
+
+**FileVault** è la soluzione per la crittografia rapida dei volumi, integrata su macOS. FileVault è consigliata perché [sfrutta](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) le funzionalità di sicurezza hardware presenti su un SoC in silicio o un Chip di Sicurezza T2 di Apple.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentazione}
+
+
+
+
Consigliamo di memorizzare una chiave di recupero locale in un luogo sicuro, invece di utilizzare il tuo profilo di iCloud per il recupero.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** è il metodo di FDE predefinito per Linux. È utilizzabile per crittografare interi volumi, partizioni, o creare contenitori crittografati.
-
- [:octicons-home-16: Home](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentazione}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Codice Sorgente" }
+{ align=right }
-??? example "Creazione e apertura di contenitori crittografati"
+**LUKS** è il metodo di FDE predefinito per Linux. È utilizzabile per crittografare interi volumi, partizioni, o creare contenitori crittografati.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Home](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentazione}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Codice Sorgente" }
+
- #### Apertura di contenitori crittografati
- Consigliamo di aprire contenitori e volumi con `udisksctl`, poiché utilizza [Polkit](https://it.wikipedia.org/wiki/PolicyKit). Gran parte dei gestori di file, come quelli inclusi con i popolari ambienti desktop, possono sbloccare i file crittografati. Strumenti come [udiskie](https://github.com/coldfix/udiskie) possono essere eseguiti nella barra delle applicazioni e forniscono un'utile interfaccia utente.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Ricorda di eseguire il backup delle intestazioni dei volumi"
+
+Creating and opening encrypted containers
- Consigliamo di eseguire sempre il [back up delle intestazioni LUKS](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in caso di guasto parziale dell'unità. Ciò può essere fatto con:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Gran parte dei gestori di file, come quelli inclusi con i popolari ambienti desktop, possono sbloccare i file crittografati. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+Consigliamo di eseguire sempre il [back up delle intestazioni LUKS](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in caso di guasto parziale dell'unità. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** è uno strumento gratuito e open source di crittografia e firma dei file, che utilizza algoritmi crittografici moderni e sicuri. Punta a essere una versione migliorata di[age](https://github.com/FiloSottile/age) e [Minisign](https://jedisct1.github.io/minisign/) per fornire un'alternativa semplice a GPG.
-
- [:octicons-home-16: Home](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Politica sulla Privacy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentazione}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Codice Sorgente" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribuisci }
-
- ??? downloads "Scarica"
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** è uno strumento gratuito e open source di crittografia e firma dei file, che utilizza algoritmi crittografici moderni e sicuri. Punta a essere una versione migliorata di[age](https://github.com/FiloSottile/age) e [Minisign](https://jedisct1.github.io/minisign/) per fornire un'alternativa semplice a GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** è un wrapper della shell a riga di comando, per LUKS. Supporta la steganografia tramite [strumenti di terze parti](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Pagina principale](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentazione}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Codice sorgente" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribuisci }
+{ align=right }
+
+**Tomb** è un wrapper della shell a riga di comando, per LUKS. Supporta la steganografia tramite [strumenti di terze parti](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Pagina principale](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentazione}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Codice sorgente" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribuisci }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP è talvolta necessario per incarichi specifici, come firmare digitalment
Crittografando con PGP, puoi configurare diverse opzioni nel tuo file `gpg.config`. Ti consigliamo di attenerti con le opzioni standard specificate nelle [Domande Frequenti degli utenti di GnuPG](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Utilizzare future-default quando si genera una chiave"
+
+
Use future defaults when generating a key
- [Generando le chiavi]https://www.gnupg.org/gph/en/manual/c14.html), consigliamo di utilizzare il comando 'future-default', istruendo GnuPG a utilizzare la crittografia moderna come [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) ed [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** è un'alternativa con licenza GPL alla suite PGP per software crittografici. GnuPG è conforme con [RFC 4880](https://tools.ietf.org/html/rfc4880), la specifica IETF corrente di OpenPGP. Il progetto GnuPG ha lavorato a una [bozza aggiornata](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) nel tentativo di modernizzare OpenPGP. GnuPG fa parte del progetto Free Software Foundation di GNU ed ha ricevuto un'importante [finanziamento](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) dal governo tedesco.
-
- [:octicons-home-16: Home](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Politica sulla Privacy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentazione}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Codice Sorgente" }
-
- ??? downloads "Scarica"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** è un'alternativa con licenza GPL alla suite PGP per software crittografici. GnuPG è conforme con [RFC 4880](https://tools.ietf.org/html/rfc4880), la specifica IETF corrente di OpenPGP. Il progetto GnuPG ha lavorato a una [bozza aggiornata](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) nel tentativo di modernizzare OpenPGP. GnuPG fa parte del progetto Free Software Foundation di GNU ed ha ricevuto un'importante [finanziamento](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) dal governo tedesco.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** è un pacchetto per Windows di [Intevation e g10 Code](https://gpg4win.org/impressum.html). Include [vari strumenti](https://gpg4win.org/about.html), che possono assisterti nell'utilizzo di GPG su Microsoft Windows. Il progetto è stato avviato e originariamente [finanziato dall'](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography)Ufficio Federale Tedesco per la Sicurezza delle Informazioni (BSI) nel 2005.
-
- [:octicons-home-16: Home](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Politica sulla Privacy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentazione}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Codice Sorgente" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribuisci }
-
- ??? downloads "Scarica"
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** è un pacchetto per Windows di [Intevation e g10 Code](https://gpg4win.org/impressum.html). Include [vari strumenti](https://gpg4win.org/about.html), che possono assisterti nell'utilizzo di GPG su Microsoft Windows. Il progetto è stato avviato e originariamente [finanziato dall'](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography)Ufficio Federale Tedesco per la Sicurezza delle Informazioni (BSI) nel 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note "Nota"
+
+
Nota
- Suggeriamo [Canary Mail](email-clients.md#canary-mail) per utilizzare PGP con le email sui dispositivi iOS.
+Suggeriamo [Canary Mail](email-clients.md#canary-mail) per utilizzare PGP con le email sui dispositivi iOS.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** fornisce il supporto OpenPGP per [Apple Mail](email-clients.md#apple-mail) e macOS.
+
+Consigliamo di dare un'occhiata ai loro [Primi passi](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) e alla loro [Base di Conoscenza](https://gpgtools.tenderapp.com/kb) per supporto.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** è un'implementazione Android di GnuPG. È comunementa richiesta da client mail come [K-9 Mail](email-clients.md#k-9-mail) e [FairEmail](email-clients.md#fairemail) e da altre app Android per fornire supporto alla crittografia. Cure53 ha completato un [controllo di sicurezza](https://www.openkeychain.org/openkeychain-3-6) di OpenKeychain 3.6 a ottobre 2015. I dettagli tecnici sul controllo e le soluzioni di OpenKeychain possono essere trovate [qui](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Home](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Politica sulla Privacy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentazione}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Codice Sorgente" }
-
- ??? downloads "Scarica"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** è un'implementazione Android di GnuPG. È comunementa richiesta da client mail come [K-9 Mail](email-clients.md#k-9-mail) e [FairEmail](email-clients.md#fairemail) e da altre app Android per fornire supporto alla crittografia. Cure53 ha completato un [controllo di sicurezza](https://www.openkeychain.org/openkeychain-3-6) di OpenKeychain 3.6 a ottobre 2015. I dettagli tecnici sul controllo e le soluzioni di OpenKeychain possono essere trovate [qui](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteri
**Ti preghiamo di notare che non siamo affiliati con alcun progetto consigliato.** Oltre ai [nostri criteri standard](about/criteria.md), abbiamo sviluppato una serie chiara di requisiti per consentirci di fornire consigli oggettivi. Ti suggeriamo di familiarizzare con questo elenco prima di scegliere di utilizzare un progetto e di condurre le tue ricerche per assicurarti che si tratti della scelta adatta a te.
-!!! example "Questa sezione è nuova"
+
+
Questa sezione è nuova
- Stiamo lavorando per stabilire i criteri definiti per ogni sezione del nostro sito e, questa, potrebbe essere soggetta a modifiche. Se hai qualsiasi domanda sui nostri criteri, ti preghiamo di [chiedere sul nostro forum](https://discuss.privacyguides.net/latest) e di non supporre che non abbiamo considerato qualcosa, formulando i nostri consigli, se non elencato qui. Molti fattori sono presi in considerazione e discussi quando consigliamo un progetto e la documentazione di ognuno è in lavorazione.
+Stiamo lavorando per stabilire i criteri definiti per ogni sezione del nostro sito e, questa, potrebbe essere soggetta a modifiche. Se hai qualsiasi domanda sui nostri criteri, ti preghiamo di [chiedere sul nostro forum](https://discuss.privacyguides.net/latest) e di non supporre che non abbiamo considerato qualcosa, formulando i nostri consigli, se non elencato qui. Molti fattori sono presi in considerazione e discussi quando consigliamo un progetto e la documentazione di ognuno è in lavorazione.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomatorは、AES-256を用いて、ファイルとファイル名の両方を暗号化します。 Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt(ファイル)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt**は小さくシンプルな暗号化ツールで、最新の暗号化を提供します。 Picocryptは、セキュアなXChaCha20暗号とArgon2idキー派生機能を使用し、高レベルのセキュリティを提供します。 暗号化機能には、Go標準のx/cryptoモジュールを使用しています。
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="ソースコード" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=貢献 }
-
- ??? ダウンロード
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt**は小さくシンプルな暗号化ツールで、最新の暗号化を提供します。 Picocryptは、セキュアなXChaCha20暗号とArgon2idキー派生機能を使用し、高レベルのセキュリティを提供します。 暗号化機能には、Go標準のx/cryptoモジュールを使用しています。
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt(ディスク)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCryptは、終了したTrueCryptプロジェクトのフォークです。 開発者によると、セキュリティの改善が実装されており、最初のTrueCryptコード監査によって提起された問題が解決されています。
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. このコマンドを(管理者コマンドプロンプトで)実行し、TPMのバージョンを確認してください。 You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. このコマンドを(管理者コマンドプロンプトで)実行し、TPMのバージョンを確認してください。 You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! メモ
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## 規準
**私たちは、推薦するどのプロジェクトとも提携していません。**客観的に推薦できるよう、[標準となる規準](about/criteria.md)に加えて、一連の明確な要件を定めています。 プロジェクトを利用する前に、このリストをよく理解し、ご自身で調査を行って、そのプロジェクトがあなたにとって適切な選択かどうかをご確認ください。
-!!! example "この項目は最近作成されました"
+
+
This section is new
- 私たちは、サイトの各項目に関して、定義された規準の確立に取り組んでいます。この規準は変更される可能性があります。 規準について疑問がある場合は、[フォーラムで質問](https://discuss.privacyguides.net/latest)してください。また、ここに記載されていない場合でも、私たちがプロジェクトを推奨する際に、そうした事柄を考慮しなかったと仮定するのはお止めください。 プロジェクトを推奨する際に考慮され、議論される要素は多くあり、そのすべてを文書化する作業は現在進行中です。
+私たちは、サイトの各項目に関して、定義された規準の確立に取り組んでいます。この規準は変更される可能性があります。 規準について疑問がある場合は、[フォーラムで質問](https://discuss.privacyguides.net/latest)してください。また、ここに記載されていない場合でも、私たちがプロジェクトを推奨する際に、そうした事柄を考慮しなかったと仮定するのはお止めください。 プロジェクトを推奨する際に考慮され、議論される要素は多くあり、そのすべてを文書化する作業は現在進行中です。
+
+
- { align=right }
- **Cryptomator**는 다양한 클라우드와 호환되도록 설계된 파일 암호화 솔루션입니다. 가상 드라이브에 Vault라고 불리는 파일 저장소를 생성할 수 있고, 여기에 저장된 파일들은 암호화되며 자동으로 클라우드와 동기화됩니다.
-
- [:octicons-home-16: 홈페이지](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="프라이버시 정책" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=문서}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="소스 코드" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=기부 }
-
- ??? downloads "다운로드"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+**Cryptomator**는 다양한 클라우드와 호환되도록 설계된 파일 암호화 솔루션입니다. 가상 드라이브에 Vault라고 불리는 파일 저장소를 생성할 수 있고, 여기에 저장된 파일들은 암호화되며 자동으로 클라우드와 동기화됩니다.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -43,41 +48,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (파일)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: 저장소](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="소스 코드" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=기부 }
-
- ??? downloads "다운로드"
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (디스크)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: 홈페이지](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=문서}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="소스 코드" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=기부 }
-
- ??? downloads "다운로드"
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -91,100 +106,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://learn.microsoft.com/ko-kr/windows/security/information-protection/bitlocker/bitlocker-overview){ .card-link title=문서}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://learn.microsoft.com/ko-kr/windows/security/information-protection/bitlocker/bitlocker-overview){ .card-link title=문서}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Windows Home에서 BitLocker를 활성화하는 방법"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+데스크톱의 `BitLocker-Recovery-Key.txt`를 별도 저장 장치에 백업하세요. 해당 복구 코드를 분실하면 데이터를 잃어버리게 될 수 있습니다.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault**는 macOS에 기본 내장된, 즉시 사용 가능한 볼륨 암호화 솔루션입니다. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/ko-kr/guide/mac-help/mh11785/mac){ .card-link title=문서}
+{ align=right }
+
+**FileVault**는 macOS에 기본 내장된, 즉시 사용 가능한 볼륨 암호화 솔루션입니다. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/ko-kr/guide/mac-help/mh11785/mac){ .card-link title=문서}
+
+
+
+
저희는 복구 수단으로 iCloud 계정을 사용하는 것보다는 로컬 복구 키를 안전한 곳에 보관해둘 것을 권장드립니다.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS**는 Linux에서 기본으로 사용하는 FDE 방식입니다. 전체 볼륨, 파티션을 암호화하거나 암호화 컨테이너를 만들 수 있습니다.
-
- [:octicons-home-16: 홈페이지](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=문서}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="소스 코드" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS**는 Linux에서 기본으로 사용하는 FDE 방식입니다. 전체 볼륨, 파티션을 암호화하거나 암호화 컨테이너를 만들 수 있습니다.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: 홈페이지](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=문서}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="소스 코드" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor**는 현대적이고 안전한 암호화 알고리즘을 사용하는 무료 오픈 소스 툴로, 파일 암호화 및 서명 기능을 제공합니다. [age](https://github.com/FiloSottile/age)와 [Minisign](https://jedisct1.github.io/minisign/)을 개선하여 GPG를 대체할 수 있는 쉽고 간편한 대안을 제공하는 것을 목표로 합니다.
-
- [:octicons-home-16: 홈페이지](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="프라이버시 정책" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=문서}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="소스 코드" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=기부 }
-
- ??? downloads "다운로드"
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor**는 현대적이고 안전한 암호화 알고리즘을 사용하는 무료 오픈 소스 툴로, 파일 암호화 및 서명 기능을 제공합니다. [age](https://github.com/FiloSottile/age)와 [Minisign](https://jedisct1.github.io/minisign/)을 개선하여 GPG를 대체할 수 있는 쉽고 간편한 대안을 제공하는 것을 목표로 합니다.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb**는 LUKS의 커맨드라인 Shell 래퍼(Wrapper)입니다. [외부 툴](https://github.com/dyne/Tomb#how-does-it-work)을 통해 스테가노그래피(Steganography)를 지원합니다.
-
- [:octicons-home-16: 홈페이지](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=문서}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="소스 코드" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=기부 }
+{ align=right }
+
+**Tomb**는 LUKS의 커맨드라인 Shell 래퍼(Wrapper)입니다. [외부 툴](https://github.com/dyne/Tomb#how-does-it-work)을 통해 스테가노그래피(Steganography)를 지원합니다.
+
+[:octicons-home-16: 홈페이지](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=문서}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="소스 코드" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=기부 }
+
+
+
+
## OpenPGP
@@ -229,99 +272,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: 홈페이지](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="프라이버시 정책" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=문서}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="소스 코드" }
-
- ??? downloads "다운로드"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: 홈페이지](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="프라이버시 정책" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=문서}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="소스 코드" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=기부 }
-
- ??? downloads "다운로드"
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: 홈페이지](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="프라이버시 정책" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=문서}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="소스 코드" }
-
- ??? downloads "다운로드"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## 평가 기준
**Privacy Guides는 권장 목록의 어떠한 프로젝트와도 제휴를 맺지 않았습니다.** 객관적인 권장 목록을 제공하기 위해, [일반적인 평가 기준](about/criteria.md)에 더해 명확한 요구 사항을 정립하였습니다. 어떠한 프로젝트를 선택해 사용하기 전에, 이러한 요구 사항들을 숙지하고 여러분 스스로 조사하는 과정을 거쳐 적절한 선택을 하시기 바랍니다.
-!!! example "이 단락은 최근에 만들어졌습니다"
+
+
This section is new
- Privacy Guides 팀은 사이트의 모든 항목마다 명확한 평가 기준을 정립하는 중이며, 따라서 세부 내용은 변경될 수 있습니다. 평가 기준에 대해서 질문이 있다면 [포럼에서 문의](https://discuss.privacyguides.net/latest)하시기 바랍니다. (무언가가 목록에 존재하지 않다고 해서 권장 목록을 작성할 때 고려한 적이 없을 것으로 단정 짓지 마세요.) 권장 목록에 어떤 프로젝트를 추가할 때 고려하고 논의해야 할 요소는 매우 많으며, 모든 요소를 문서화하는 것은 현재 진행 중인 작업입니다.
+Privacy Guides 팀은 사이트의 모든 항목마다 명확한 평가 기준을 정립하는 중이며, 따라서 세부 내용은 변경될 수 있습니다. 평가 기준에 대해서 질문이 있다면 [포럼에서 문의](https://discuss.privacyguides.net/latest)하시기 바랍니다. (무언가가 목록에 존재하지 않다고 해서 권장 목록을 작성할 때 고려한 적이 없을 것으로 단정 짓지 마세요.) 권장 목록에 어떤 프로젝트를 추가할 때 고려하고 논의해야 할 요소는 매우 많으며, 모든 요소를 문서화하는 것은 현재 진행 중인 작업입니다.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** is een encryptie-oplossing die is ontworpen voor het privé opslaan van bestanden bij elke cloudprovider. Hiermee kunt u kluizen maken die worden opgeslagen op een virtuele schijf, waarvan de inhoud wordt gecodeerd en gesynchroniseerd met uw cloudopslagprovider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacybeleid" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentatie}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Broncode" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Bijdragen }
-
- ??? downloads "Downloaden"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is een encryptie-oplossing die is ontworpen voor het privé opslaan van bestanden bij elke cloudprovider. Hiermee kunt u kluizen maken die worden opgeslagen op een virtuele schijf, waarvan de inhoud wordt gecodeerd en gesynchroniseerd met uw cloudopslagprovider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator maakt gebruik van AES-256 encryptie om zowel bestanden als bestandsnamen te versleutelen. Cryptomator kan geen metadata versleutelen, zoals tijdstempels voor toegang, wijziging en creatie, noch het aantal en de grootte van bestanden en mappen.
@@ -44,41 +49,51 @@ In de documentatie van Cryptomator worden de beoogde [beveiligingsdoelstelling](
### Picocrypt (Bestand)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is een klein en eenvoudig encryptieprogramma dat moderne encryptie biedt. Picocrypt gebruikt het veilige XChaCha20-cijfer en de Argon2id-sleutelafleidingsfunctie om een hoog niveau van veiligheid te bieden. Het gebruikt Go's standaard x/crypto modules voor zijn versleutelingsfuncties.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Bijdragen }
-
- ??? downloads "Downloaden"
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is een klein en eenvoudig encryptieprogramma dat moderne encryptie biedt. Picocrypt gebruikt het veilige XChaCha20-cijfer en de Argon2id-sleutelafleidingsfunctie om een hoog niveau van veiligheid te bieden. Het gebruikt Go's standaard x/crypto modules voor zijn versleutelingsfuncties.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Schijf)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is een met broncode beschikbaar freeware hulpprogramma dat wordt gebruikt voor on-the-fly encryptie. Het kan een virtuele versleutelde schijf binnen een bestand maken, een partitie versleutelen of het gehele opslagapparaat versleutelen met pre-boot verificatie.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentatie}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Broncode" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Bijdragen }
-
- ??? downloads "Downloaden"
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is een met broncode beschikbaar freeware hulpprogramma dat wordt gebruikt voor on-the-fly encryptie. Het kan een virtuele versleutelde schijf binnen een bestand maken, een partitie versleutelen of het gehele opslagapparaat versleutelen met pre-boot verificatie.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is een vork van het beëindigde TrueCrypt-project. Volgens de ontwikkelaars zijn er beveiligingsverbeteringen doorgevoerd en zijn de problemen die bij de eerste controle van de TrueCrypt-code aan het licht zijn gekomen, aangepakt.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is de oplossing voor volledige volume-encryptie die met Microsoft Windows wordt meegeleverd. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentatie}
+{ align=right }
+
+**BitLocker** is de oplossing voor volledige volume-encryptie die met Microsoft Windows wordt meegeleverd. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentatie}
+
+
+
+
BitLocker is [alleen ondersteund](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) op Pro, Enterprise en Education edities van Windows. Het kan worden ingeschakeld op Home-edities, mits deze aan de voorwaarden voldoen.
-??? example "BitLocker inschakelen op Windows Home"
+
+Enabling BitLocker on Windows Home
- Om BitLocker in te schakelen op "Home"-edities van Windows, moet je partities hebben die zijn geformatteerd met een [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) en beschikken over een speciale TPM-module (v1.2, 2.0+). You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open een opdrachtprompt en controleer de indeling van de partitietabel van jouw schijf met het volgende commando. Je zou "**GPT**" moeten zien staan onder "Partition Style":
+1. Open een opdrachtprompt en controleer de indeling van de partitietabel van jouw schijf met het volgende commando. Je zou "**GPT**" moeten zien staan onder "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Voer dit commando uit (in een admin commando prompt) om jouw TPM versie te controleren. Je zou `2.0` of `1.2` moeten zien staan naast `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Voer dit commando uit (in een admin commando prompt) om jouw TPM versie te controleren. Je zou `2.0` of `1.2` moeten zien staan naast `SpecVersion`:
+3. Ga naar de [Geavanceerde opstartopties](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). Je moet opnieuw opstarten terwijl je op de F8-toets drukt voordat Windows start en naar de *opdrachtprompt* gaat in **Problemen oplossen** → **Geavanceerde opties** → **Opdrachtprompt**.
+4. Log in met jouw admin-account en typ dit in de opdrachtprompt om de versleuteling te starten:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Sluit de opdrachtprompt en en start verder op naar de gewone Windows installatie.
+6. Open een admin commando prompt en voer de volgende commando's uit:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Ga naar de [Geavanceerde opstartopties](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). Je moet opnieuw opstarten terwijl je op de F8-toets drukt voordat Windows start en naar de *opdrachtprompt* gaat in **Problemen oplossen** → **Geavanceerde opties** → **Opdrachtprompt**.
+
+
Tip
- 4. Log in met jouw admin-account en typ dit in de opdrachtprompt om de versleuteling te starten:
+ Back-up de `BitLocker-Recovery-Key.txt` op uw bureaublad naar een apart opslagapparaat. Het verlies van deze herstelcode kan leiden tot verlies van gegevens.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is de in macOS ingebouwde oplossing voor volumeversleuteling tijdens het filteren. FileVault wordt aanbevolen omdat het [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware beveiligingsmogelijkheden biedt die aanwezig zijn op een Apple silicium SoC of T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentatie}
+{ align=right }
+
+**FileVault** is de in macOS ingebouwde oplossing voor volumeversleuteling tijdens het filteren. FileVault wordt aanbevolen omdat het [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware beveiligingsmogelijkheden biedt die aanwezig zijn op een Apple silicium SoC of T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentatie}
+
+
+
+
Wij raden je aan een lokale herstelsleutel op een veilige plaats op te slaan in plaats van uw iCloud-account te gebruiken voor herstel.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is de standaard FDE-methode voor Linux. Het kan worden gebruikt om volledige volumes of partities te versleutelen, of om versleutelde containers te maken.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentatie}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Broncode" }
+{ align=right }
-??? example "Creëren en openen van versleutelde containers"
+**LUKS** is de standaard FDE-methode voor Linux. Het kan worden gebruikt om volledige volumes of partities te versleutelen, of om versleutelde containers te maken.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentatie}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Broncode" }
+
- #### Versleutelde containers openen
- We raden aan om containers en volumes te openen met `udisksctl`, omdat dit gebruik maakt van [Polkit](https://en.wikipedia.org/wiki/Polkit). De meeste bestandsbeheerders, zoals die van populaire desktopomgevingen, kunnen versleutelde bestanden ontgrendelen. Hulpprogramma's zoals [udiskie](https://github.com/coldfix/udiskie) kunnen in het systeemvak draaien en een nuttige gebruikersinterface bieden.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Vergeet niet een back-up te maken van de volumekoppen"
+
+Creating and opening encrypted containers
- Wij raden je aan altijd [een back-up te maken van uw LUKS-headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in geval van een gedeeltelijke schijfstoring. Dit kan gedaan worden met:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). De meeste bestandsbeheerders, zoals die van populaire desktopomgevingen, kunnen versleutelde bestanden ontgrendelen. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+Wij raden je aan altijd [een back-up te maken van uw LUKS-headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in geval van een gedeeltelijke schijfstoring. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is een gratis en open-source programma voor het versleutelen en ondertekenen van bestanden dat gebruik maakt van moderne en veilige cryptografische algoritmen. Het beoogt een betere versie te zijn van [age](https://github.com/FiloSottile/age) en [Minisign](https://jedisct1.github.io/minisign/) om een eenvoudig, gemakkelijker alternatief voor GPG te bieden.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacybeleid" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentatie}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Broncode" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Bijdragen }
-
- ??? downloads "Downloaden"
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is een gratis en open-source programma voor het versleutelen en ondertekenen van bestanden dat gebruik maakt van moderne en veilige cryptografische algoritmen. Het beoogt een betere versie te zijn van [age](https://github.com/FiloSottile/age) en [Minisign](https://jedisct1.github.io/minisign/) om een eenvoudig, gemakkelijker alternatief voor GPG te bieden.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is een is een command-line shell wrapper voor LUKS. Het ondersteunt steganografie via [hulpprogramma's van derden](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentatie}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Broncode" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Bijdragen}
+{ align=right }
+
+**Tomb** is een is een command-line shell wrapper voor LUKS. Het ondersteunt steganografie via [hulpprogramma's van derden](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentatie}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Broncode" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Bijdragen}
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is soms nodig voor specifieke taken zoals het digitaal ondertekenen en v
Bij het versleutelen met PGP, heb je de optie om verschillende opties te configureren in het `gpg.conf` bestand. We raden aan om de standaard opties te gebruiken zoals gespecificeerd in de [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Gebruik toekomstige standaardwaarden bij het genereren van een sleutel"
+
+
Use future defaults when generating a key
- Bij het [genereren van sleutels](https://www.gnupg.org/gph/en/manual/c14.html) raden we aan het `future-default` commando te gebruiken omdat dit GnuPG zal instrueren moderne cryptografie te gebruiken zoals [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) en [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is een GPL-gelicenseerd alternatief voor de PGP-suite van cryptografische software. GnuPG is in overeenstemming met [RFC 4880](https://tools.ietf.org/html/rfc4880), de huidige IETF-specificatie van OpenPGP. Het GnuPG-project heeft gewerkt aan een [bijgewerkt ontwerp](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in een poging OpenPGP te moderniseren. GnuPG is een onderdeel van het GNU-softwareproject van de Free Software Foundation en heeft van de Duitse regering het belangrijke [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) ontvangen.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacybeleid" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentatie}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Broncode" }
-
- ??? downloads "Downloaden"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is een GPL-gelicenseerd alternatief voor de PGP-suite van cryptografische software. GnuPG is in overeenstemming met [RFC 4880](https://tools.ietf.org/html/rfc4880), de huidige IETF-specificatie van OpenPGP. Het GnuPG-project heeft gewerkt aan een [bijgewerkt ontwerp](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in een poging OpenPGP te moderniseren. GnuPG is een onderdeel van het GNU-softwareproject van de Free Software Foundation en heeft van de Duitse regering het belangrijke [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) ontvangen.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is een pakket voor Windows van [Intevation en g10 Code](https://gpg4win.org/impressum.html). Het bevat [diverse hulpmiddelen](https://gpg4win.org/about.html) die je kunnen helpen bij het gebruik van GPG op Microsoft Windows. Het project is in 2005 opgezet en oorspronkelijk [gefinancierd door](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) het Bundesamt für Informationssicherheit (BSI) van Duitsland.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacybeleid" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentatie}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Broncode" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Bijdragen }
-
- ??? downloads "Downloaden"
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is een pakket voor Windows van [Intevation en g10 Code](https://gpg4win.org/impressum.html). Het bevat [diverse hulpmiddelen](https://gpg4win.org/about.html) die je kunnen helpen bij het gebruik van GPG op Microsoft Windows. Het project is in 2005 opgezet en oorspronkelijk [gefinancierd door](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) het Bundesamt für Informationssicherheit (BSI) van Duitsland.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We raden [Canary Mail](email-clients.md#canary-mail) aan voor het gebruik van PGP met e-mail op iOS-apparaten.
+We raden [Canary Mail](email-clients.md#canary-mail) aan voor het gebruik van PGP met e-mail op iOS-apparaten.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** biedt OpenPGP-ondersteuning voor [Apple Mail](email-clients.md#apple-mail) en macOS.
+
+Wij raden aan een kijkje te nemen in hun [Eerste stappen pagina](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) en [Kennisbank](https://gpgtools.tenderapp.com/kb) voor ondersteuning.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is een Android implementatie van GnuPG. Het wordt algemeen vereist door mail clients zoals [K-9 Mail](email-clients.md#k-9-mail) en [FairEmail](email-clients.md#fairemail) en andere Android apps om encryptie ondersteuning te bieden. Cure53 voltooide een [beveiligingsaudit](https://www.openkeychain.org/openkeychain-3-6) van OpenKeychain 3.6 in oktober 2015. Technische details over de audit en OpenKeychain's oplossingen zijn te vinden op [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacybeleid" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentatie}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Broncode" }
-
- ??? downloads "Downloaden"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is een Android implementatie van GnuPG. Het wordt algemeen vereist door mail clients zoals [K-9 Mail](email-clients.md#k-9-mail) en [FairEmail](email-clients.md#fairemail) en andere Android apps om encryptie ondersteuning te bieden. Cure53 voltooide een [beveiligingsaudit](https://www.openkeychain.org/openkeychain-3-6) van OpenKeychain 3.6 in oktober 2015. Technische details over de audit en OpenKeychain's oplossingen zijn te vinden op [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Wij zijn niet verbonden aan de projecten die wij aanbevelen.** Naast [onze standaardcriteria](about/criteria.md)hebben wij een duidelijke reeks eisen ontwikkeld om objectieve aanbevelingen te kunnen doen. Wij stellen voor dat je jezelf vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat je de juiste keuze maakt.
-!!! example "Deze sectie is nieuw"
+
+
This section is new
- We werken aan het vaststellen van gedefinieerde criteria voor elk deel van onze site, en dit kan onderhevig zijn aan verandering. Als je vragen hebt over onze criteria, stel ze dan [op ons forum](https://discuss.privacyguides.net/latest) en neem niet aan dat we iets niet in overweging hebben genomen bij het opstellen van onze aanbevelingen als het hier niet vermeld staat. Er zijn veel factoren die worden overwogen en besproken wanneer wij een project aanbevelen, en het documenteren van elke factor is een werk in uitvoering.
+We werken aan het vaststellen van gedefinieerde criteria voor elk deel van onze site, en dit kan onderhevig zijn aan verandering. Als je vragen hebt over onze criteria, stel ze dan [op ons forum](https://discuss.privacyguides.net/latest) en neem niet aan dat we iets niet in overweging hebben genomen bij het opstellen van onze aanbevelingen als het hier niet vermeld staat. Er zijn veel factoren die worden overwogen en besproken wanneer wij een project aanbevelen, en het documenteren van elke factor is een werk in uitvoering.
+
+
- { align=right }
-
- **Cryptomator** to rozwiązanie szyfrujące zaprojektowane do prywatnego zapisywania plików do dowolnego dostawcy usług chmury. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** to rozwiązanie szyfrujące zaprojektowane do prywatnego zapisywania plików do dowolnego dostawcy usług chmury. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator wykorzystuje szyfrowanie AES-256 do szyfrowania zarówno plików, jak i nazw plików. Cryptomator nie może szyfrować metadanych, takich jak daty dostępu, modyfikacji oraz utworzenia, ani liczby i rozmiaru plików i folderów.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! rekomendacja
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! rekomendacja
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! rekomendacja
+
- { align=right }
-
- **BitLocker** to funkcja pełnego szyfrowania woluminów dołączona do systemów Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** to funkcja pełnego szyfrowania woluminów dołączona do systemów Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! rekomendacja
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! rekomendacja
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! rekomendacja
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! rekomendacja
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! rekomendacja
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! rekomendacja
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** é uma solução de criptografia projetada para salvar arquivos de forma privada em qualquer provedor de nuvem. Ele permite que você crie cofres armazenados em uma unidade virtual (virtual disk), cujo conteúdo é criptografado e sincronizado com seu provedor de armazenamento em nuvem.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** é uma solução de criptografia projetada para salvar arquivos de forma privada em qualquer provedor de nuvem. Ele permite que você crie cofres armazenados em uma unidade virtual (virtual disk), cujo conteúdo é criptografado e sincronizado com seu provedor de armazenamento em nuvem.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
O Cryptomator usa criptografia AES-256 para criptografar arquivos e nomes de arquivos. O Cryptomator não pode criptografar metadados, como histórico de data/hora de acesso, modificação e criação, nem o número e o tamanho de arquivos e pastas.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (Arquivo)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** é uma ferramenta de criptografia pequena e simples que fornece criptografia moderna. O Picocrypt usa a cifra segura XChaCha20 e a função de derivação de chave do Argon2id para fornecer um alto nível de segurança. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repositório](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribuir }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** é uma ferramenta de criptografia pequena e simples que fornece criptografia moderna. O Picocrypt usa a cifra segura XChaCha20 e a função de derivação de chave do Argon2id para fornecer um alto nível de segurança. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
- { align=right }
-
- **VeraCrypt** é um utilitário freeware disponível na fonte, utilizado para encriptação on-the-fly. Ele pode criar um disco virtual encriptado dentro de um ficheiro, encriptar uma partição ou encriptar todo o dispositivo de armazenamento com autenticação pré-boot.
-
- [Visite veracrypt.fr](https://veracrypt.fr){ .md-button .md-button--primary }
-
- **Downloads***
- - [:fontawesome-brands-windows: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:fontawesome-brands-apple: macOS](https://www.veracrypt.fr/pt/Downloads.html)
- - [:fontawesome-brands-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
- - [:fontawesome-brands-git: Source](https://www.veracrypt.fr/code) downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** é um utilitário freeware disponível na fonte, utilizado para encriptação on-the-fly. Ele pode criar um disco virtual encriptado dentro de um ficheiro, encriptar uma partição ou encriptar todo o dispositivo de armazenamento com autenticação pré-boot.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
O VeraCrypt é um garfo do projeto TrueCrypt descontinuado. De acordo com seus desenvolvedores, melhorias de segurança foram implementadas e questões levantadas pela auditoria inicial do código TrueCrypt foram abordadas.
@@ -46,49 +50,60 @@ Truecrypt foi [auditada várias vezes](https://en.wikipedia.org/wiki/TrueCrypt#S
### Criptomador
-!!! nota
- Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado.
+
- { align=right }
-
- **Cryptomator** facilita o carregamento de ficheiros para a nuvem num sistema de ficheiros virtual encriptado. [Visite cryptomator.org](https://cryptomator.org){ .md-button .md-button--primary } [Política de Privacidade](https://cryptomator.org/privacy){ .md-button }
-
- **Downloads***
- - [:fontawesome-brands-windows: Windows](https://cryptomator.org/downloads)
- - [:fontawesome-brands-apple: macOS](https://cryptomator.org/downloads)
- - [:fontawesome-brands-linux: Linux](https://cryptomator.org/downloads)
- - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.cryptomator.cryptomator)
- - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:fontawesome-brands-android: F-Droid repo](https://cryptomator.org/android)
- - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:fontawesome-brands-github: Source](https://github.com/cryptomator) It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Cryptomator** facilita o carregamento de ficheiros para a nuvem num sistema de ficheiros virtual encriptado. [Visite cryptomator.org](https://cryptomator.org){ .md-button .md-button--primary } [Política de Privacidade](https://cryptomator.org/privacy){ .md-button }
+
+**Downloads***
+- [:fontawesome-brands-windows: Windows](https://cryptomator.org/downloads)
+- [:fontawesome-brands-apple: macOS](https://cryptomator.org/downloads)
+- [:fontawesome-brands-linux: Linux](https://cryptomator.org/downloads)
+- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.cryptomator.cryptomator)
+- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:fontawesome-brands-android: F-Droid repo](https://cryptomator.org/android)
+- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:fontawesome-brands-github: Source](https://github.com/cryptomator) It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### Picocrypt
-!!! nota
- Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado.
+
- { align=right }
-
- **Picocrypt** é uma pequena e simples ferramenta de encriptação que fornece uma encriptação moderna. Picocrypt usa a cifra segura XChaCha20 e a função de derivação da chave Argon2id para proporcionar um alto nível de segurança.
-
- Ele usa os módulos x/crypto padrão da Go para suas funcionalidades de criptografia. [Visite github.com](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
-
- **Downloads***
- - [:fontawesome-brands-windows: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:fontawesome-brands-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:fontawesome-brands-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:fontawesome-brands-github: Source](https://github.com/HACKERALERT/Picocrypt)
+{ align=right }
+
+**Picocrypt** é uma pequena e simples ferramenta de encriptação que fornece uma encriptação moderna. Picocrypt usa a cifra segura XChaCha20 e a função de derivação da chave Argon2id para proporcionar um alto nível de segurança.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -102,102 +117,117 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! nota
- Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado.
+
- { align=right }
-
- **BitLocker** é a solução de encriptação de volume completo, em conjunto com o Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [Visite microsoft.com](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .md-button .md-button--primary }
+{ align=right }
+
+**BitLocker** é a solução de encriptação de volume completo, em conjunto com o Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[Visite microsoft.com](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .md-button .md-button--primary }
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. Também, FileVault deve ser habilitado **após** uma instalação macOS completa como mais gerador de números pseudorandomais ([PRNG](https://support.apple.com/guide/security/random-number-generation-seca0c73a75b/web)) [entropia](https://en.wikipedia.org/wiki/Entropy_(computing)) estará disponível.
+
+Enabling BitLocker on Windows Home
- Para habilitar o BitLocker nas edições "Home" do Windows, você deve ter partições formatadas com um módulo [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) e ter um [TPM](https://en.wikipedia.org/wiki/Trusted_Platform_Module) (v1.2, 2.0 ) dedicado. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powerhell Get-Disk 0 | findstr GPT && echo Este é um disco do sistema GPT!
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powerhell Get-Disk 0 | findstr GPT && echo Este é um disco do sistema GPT!
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Feche o prompt de comando, e entre no PowerShell:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! nota
- Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado.
+
- { align=right }
-
- **FileVault** é a solução de encriptação de volume on-the-fly integrada em macOS. FileVault é recomendado porque [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) recursos de segurança de hardware presentes em um SoC de silício Apple ou Chip de Segurança T2.
-
- [Visite support.apple.com](https://support.apple.com/en-us/HT204837){ .md-button .md-button--primary }
+{ align=right }
+
+**FileVault** é a solução de encriptação de volume on-the-fly integrada em macOS. FileVault é recomendado porque [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) recursos de segurança de hardware presentes em um SoC de silício Apple ou Chip de Segurança T2.
+
+[Visite support.apple.com](https://support.apple.com/en-us/HT204837){ .md-button .md-button--primary }
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Configuração da Chave Unificada Linux (LUKS)
-!!! nota
- Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado.
+
- { align=right }
-
- **LUKS*** é o método padrão de criptografia de disco completo para Linux. Ele pode ser usado para criptografar volumes completos, partições ou criar containers criptografados.
-
- [Visite gitlab.com](https://gitlab.com/cryptsetup/cryptsetup){ .md-button .md-button--primary }
+{ align=right }
-Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. example "Creating and opening encrypted containers"
+**LUKS*** é o método padrão de criptografia de disco completo para Linux. Ele pode ser usado para criptografar volumes completos, partições ou criar containers criptografados.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[Visite gitlab.com](https://gitlab.com/cryptsetup/cryptsetup){ .md-button .md-button--primary }
+
- #### Abrindo recipientes encriptados
- Recomendamos abrir recipientes e volumes com `udisksctl`, pois este utiliza [Polkit](https://en.wikipedia.org/wiki/Polkit). A maioria dos gestores de ficheiros, tais como os incluídos em ambientes de desktop populares, consegue desbloquear ficheiros encriptados. Ferramentas como [udiskie](https://github.com/coldfix/udiskie) podem ser executadas na bandeja do sistema e fornecer uma interface de usuário útil.
- ```
- udisksctl loop-setup -f /path-tofile
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- Recomendamos que você sempre [faça backup dos seus cabeçalhos LUKS](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) em caso de falha parcial da unidade. Isto pode ser feito com:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /device/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). A maioria dos gestores de ficheiros, tais como os incluídos em ambientes de desktop populares, consegue desbloquear ficheiros encriptados. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+Recomendamos que você sempre [faça backup dos seus cabeçalhos LUKS](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) em caso de falha parcial da unidade. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** é uma ferramenta de criptografia e assinatura de arquivos livre e de código aberto que faz uso de algoritmos criptográficos modernos e seguros. Pretende ser uma versão melhor de [age](https://github.com/FiloSottile/age) e [Minisign](https://jedisct1.github.io/minisign/) para fornecer uma alternativa simples e amigável ao GPG.
-
- [Visite kryptor.co.uk](https://www.kryptor.co.uk){ .md-button .md-button--primary } [Política de Privacidade](https://www.kryptor.co.uk/features#privacy){ .md-button }
-
- **Downloads***
- - [:fontawesome-brands-windows: Windows](https://www.kryptor.co.uk)
- - [:fontawesome-brands-apple: macOS](https://www.kryptor.co.uk)
- - [:fontawesome-brands-linux: Linux](https://www.kryptor.co.uk)
- - [:fontawesome-brands-github: Fonte](https://github.com/samuel-lucas6/Kryptor) downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** é uma ferramenta de criptografia e assinatura de arquivos livre e de código aberto que faz uso de algoritmos criptográficos modernos e seguros. Pretende ser uma versão melhor de [age](https://github.com/FiloSottile/age) e [Minisign](https://jedisct1.github.io/minisign/) para fornecer uma alternativa simples e amigável ao GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Túmulo
-!!! nota
- Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado.
+
- { align=right }
-
- **Tomb** é uma shell wrapper de linha de comando para LUKS. Ele suporta esteganografia através de [ferramentas de terceiros](https://github.com/dyne/Tomb#how-does-it-work).
-
- [Visite dyne.org](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
-
- **Downloads***
- - [:fontawesome-brands-github: Fonte](https://github.com/dyne/Tomb)
+{ align=right }
+
+**Tomb** é uma shell wrapper de linha de comando para LUKS. Ele suporta esteganografia através de [ferramentas de terceiros](https://github.com/dyne/Tomb#how-does-it-work).
+
+[Visite dyne.org](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+
+**Downloads***
+- [:fontawesome-brands-github: Fonte](https://github.com/dyne/Tomb)
+
+
+
+
## OpenPGP
@@ -244,105 +281,130 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- Quando [gerando chaves](https://www.gnupg.org/gph/en/manual/c14.html) sugerimos utilizar o comando `future-default`, pois isto instruirá o GnuPG a utilizar criptografia moderna como [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) e [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** é uma alternativa GPL-licenciada ao conjunto de software criptográfico PGP. GnuPG está em conformidade com [RFC 4880](https://tools.ietf.org/html/rfc4880), que é a especificação atual da IETF do OpenPGP. O projeto GnuPG tem trabalhado em um [rascunho atualizado](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) numa tentativa de modernizar o OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [Visite gnupg.org](https://gnupg.org){ .md-button .md-button--primary } [Política de Privacidade](https://gnupg.org/privacy-policy.html){ .md-button }
-
- **Downloads***
- - [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
- - [:fontawesome-brands-apple: macOS](https://gpgtools.org)
- - [:fontawesome-brands-linux: Linux](https://gnupg.org/download/index.html#binary)
- - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:fontawesome-brands-git: Fonte](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git) downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** é uma alternativa GPL-licenciada ao conjunto de software criptográfico PGP. GnuPG está em conformidade com [RFC 4880](https://tools.ietf.org/html/rfc4880), que é a especificação atual da IETF do OpenPGP. O projeto GnuPG tem trabalhado em um [rascunho atualizado](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) numa tentativa de modernizar o OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! nota
- Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado.
+
- { align=right }
-
- **GPG4win** é um pacote para Windows da [Intevation and g10 Code](https://gpg4win.org/impressum.html). Inclui [várias ferramentas](https://gpg4win.org/about.html) que auxiliam os usuários do PGP no Microsoft Windows. O projeto foi iniciado e originalmente [financiado por](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) pelo Escritório Federal de Segurança da Informação (BSI) da Alemanha em 2005.
-
- [Visite gpg4win.org](https://gpg4win.org){ .md-button .md-button--primary } [Política de Privacidade](https://gpg4win.org/privacy-policy.html){ .md-button }
-
- **Downloads***
- - [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
- - [:fontawesome-brands-git: Fonte](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary) downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** é um pacote para Windows da [Intevation and g10 Code](https://gpg4win.org/impressum.html). Inclui [várias ferramentas](https://gpg4win.org/about.html) que auxiliam os usuários do PGP no Microsoft Windows. O projeto foi iniciado e originalmente [financiado por](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) pelo Escritório Federal de Segurança da Informação (BSI) da Alemanha em 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### Suíte GPG
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! nota
- Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado.
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! nota
- Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado.
+
- { align=right }
-
- **OpenKeychain** é uma implementação Android do GnuPG. É normalmente exigido por clientes de e-mail como [K-9 Mail](/email-clients/#k-9-mail) e [FairEmail](/email-clients/#fairemail) e outros aplicativos Android para fornecer suporte à criptografia. Cure53 concluiu uma [auditoria de segurança](https://www.openkeychain.org/openkeychain-3-6) da OpenKeychain 3.6 em outubro de 2015. Detalhes técnicos sobre a auditoria e as soluções OpenKeychain podem ser encontrados [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [Visite openkeychain.org](https://www.openkeychain.org){ .md-button .md-button--primary } [Política de Privacidade](https://www.openkeychain.org/help/privacy-policy){ .md-button }
-
- **Downloads***
- - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.sufficientlysecure.keychain/)
- - [:fontawesome-brands-git: Source](https://github.com/open-keychain/open-keychain) downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** é uma implementação Android do GnuPG. É normalmente exigido por clientes de e-mail como [K-9 Mail](/email-clients/#k-9-mail) e [FairEmail](/email-clients/#fairemail) e outros aplicativos Android para fornecer suporte à criptografia. Cure53 concluiu uma [auditoria de segurança](https://www.openkeychain.org/openkeychain-3-6) da OpenKeychain 3.6 em outubro de 2015. Detalhes técnicos sobre a auditoria e as soluções OpenKeychain podem ser encontrados [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Framadate
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! Considere o auto-hospedagem para mitigar esta ameaça.
+
+
This section is new
- { align=right }
-
- **PrivateBin** é um pastebin online minimalista e de código aberto onde o servidor tem zero conhecimento de dados colados. Os dados são criptografados/descriptografados no navegador usando AES de 256 bits. Psono suporta compartilhamento seguro de senhas, arquivos, marcadores e e-mails.
+{ align=right }
+
+**PrivateBin** é um pastebin online minimalista e de código aberto onde o servidor tem zero conhecimento de dados colados. Os dados são criptografados/descriptografados no navegador usando AES de 256 bits. Psono suporta compartilhamento seguro de senhas, arquivos, marcadores e e-mails.
+
+
- { align=right }
-
- **Cryptomator** - это программа для шифрования, разработанная для приватного хранения файлов в любом облачном хранилище. Программа может создавать хранилища в виртуальном диске, содержимое которых зашифровано и синхронизировано с твоим облачным хранилищем.
-
- [:octicons-home-16: Домашняя страница](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Политика конфиденциальности" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Документация}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Исходный код" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Поддержать }
-
- ??? downloads "Скачать"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** - это программа для шифрования, разработанная для приватного хранения файлов в любом облачном хранилище. Программа может создавать хранилища в виртуальном диске, содержимое которых зашифровано и синхронизировано с твоим облачным хранилищем.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator использует шифрование AES-256 для шифрования как файлов, так и их имён. Cryptomator не может зашифровать метаданные, такие как: время создания, изменения и доступа к файлу, количество и размер файлов и папок.
@@ -44,41 +49,51 @@ Cure53 провёл [аудит](https://community.cryptomator.org/t/has-there-b
### Picocrypt (Файлы)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** - это маленькая и простая программа, предоставляющая современное шифрование. Picocrypt использует безопасный шифр XChaCha20 и функцию формирования ключа Argon2id для обеспечения высокого уровня безопасности. Для функций шифрования он использует стандартные модули Go x/crypto.
-
- [:octicons-repo-16: Репозиторий](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Исходный код" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Поддержать }
-
- ??? downloads "Скачать"
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** - это маленькая и простая программа, предоставляющая современное шифрование. Picocrypt использует безопасный шифр XChaCha20 и функцию формирования ключа Argon2id для обеспечения высокого уровня безопасности. Для функций шифрования он использует стандартные модули Go x/crypto.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Диск)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** - это свободно распространяемая утилита с исходным кодом, используемая для шифрования "на лету". Программа может создавать виртуальный зашифрованный диск в файле, зашифровать логический раздел или даже зашифровать все устройство с предзагрузочной аутентификацией.
-
- [:octicons-home-16: Домашняя страница](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Документация}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Исходный код" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Поддержать }
-
- ??? downloads "Скачать"
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** - это свободно распространяемая утилита с исходным кодом, используемая для шифрования "на лету". Программа может создавать виртуальный зашифрованный диск в файле, зашифровать логический раздел или даже зашифровать все устройство с предзагрузочной аутентификацией.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt - это форк, прекратившего свое существование, проекта TrueCrypt. По словам разработчиков, были реализованы улучшения безопасности и решены проблемы, найденные в ходе первоначального аудита кода TrueCrypt.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** - решение для полного шифрования диска в Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Документация}
+{ align=right }
+
+**BitLocker** - решение для полного шифрования диска в Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Документация}
+
+
+
+
BitLocker [поддерживается только](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) в Pro, Enterprise и Education версиях Windows. Эту функцию можно включить и в Home версии при соответствии условиям.
-??? example "Включение BitLocker на Windows Home"
+
+Enabling BitLocker on Windows Home
- Чтобы включить BitLocker в "Домашних" редакциях Windows, необходимо, чтобы разделы были отформатированы с помощью [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) и имели выделенный модуль TPM (v1.2, 2.0+). You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Откройте командную строку и проверьте формат таблицы разделов диска с помощью следующей команды. Вы должны увидеть "**GPT**" в разделе "Стиль раздела":
+1. Откройте командную строку и проверьте формат таблицы разделов диска с помощью следующей команды. Вы должны увидеть "**GPT**" в разделе "Стиль раздела":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Выполните эту команду (в командной строке от имени администратора), чтобы проверить версию вашего TPM. Вы должны увидеть `2.0` или `1.2`, перечисленные рядом с `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Выполните эту команду (в командной строке от имени администратора), чтобы проверить версию вашего TPM. Вы должны увидеть `2.0` или `1.2`, перечисленные рядом с `SpecVersion`:
+3. Откройте [дополнительные параметры запуска](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). Необходимо перезагрузиться, нажав клавишу F8 до запуска Windows, и перейти в *командную строку* в разделе **Устранение неполадок** → **Дополнительные параметры** → **Командная строка**.
+4. Войдите под учетной записью администратора и введите следующее для запуска шифрования:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Закройте командную строку и продолжите обычную загрузку в Windows.
+6. Откройте командную строку от имени администратора и выполните следующие команды:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Откройте [дополнительные параметры запуска](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). Необходимо перезагрузиться, нажав клавишу F8 до запуска Windows, и перейти в *командную строку* в разделе **Устранение неполадок** → **Дополнительные параметры** → **Командная строка**.
+
+
Tip
- 4. Войдите под учетной записью администратора и введите следующее для запуска шифрования:
+ Создайте резервную копию файла `BitLocker-Recovery-Key.txt` с рабочего стола на отдельном устройстве хранения данных. Потеря этого кода восстановления может привести к потере данных.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** - это решение для шифрования томов "на лету", встроенное в macOS. FileVault рекомендуется, поскольку он [использует](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) аппаратные возможности безопасности, представленные в SoC процессорах Apple или чипе безопасности T2.
-
- [:octicons-info-16:](https://support.apple.com/ru-ru/guide/mac-help/mh11785/mac){ .card-link title=Документация}
+{ align=right }
+
+**FileVault** - это решение для шифрования томов "на лету", встроенное в macOS. FileVault рекомендуется, поскольку он [использует](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) аппаратные возможности безопасности, представленные в SoC процессорах Apple или чипе безопасности T2.
+
+[:octicons-info-16:](https://support.apple.com/ru-ru/guide/mac-help/mh11785/mac){ .card-link title=Документация}
+
+
+
+
Мы рекомендуем хранить локальный ключ восстановления в надежном месте, а не использовать для восстановления учетную запись iCloud.
### Linux Unified Key Setup (LUKS)
-!!! recommendation
+
- { align=right }
-
- **LUKS** - это стандартный метод FDE для Linux. Его можно использовать для шифрования полных томов, разделов или создания зашифрованных контейнеров.
-
- [:octicons-home-16: Домашняя страница](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Документация}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Исходный код" }
+{ align=right }
-??? example "Создание и открытие зашифрованного контейнера"
+**LUKS** - это стандартный метод FDE для Linux. Его можно использовать для шифрования полных томов, разделов или создания зашифрованных контейнеров.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Домашняя страница](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Документация}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Исходный код" }
+
- #### Открытие зашифрованных контейнеров
- Мы рекомендуем открывать контейнеры и тома с помощью `udisksctl`, так как при этом используется [Polkit](https://en.wikipedia.org/wiki/Polkit). Большинство файловых менеджеров, например, входящих в состав популярных настольных сред, могут разблокировать зашифрованные файлы. Такие инструменты, как [udiskie](https://github.com/coldfix/udiskie), могут запускаться в системном трее и предоставлять полезный пользовательский интерфейс.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Не забывайте создавать резервные копии заголовков томов"
+
+Creating and opening encrypted containers
- Мы рекомендуем всегда [создавать резервные копии заголовков LUKS](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) на случай частичного отказа диска. Это можно сделать с помощью:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Большинство файловых менеджеров, например, входящих в состав популярных настольных сред, могут разблокировать зашифрованные файлы. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+Мы рекомендуем всегда [создавать резервные копии заголовков LUKS](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) на случай частичного отказа диска. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** - это бесплатный инструмент для шифрования и подписи файлов с открытым исходным кодом, использующий современные и безопасные криптографические алгоритмы. Его цель - стать улучшенной версией [age](https://github.com/FiloSottile/age) и [Minisign](https://jedisct1.github.io/minisign/), чтобы обеспечить простую, удобную для пользователя альтернативу GPG.
-
- [:octicons-home-16: Домашняя страница](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Политика конфиденциальности" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Документация}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Исходный код" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Поддержать }
-
- ??? downloads "Скачать"
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** - это бесплатный инструмент для шифрования и подписи файлов с открытым исходным кодом, использующий современные и безопасные криптографические алгоритмы. Его цель - стать улучшенной версией [age](https://github.com/FiloSottile/age) и [Minisign](https://jedisct1.github.io/minisign/), чтобы обеспечить простую, удобную для пользователя альтернативу GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** - это оболочка командной строки для LUKS. Он поддерживает стеганографию с помощью [сторонних инструментов](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Домашняя страница](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Документация}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Исходный код" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Поддержать}
+{ align=right }
+
+**Tomb** - это оболочка командной строки для LUKS. Он поддерживает стеганографию с помощью [сторонних инструментов](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Домашняя страница](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Документация}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Исходный код" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Поддержать}
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP иногда необходим для решения специфиче
При шифровании с помощью PGP у вас есть возможность настроить различные параметры в файле `gpg.conf`. Мы рекомендуем придерживаться стандартных опций, указанных в [FAQ пользователя GnuPG](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Используйте future defaults при генерации ключа"
+
+
Use future defaults when generating a key
- При [генерации ключей](https://www.gnupg.org/gph/en/manual/c14.html) мы рекомендуем использовать команду `future-default`, так как это позволит GnuPG использовать современную криптографию, такую как [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) и [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** - это GPL-альтернатива криптографическому пакету PGP. GnuPG совместим с [RFC 4880](https://tools.ietf.org/html/rfc4880), который является текущей спецификацией IETF для OpenPGP. Проект GnuPG работает над [обновленным проектом](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) в попытке улучшить OpenPGP. GnuPG является частью фонда свободного программного обеспечения GNU и получил крупное [финансирование](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) от правительства Германии.
-
- [:octicons-home-16: Домашняя страница](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Политика конфиденциальности" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Документация}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Исходный код" }
-
- ??? downloads "Скачать"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** - это GPL-альтернатива криптографическому пакету PGP. GnuPG совместим с [RFC 4880](https://tools.ietf.org/html/rfc4880), который является текущей спецификацией IETF для OpenPGP. Проект GnuPG работает над [обновленным проектом](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) в попытке улучшить OpenPGP. GnuPG является частью фонда свободного программного обеспечения GNU и получил крупное [финансирование](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) от правительства Германии.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** - это пакет для Windows от [Intevation и g10 Code](https://gpg4win.org/impressum.html). Он включает в себя [различные инструменты](https://gpg4win.org/about.html), которые могут помочь вам в использовании GPG в Microsoft Windows. Проект был инициирован и первоначально [финансировался](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) федеральным управлением по информационной безопасности Германии (BSI) в 2005 году.
-
- [:octicons-home-16: Домашняя страница](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Политика конфиденциальности" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Документация}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Исходный код" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Поддержать }
-
- ??? downloads "Скачать"
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** - это пакет для Windows от [Intevation и g10 Code](https://gpg4win.org/impressum.html). Он включает в себя [различные инструменты](https://gpg4win.org/about.html), которые могут помочь вам в использовании GPG в Microsoft Windows. Проект был инициирован и первоначально [финансировался](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) федеральным управлением по информационной безопасности Германии (BSI) в 2005 году.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note "Примечание"
+
+
Note
- Мы рекомендуем [Canary Mail](email-clients/#canary-mail) для использования PGP с электронной почтой на устройствах с iOS.
+Мы рекомендуем [Canary Mail](email-clients/#canary-mail) для использования PGP с электронной почтой на устройствах с iOS.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** обеспечивает поддержку OpenPGP для [Apple Mail](email-clients.md#apple-mail) и macOS.
+
+Мы рекомендуем ознакомиться с их [первыми шагами](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) и [базой знаний](https://gpgtools.tenderapp.com/kb) для получения поддержки.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** - это Android-реализация GnuPG. Он обычно требуется почтовым клиентам, таким как [K-9 Mail](email-clients.md#k-9-mail) и [FairEmail](email-clients.md#fairemail), а также другим приложениям для Android для обеспечения поддержки шифрования. Компания Cure53 завершила [аудит безопасности](https://www.openkeychain.org/openkeychain-3-6) OpenKeychain 3.6 в октябре 2015 года. Технические подробности об аудите и решениях OpenKeychain можно найти на сайте [здесь](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Домашняя страница](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Политика конфиденциальности" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Документация}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Исходный код" }
-
- ??? downloads "Скачать"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** - это Android-реализация GnuPG. Он обычно требуется почтовым клиентам, таким как [K-9 Mail](email-clients.md#k-9-mail) и [FairEmail](email-clients.md#fairemail), а также другим приложениям для Android для обеспечения поддержки шифрования. Компания Cure53 завершила [аудит безопасности](https://www.openkeychain.org/openkeychain-3-6) OpenKeychain 3.6 в октябре 2015 года. Технические подробности об аудите и решениях OpenKeychain можно найти на сайте [здесь](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Критерии
**Обрати внимание, что у нас нет связей ни с одним проектом, который мы рекомендуем.** В дополнение к [нашим стандартным критериям](about/criteria.md) мы разработали четкий набор требований, позволяющий давать объективные рекомендации. Перед тем, как вы решите выбрать какой-либо проект, мы рекомендуем вам ознакомиться со списком критериев и провести собственное исследование, чтобы убедиться в правильности своего выбора.
-!!! example "Это новый раздел"
+
+
This section is new
- Мы всё еще работаем над установлением критериев для каждого раздела нашего сайта, поэтому они могут поменяться в будущем. Если у вас есть вопросы по поводу наших критериев, пожалуйста, [задавайте их на нашем форуме](https://discuss.privacyguides.net/latest). Если какой-то критерий здесь не указан, это не значит, что мы его не учли. Перед тем, как рекомендовать какой-либо проект мы учитываем и обсуждаем множество факторов. Документирование этих факторов ещё не завершено.
+Мы всё еще работаем над установлением критериев для каждого раздела нашего сайта, поэтому они могут поменяться в будущем. Если у вас есть вопросы по поводу наших критериев, пожалуйста, [задавайте их на нашем форуме](https://discuss.privacyguides.net/latest). Если какой-то критерий здесь не указан, это не значит, что мы его не учли. Перед тем, как рекомендовать какой-либо проект мы учитываем и обсуждаем множество факторов. Документирование этих факторов ещё не завершено.
+
+
- { align=right }
-
- **Cryptomator** är en krypteringslösning som är utformad för privat lagring av filer till alla molnleverantörer. Det låter dig skapa valv som lagras på en virtuell enhet, vars innehåll krypteras och synkroniseras med din molnlagringsleverantör.
-
- [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Dokumentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Källkod" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? nedladdningar
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** är en krypteringslösning som är utformad för privat lagring av filer till alla molnleverantörer. Det låter dig skapa valv som lagras på en virtuell enhet, vars innehåll krypteras och synkroniseras med din molnlagringsleverantör.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator använder AES-256-kryptering för att kryptera både filer och filnamn. Cryptomator kan inte kryptera metadata som åtkomst, ändring och skapande tidsstämplar, eller antalet och storleken på filer och mappar.
@@ -44,39 +49,51 @@ I Cryptomators dokumentation beskrivs närmare det avsedda [säkerhetsmålet](ht
### Picocrypt (Fil)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** är ett litet och enkelt krypteringsverktyg som tillhandahåller modern kryptering. Picocrypt använder den säkra XChaCha20-chiffern och Argon2id-nyckelderivatfunktionen för att ge en hög säkerhetsnivå. Det använder Go standard x/crypto moduler för sina krypteringsfunktioner.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? nedladdningar
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** är ett litet och enkelt krypteringsverktyg som tillhandahåller modern kryptering. Picocrypt använder den säkra XChaCha20-chiffern och Argon2id-nyckelderivatfunktionen för att ge en hög säkerhetsnivå. Det använder Go standard x/crypto moduler för sina krypteringsfunktioner.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (disk)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** är ett källkod-tillgängligt freeware-verktyg som används för on-the-fly kryptering. Det kan skapa en virtuell krypterad disk i en fil, kryptera en partition eller kryptera hela lagringsenheten med autentisering före start.
-
- [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
- [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute??? nedladdningar
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** är ett källkod-tillgängligt freeware-verktyg som används för on-the-fly kryptering. Det kan skapa en virtuell krypterad disk i en fil, kryptera en partition eller kryptera hela lagringsenheten med autentisering före start.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt är en gaffel i det nedlagda TrueCrypt-projektet. Enligt utvecklarna har säkerhetsförbättringar genomförts och problem som togs upp vid den första TrueCrypt-kodgranskningen har åtgärdats.
@@ -90,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** är den lösning för fullständig volymkryptering som ingår i Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** är den lösning för fullständig volymkryptering som ingår i Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker stöds endast av [](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) i Windows utgåvorna Pro, Enterprise och Education. Den kan aktiveras i Home-utgåvorna om de uppfyller förutsättningarna.
-??? exempel "Aktivering av BitLocker på Windows Home"
+
+Enabling BitLocker on Windows Home
- För att aktivera BitLocker i Windows Home-utgåvor måste du ha partitioner som är formaterade med en [GUID Partition Table] (https://en.wikipedia.org/wiki/GUID_Partition_Table) och ha en dedikerad TPM-modul (v1.2, 2.0+). You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Öppna en kommandotolk och kontrollera enhetens partitionstabellformat med följande kommando. Du bör se "**GPT**" listad under "Partition Style":
+1. Öppna en kommandotolk och kontrollera enhetens partitionstabellformat med följande kommando. Du bör se "**GPT**" listad under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Kör det här kommandot (i en administratörskommandotolk) för att kontrollera din TPM-version. Du bör se `2.0` eller `1.2` bredvid `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Kör det här kommandot (i en administratörskommandotolk) för att kontrollera din TPM-version. Du bör se `2.0` eller `1.2` bredvid `SpecVersion`:
+3. Access [Avancerade startalternativ](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). Du måste starta om och samtidigt trycka på F8-tangenten innan Windows startar och gå in i kommandotolken ** i **Felsökning** → **Avancerade alternativ** → **Kommandotolk**.
+4. Logga in med ditt administratörskonto och skriv detta i kommandotolken för att starta kryptering:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Stäng kommandotolken och fortsätt att starta upp till vanligt Windows.
+6. Öppna en administratörskommandotolk och kör följande kommandon:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Avancerade startalternativ](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). Du måste starta om och samtidigt trycka på F8-tangenten innan Windows startar och gå in i kommandotolken ** i **Felsökning** → **Avancerade alternativ** → **Kommandotolk**.
+
+
Tip
- 4. Logga in med ditt administratörskonto och skriv detta i kommandotolken för att starta kryptering:
+Säkerhetskopiera `BitLocker-Recovery-Key.txt` på skrivbordet till en separat lagringsenhet. Förlust av denna återställningskod kan leda till förlust av data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** är en lösning för volymkryptering i farten som är inbyggd i macOS. FileVault rekommenderas eftersom det finns [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) maskinvarusäkerhetsfunktioner på ett Apple Silicon SoC- eller T2-säkerhetschip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** är en lösning för volymkryptering i farten som är inbyggd i macOS. FileVault rekommenderas eftersom det finns [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) maskinvarusäkerhetsfunktioner på ett Apple Silicon SoC- eller T2-säkerhetschip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
Vi rekommenderar att du lagrar en lokal återställningsnyckel på en säker plats i stället för att använda ditt iCloud-konto för återställning.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** är standardmetoden för FDE för Linux. Den kan användas för att kryptera hela volymer, partitioner eller skapa krypterade behållare.
-
- [:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" }
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup){ .card-link title=Contribute }
+{ align=right }
-??? exempel "Skapa och öppna krypterade behållare"
+**LUKS** är standardmetoden för FDE för Linux. Den kan användas för att kryptera hela volymer, partitioner eller skapa krypterade behållare.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" }
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup){ .card-link title=Contribute }
+
- #### Öppna krypterade behållare
- Vi rekommenderar att du öppnar behållare och volymer med `udisksctl` eftersom detta använder [Polkit](https://en.wikipedia.org/wiki/Polkit). De flesta filhanterare, t. ex. de som ingår i populära skrivbordsmiljöer, kan låsa upp krypterade filer. Verktyg som [udiskie](https://github.com/coldfix/udiskie) kan köras i systemfältet och ge ett användbart användargränssnitt.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl låsa upp -b /dev/loop0
- ```
+
-!!! note "Kom ihåg att säkerhetskopiera volymrubriker"
+
+Creating and opening encrypted containers
- Vi rekommenderar att du alltid [säkerhetskopierar dina LUKS-rubriker] (https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) om en del av enheten skulle gå sönder. Detta kan göras genom att:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). De flesta filhanterare, t. ex. de som ingår i populära skrivbordsmiljöer, kan låsa upp krypterade filer. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+Vi rekommenderar att du alltid [säkerhetskopierar dina LUKS-rubriker] (https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) om en del av enheten skulle gå sönder. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- ** Kryptor** är ett gratis och öppet källkodsverktyg för filkryptering och signering som använder moderna och säkra kryptografiska algoritmer. Det syftar till att vara en bättre version av [age](https://github.com/FiloSottile/age) och [Minisign](https://jedisct1.github.io/minisign/) för att ge ett enkelt, enklare alternativ till GPG.
-
- [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial/){ .card-link title=Dokumentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Källkod" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate/){ .card-link title=Contribute }
-
- ??? nedladdningar
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+** Kryptor** är ett gratis och öppet källkodsverktyg för filkryptering och signering som använder moderna och säkra kryptografiska algoritmer. Det syftar till att vara en bättre version av [age](https://github.com/FiloSottile/age) och [Minisign](https://jedisct1.github.io/minisign/) för att ge ett enkelt, enklare alternativ till GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- * * Tomb * * är ett kommandoradsskal för LUKS. Den stöder steganografi via [verktyg från tredje part] (https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
- [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+* * Tomb * * är ett kommandoradsskal för LUKS. Den stöder steganografi via [verktyg från tredje part] (https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
+[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -228,99 +273,128 @@ OpenPGP behövs ibland för specifika uppgifter som digital signering och krypte
Vid kryptering med PGP har du möjlighet att konfigurera olika alternativ i din `gpg.conf` -fil. Vi rekommenderar att du använder de standardalternativ som anges i [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tips "Använd framtida standardvärden när du skapar en nyckel"
+
+
Use future defaults when generating a key
- När du [genererar nycklar] (https://www.gnupg.org/gph/en/manual/c14.html) föreslår vi att du använder kommandot `future-default`, eftersom detta kommer att instruera GnuPG att använda modern kryptografi som [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) och [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG * * är ett GPL-licensierat alternativ till PGP-paketet med kryptografisk programvara. GnuPG är kompatibel med [RFC 4880](https://tools.ietf.org/html/rfc4880), som är den aktuella IETF-specifikationen för OpenPGP. GnuPG-projektet har arbetat med ett [uppdaterat utkast](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) i ett försök att modernisera OpenPGP. GnuPG är en del av Free Software Foundations GNU-programvaruprojekt och har fått stora [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) från den tyska regeringen.
-
- [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary }
-
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html/){ .card-link title=Dokumentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Källkod" }
- [](/){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) - [:simple-windows11: App Store](download.html)
- - [:simple-apple: Android]()
- - [:simple-linux: Windows]()
- - [ macOS]()
- - [ Linux]()
- - [ Flathub)
+{ align=right }
+
+**GnuPG * * är ett GPL-licensierat alternativ till PGP-paketet med kryptografisk programvara. GnuPG är kompatibel med [RFC 4880](https://tools.ietf.org/html/rfc4880), som är den aktuella IETF-specifikationen för OpenPGP. GnuPG-projektet har arbetat med ett [uppdaterat utkast](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) i ett försök att modernisera OpenPGP. GnuPG är en del av Free Software Foundations GNU-programvaruprojekt och har fått stora [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) från den tyska regeringen.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** är ett paket för Windows från [Intevation and g10 Code] (https://gpg4win.org/impressum.html). Den innehåller [olika verktyg] (https://gpg4win.org/about.html) som kan hjälpa dig att använda GPG i Microsoft Windows. Projektet initierades och finansierades ursprungligen [av](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Tysklands federala kontor för informationssäkerhet (BSI) 2005.
-
- [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](documentation.html/){ .card-link title=Dokumentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Källkod" }
- [:octicons-heart-16:](donate.html/){ .card-link title=Contribute }
-
- ??? nedladdningar
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** är ett paket för Windows från [Intevation and g10 Code] (https://gpg4win.org/impressum.html). Den innehåller [olika verktyg] (https://gpg4win.org/about.html) som kan hjälpa dig att använda GPG i Microsoft Windows. Projektet initierades och finansierades ursprungligen [av](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Tysklands federala kontor för informationssäkerhet (BSI) 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! anmärkning
+
+
Note
- Vi rekommenderar [Canary Mail](email-clients.md#canary-mail) för att använda PGP med e-post på iOS-enheter.
+Vi rekommenderar [Canary Mail](email-clients.md#canary-mail) för att använda PGP med e-post på iOS-enheter.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** ger OpenPGP-stöd för [Apple Mail](email-clients.md#apple-mail) och macOS.
+
+Vi rekommenderar att du tar en titt på deras [First steps] (https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) och [Knowledge base] (https://gpgtools.tenderapp.com/kb) för stöd.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** är en Android-implementering av GnuPG. Det krävs vanligtvis av e-postklienter som [K-9 Mail](email-clients.md#k-9-mail) och [FairEmail](email-clients.md#fairemail) och andra Android-appar för att ge krypteringsstöd. Cure53 genomförde en [säkerhetsrevision] (https://www.openkeychain.org/openkeychain-3-6) av OpenKeychain 3.6 i oktober 2015. Tekniska detaljer om granskningen och OpenKeychains lösningar finns på [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary }
-
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Dokumentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Källkod" }
- [](/){ .card-link title=Contribute??? nedladdningar
-
- - [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** är en Android-implementering av GnuPG. Det krävs vanligtvis av e-postklienter som [K-9 Mail](email-clients.md#k-9-mail) och [FairEmail](email-clients.md#fairemail) och andra Android-appar för att ge krypteringsstöd. Cure53 genomförde en [säkerhetsrevision] (https://www.openkeychain.org/openkeychain-3-6) av OpenKeychain 3.6 i oktober 2015. Tekniska detaljer om granskningen och OpenKeychains lösningar finns på [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Kriterier
**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig.
-!!! exempel "Det här avsnittet är nytt"
+
+
This section is new
- Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete.
+Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! öneri
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! öneri
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! öneri
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! öneri
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! öneri
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! öneri
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! öneri
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! öneri
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! öneri
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! рекомендації
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! рекомендації
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! рекомендації
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! рекомендації
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! рекомендації
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! рекомендації
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! рекомендації
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! рекомендації
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! рекомендації
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
-
- [Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
-
- ??? tải xuống
-
- - [:fontawesome-brands-windows: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:fontawesome-brands-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:fontawesome-brands-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
- - [:fontawesome-brands-git: Mã nguồn](https://www.veracrypt.fr/code)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@@ -37,52 +49,62 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! khuyến nghị
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. [Homepage](https://cryptomator.org){ .md-button .md-button--primary } [Chính Sách Bảo Mật](https://cryptomator.org/privacy){ .md-button }
-
- ??? tải xuống
-
- - [:fontawesome-brands-windows: Windows](https://cryptomator.org/downloads)
- - [:fontawesome-brands-apple: macOS](https://cryptomator.org/downloads)
- - [:fontawesome-brands-linux: Linux](https://cryptomator.org/downloads)
- - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
- - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:fontawesome-brands-android: F-Droid repo](https://cryptomator.org/android)
- - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:fontawesome-brands-github: Mã nguồn](https://github.com/cryptomator)
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. [Homepage](https://cryptomator.org){ .md-button .md-button--primary } [Chính Sách Bảo Mật](https://cryptomator.org/privacy){ .md-button }
+
+??? tải xuống
+
+ - [:fontawesome-brands-windows: Windows](https://cryptomator.org/downloads)
+ - [:fontawesome-brands-apple: macOS](https://cryptomator.org/downloads)
+ - [:fontawesome-brands-linux: Linux](https://cryptomator.org/downloads)
+ - [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+ - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+ - [:fontawesome-brands-android: F-Droid repo](https://cryptomator.org/android)
+ - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+ - [:fontawesome-brands-github: Mã nguồn](https://github.com/cryptomator)
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (Disk)
-!!! khuyến nghị
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -96,100 +118,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! khuyến nghị
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! khuyến nghị
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! khuyến nghị
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary } [Chính Sách Bảo Mật](https://www.kryptor.co.uk/features#privacy){ .md-button }
-
- ??? tải xuống
-
- - [:fontawesome-brands-windows: Windows](https://www.kryptor.co.uk)
- - [:fontawesome-brands-apple: macOS](https://www.kryptor.co.uk)
- - [:fontawesome-brands-linux: Linux](https://www.kryptor.co.uk)
- - [:fontawesome-brands-github: Mã nguồn](https://github.com/samuel-lucas6/Kryptor)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! khuyến nghị
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
-
- ???
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+
+???
+
+
+
+
## OpenPGP
@@ -230,99 +283,133 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [Homepage](https://gnupg.org){ .md-button .md-button--primary } [Chính Sách Bảo Mật](https://gnupg.org/privacy-policy.html){ .md-button }
-
- ??? tải xuống
-
- - [:fontawesome-brands-windows: Windows](https://gnupg.org/download.html)
- - [:fontawesome-brands-apple: macOS](https://gpgtools.org)
- - [:fontawesome-brands-linux: Linux](https://gnupg.org/download/index.html#binary)
- - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:fontawesome-brands-git: Mã nguồn](https://git.gnupgi-bin/gitweb.cgi?p=gnupg.git)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! khuyến nghị
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [Homepage](https://gpg4win.org){ .md-button .md-button--primary } [Chính Sách Bảo Mật](https://gpg4win.org/privacy-policy.html){ .md-button }
-
- ??? tải xuống
-
- - [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
- - [:fontawesome-brands-git: Mã nguồn](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! khuyến nghị
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! khuyến nghị
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [Homepage](https://www.openkeychain.org){ .md-button .md-button--primary } [Chính Sách Bảo Mật](https://www.openkeychain.org/help/privacy-policy){ .md-button }
-
- ??? tải xuống
-
- - [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.sufficientlysecure.keychain/)
- - [:fontawesome-brands-git: Mã nguồn](https://github.com/open-keychain/open-keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Framadate
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! cảnh báo
- PrivateBin sử dụng JavaScript để xử lý mã hóa, vì vậy bạn phải tin tưởng nhà cung cấp ở mức độ họ không đưa bất kỳ JavaScript độc hại nào vào để lấy khóa cá nhân của bạn.
+
+
This section is new
- { align=right }
-
- **PrivateBin** là một pastebin trực tuyến mã nguồn mở, tối giản, nơi máy chủ không có kiến thức về dữ liệu đã dán. Dữ liệu được mã hóa/giải mã trong trình duyệt bằng 256-bit AES. tải xuống
-
- - [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/vaultwarden/server)
- - [:fontawesome-brands-github: Mã nguồn](https://github.com/dani-garcia/vaultwarden)
+{ align=right }
+
+**PrivateBin** là một pastebin trực tuyến mã nguồn mở, tối giản, nơi máy chủ không có kiến thức về dữ liệu đã dán. Dữ liệu được mã hóa/giải mã trong trình duyệt bằng 256-bit AES. tải xuống
+
+ - [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/vaultwarden/server)
+ - [:fontawesome-brands-github: Mã nguồn](https://github.com/dani-garcia/vaultwarden)
+
+
- { align=right }
-
- **Cryptomator** 是一種加密解決方案,專為將檔案私密保存到任何雲端提供商而設計。 它允許您創建存儲在虛擬驅動器上的保管庫,其內容已加密並與雲端儲存供應商同步。
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads "下載"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** 是一種加密解決方案,專為將檔案私密保存到任何雲端提供商而設計。 它允許您創建存儲在虛擬驅動器上的保管庫,其內容已加密並與雲端儲存供應商同步。
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator 使用 AES-256 加密來加密檔案和檔案名稱。 Cryptomator 無法加密中繼資料,例如存取、修改和創建時間戳記,也無法加密檔案和資料夾的數量和大小。
@@ -44,41 +49,51 @@ Cryptomator 詳細介紹了其預期的 [安全目標](https://docs.cryptomator
### Picocrypt (檔案)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** 是一個小而簡單的加密工具,提供現代加密。 Picocrypt 使用安全的 XChaCha20 密碼和 Argon2id 密鑰派生功能來提供高級別的安全性。 它使用 Go 標準x/crypto 模塊作為其加密功能。
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads "下載"
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** 是一個小而簡單的加密工具,提供現代加密。 Picocrypt 使用安全的 XChaCha20 密碼和 Argon2id 密鑰派生功能來提供高級別的安全性。 它使用 Go 標準x/crypto 模塊作為其加密功能。
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (磁碟)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** 是一個開源的免費軟件實用程式,用於即時加密。 它可以在檔案中建立虛擬加密磁碟、加密分割區,或透過預先啟動驗證來加密整個儲存裝置。
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads "下載"
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** 是一個開源的免費軟件實用程式,用於即時加密。 它可以在檔案中建立虛擬加密磁碟、加密分割區,或透過預先啟動驗證來加密整個儲存裝置。
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt是已停產的 TrueCrypt 項目的分支。 根據其開發人員的說法,已經實施了安全性改進,並解決了最初的TrueCrypt 代碼審計提出的問題。
@@ -95,81 +110,85 @@ VeraCrypt< /a> ,因為它們提供了額外的靈活性避免供應商鎖定
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** 是 Microsoft Windows 捆綁的全磁區加密解決方案。 我們推薦利用它加密開機設備,因為其[使用 TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). 鑑證公司 ElcomSoft 曾撰寫過此功能的相關介紹 [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
-
+{ align=right }
+
+**BitLocker** 是 Microsoft Windows 捆綁的全磁區加密解決方案。 我們推薦利用它加密開機設備,因為其[使用 TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). 鑑證公司 ElcomSoft 曾撰寫過此功能的相關介紹 [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker [僅支援](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) Windows 專業版、企業版和教育版。 它可以在家庭版上啓用,只要符合先決條件。
-??? example "在Windows Home上啓用BitLocker"
+
+Enabling BitLocker on Windows Home
- 若要在 Windows 家用版啟用 BitLocker ,必須使用 [GUID 分割表](https://zh.wikipedia.org/wiki/GUID_Partition_Table) 格式化的分割區,並且具有專用的TPM (v1.2, 2.0+)模組。 如果在遵循本指南之前已在裝置上啟用,則要[停用非Bitlocker「裝置加密」功能](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5)(因為它會將您的復原金鑰傳送到Microsoft 的伺服器)。
-
-
- 1. 開啟命令提示符,並使用以下命令檢查磁碟機的分區表格格式。 您應該會在“分區樣式”下方看到“**GPT**” :
-
-
-
- ```
- powershell Get-Disk
- ```
-
-
- 2. 在管理員命令提示符中執行此命令以檢查您的TPM版本。 您應該會在 `個SpecVersion`旁邊看到 `2.0` 或 `1.2` :
-
-
-
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
-
-
- 3. 訪問[進階啟動選項](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). 重新啟動時需要在 Windows 啟動前按下F8 鍵,然後進入 *命令提示符* in **疑難排解** → **進階選項** → **命令提示符**。
-
- 4. 使用管理員帳戶登入並在命令提示符中輸入指令以開始加密:
-
-
-
- ```
- manage-bde -on c: -used
- ```
-
-
- 5. 關閉命令提示符並繼續啟動正常Windows。
-
- 6. 打開 admin 命令提示符並運行以下命令:
-
-
-
- ```
- manage-bde c: -protectors -add -rp -tpm
- manage-bde -protectors -enable c:
- manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
- ```
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+1. 開啟命令提示符,並使用以下命令檢查磁碟機的分區表格格式。 您應該會在“分區樣式”下方看到“**GPT**” :
- !!! tip "訣竅"
- 將桌面上的「BitLocker-Recovery-Key.txt」備份到單獨的儲存裝置。 若遺失恢復代碼可能會導致資料無法回復。
-
+ ```powershell
+ powershell Get-Disk
+ ```
+
+
+2. 在管理員命令提示符中執行此命令以檢查您的TPM版本。 您應該會在 `個SpecVersion`旁邊看到 `2.0` 或 `1.2` :
+
+
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
+
+
+3. 訪問[進階啟動選項](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). 重新啟動時需要在 Windows 啟動前按下F8 鍵,然後進入 *命令提示符* in **疑難排解** → **進階選項** → **命令提示符**。
+
+4. 使用管理員帳戶登入並在命令提示符中輸入指令以開始加密:
+
+
+ ```powershell
+ manage-bde -on c: -used
+ ```
+
+
+5. 關閉命令提示符並繼續啟動正常Windows。
+
+6. 打開 admin 命令提示符並運行以下命令:
+
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
+
+
+
Tip
+
+將桌面上的「BitLocker-Recovery-Key.txt」備份到單獨的儲存裝置。 若遺失恢復代碼可能會導致資料無法回復。
+
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** 是 macOS 內建的即時磁區加密方案。 建議使用FileVault ,因為它打抵擋 Apple silicon SoC 或 T2 安全晶片 [硬體安全問題](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web)。
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
-
+{ align=right }
+
+**FileVault** 是 macOS 內建的即時磁區加密方案。 建議使用FileVault ,因為它打抵擋 Apple silicon SoC 或 T2 安全晶片 [硬體安全問題](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web)。
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
我們建議您將本地恢復金鑰存放在安全的地方,而不是使用您的iCloud 帳戶進行恢復。
@@ -177,51 +196,55 @@ BitLocker [僅支援](https://support.microsoft.com/en-us/windows/turn-on-device
### Linux Unified Key設定
-!!! recommendation
+
- { align=right }
-
- **LUKS** 是 Linux 預設 FDE 方法。 它可用於加密整個磁區、分割區或建立加密容器。
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
-
+{ align=right }
-??? example "建立和開啟加密容器"
+**LUKS** 是 Linux 預設 FDE 方法。 它可用於加密整個磁區、分割區或建立加密容器。
+
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
+
+
+
+
+
+Creating and opening encrypted containers
+
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+#### Opening encrypted containers
- #### 開啟加密容器
- 建議使用'udisksctl`開啟容器和磁區,因為這使用 [Polkit](https://en.wikipedia.org/wiki/Polkit)。 大多數檔案管理器,例如流行的桌面環境中包含的檔案管理器,都可以解鎖加密的檔案。 [udiskie](https://github.com/coldfix/udiskie) 這類工具執行在系統常駐區並提供有用的使用介面。
-
-
-
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
-
-
-!!! note "記得備份磁區標頭"
-
- 我們建議您務必 [備份您的LUKS標頭](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) 以防部分驅動器故障。 可以通過以下方式完成:
-
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). 大多數檔案管理器,例如流行的桌面環境中包含的檔案管理器,都可以解鎖加密的檔案。 Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
Remember to back up volume headers
+
+我們建議您務必 [備份您的LUKS標頭](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) 以防部分驅動器故障。 This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** 是一個免費的開源文件加密和簽名工具,利用現代安全的加密算法。 它旨在成為更好版本的 [age](https://github.com/FiloSottile/age)和 [Minisign](https://jedisct1.github.io/minisign/),提供一個簡單,更容易的 GPG 替代品。
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads "下載"
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
-
+{ align=right }
+**Kryptor** 是一個免費的開源文件加密和簽名工具,利用現代安全的加密算法。 它旨在成為更好版本的 [age](https://github.com/FiloSottile/age)和 [Minisign](https://jedisct1.github.io/minisign/),提供一個簡單,更容易的 GPG 替代品。
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** 是 LUKS 的命令行 shell 包裝器。 它通過 [第三方工具](https://github.com/dyne/Tomb#how-does-it-work) 支持隱寫。
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
-
+{ align=right }
+**Tomb** 是 LUKS 的命令行 shell 包裝器。 它通過 [第三方工具](https://github.com/dyne/Tomb#how-does-it-work) 支持隱寫。
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -274,121 +300,128 @@ OpenPGP 有時需要執行特定任務,例如數位簽署和加密電子郵件
使用 PGP 加密時,您可以選擇在 `gpg.conf` 檔案中設定不同的選項。 我們建議您繼續使用 [ GnuPG 用戶常見問題集](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf)中指定的標準選項。
-!!! tip "在生成金鑰時使用未來的預設值"
-
- [生成密鑰](https://www.gnupg.org/gph/en/manual/c14.html) 時,建議使用`future-default`命令,因為這將指示 GnuPG 使用現代密碼學,例如 [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) 和 [Ed25519](https://ed25519.cr.yp.to/) :
-
-
-
-
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+
+
Use future defaults when generating a key
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
- { align=right }
-
- **GnuPG** 是 GPL授權的加密軟體 PGP 替代品。 GnuPG 符合 [RFC 4880](https://tools.ietf.org/html/rfc4880) ,這是目前 OpenPGP 的 IETF 規範。 GnuPG 專案一直致力於 [更新](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) ,試圖現代化OpenPGP。 GnuPG 是自由軟體基金會GNU 軟體項目的一部分,並已收到德國政府的重大 [資助](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html)。
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads "下載"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
-
+{ align=right }
+**GnuPG** 是 GPL授權的加密軟體 PGP 替代品。 GnuPG 符合 [RFC 4880](https://tools.ietf.org/html/rfc4880) ,這是目前 OpenPGP 的 IETF 規範。 GnuPG 專案一直致力於 [更新](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) ,試圖現代化OpenPGP。 GnuPG 是自由軟體基金會GNU 軟體項目的一部分,並已收到德國政府的重大 [資助](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html)。
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** 是 [Intevation and g10 Code](https://gpg4win.org/impressum.html) 的Windows 套件。 它包括 [各種工具](https://gpg4win.org/about.html) ,可協助您在 Microsoft Windows 上使用GPG。 該項目最初由德國聯邦信息安全辦公室 (BSI)於2005年發起並 [資助](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography)。
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads "下載"
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
-
+{ align=right }
+**GPG4win** 是 [Intevation and g10 Code](https://gpg4win.org/impressum.html) 的Windows 套件。 它包括 [各種工具](https://gpg4win.org/about.html) ,可協助您在 Microsoft Windows 上使用GPG。 該項目最初由德國聯邦信息安全辦公室 (BSI)於2005年發起並 [資助](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography)。
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note "備註"
+
+
Note
- 我們建議 [Canary Mail](email-clients.md#canary-mail) 在iOS裝置上使用PGP和電子郵件。
-
+我們建議 [Canary Mail](email-clients.md#canary-mail) 在iOS裝置上使用PGP和電子郵件。
-!!! recommendation
+
+{ align=right }
+**GPG Suite** 爲 [Apple Mail](email-clients.md#apple-mail) 和macOS 提供OpenPGP 支持。
+
+我們建議您查看他們的 [第一步指南](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email)和 [使用知識庫](https://gpgtools.tenderapp.com/kb) 以取得支援。
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** 是 GnuPG 的Android 實作。 郵件客戶端通常需要它,例如 [K-9 Mail](email-clients.md#k-9-mail) 和 [FairEmail](email-clients.md#fairemail) 以及其他 Android 應用程序提供加密支持。 Cure53 於2015年10月完成了 OpenKeychain 3.6 的 [安全審核](https://www.openkeychain.org/openkeychain-3-6)。 審核 OpenKeychain 方案的 [技術細節在此](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015)。
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads "下載"
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
-
+{ align=right }
+**OpenKeychain** 是 GnuPG 的Android 實作。 郵件客戶端通常需要它,例如 [K-9 Mail](email-clients.md#k-9-mail) 和 [FairEmail](email-clients.md#fairemail) 以及其他 Android 應用程序提供加密支持。 Cure53 於2015年10月完成了 OpenKeychain 3.6 的 [安全審核](https://www.openkeychain.org/openkeychain-3-6)。 審核 OpenKeychain 方案的 [技術細節在此](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015)。
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
-!!! example "此部分是新的"
-
- 我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在 [論壇上提問](https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
-
+
+
此部份新增
+我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在 [論壇上提問](https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
+
- { align=right }
-
- **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. 它允许你创建存储在虚拟驱动器上的保险库,其中的内容被加密并与你的云存储供应商同步。
-
- [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- - [:simple-android: Android](https://cryptomator.org/android)
- - [:simple-windows11: Windows](https://cryptomator.org/downloads)
- - [:simple-apple: macOS](https://cryptomator.org/downloads)
- - [:simple-linux: Linux](https://cryptomator.org/downloads)
- - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+{ align=right }
+
+**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. 它允许你创建存储在虚拟驱动器上的保险库,其中的内容被加密并与你的云存储供应商同步。
+
+[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
+- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
+- [:simple-android: Android](https://cryptomator.org/android)
+- [:simple-windows11: Windows](https://cryptomator.org/downloads)
+- [:simple-apple: macOS](https://cryptomator.org/downloads)
+- [:simple-linux: Linux](https://cryptomator.org/downloads)
+- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
+
+
+
+
Cryptomator使用AES-256加密,对文件和文件名进行加密。 Cryptomator不能加密元数据,如访问、修改和创建时间戳,也不能加密文件和文件夹的数量和大小。
@@ -44,41 +49,51 @@ Cryptomator's documentation details its intended [security target](https://docs.
### Picocrypt (File)
-!!! recommendation
+
- { align=right }
-
- **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt使用安全的XChaCha20密码和Argon2id密钥推导功能来提供高水平的安全。 它使用Go的标准x/crypto模块来实现其加密功能。
-
- [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
- [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+{ align=right }
+
+**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt使用安全的XChaCha20密码和Argon2id密钥推导功能来提供高水平的安全。 它使用Go的标准x/crypto模块来实现其加密功能。
+
+[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
+- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
+
+
+
+
### VeraCrypt (磁盘)
-!!! recommendation
+
- { align=right }
- { align=right }
-
- **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. 它可以在一个文件中创建一个虚拟的加密磁盘,加密一个分区,或者用启动前的认证来加密整个存储设备。
-
- [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
- [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+{ align=right }
+{ align=right }
+
+**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. 它可以在一个文件中创建一个虚拟的加密磁盘,加密一个分区,或者用启动前的认证来加密整个存储设备。
+
+[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
+[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
+- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
+
+
+
+
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@@ -92,100 +107,119 @@ For encrypting the drive your operating system boots from, we generally recommen
### BitLocker
-!!! recommendation
+
- { align=right }
-
- **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
-
- [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+{ align=right }
+
+**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
+
+
+
+
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
-??? example "Enabling BitLocker on Windows Home"
+
+Enabling BitLocker on Windows Home
- To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
+To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
- 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
+ ```powershell
+ powershell Get-Disk
+ ```
- ```
- powershell Get-Disk
- ```
+2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+ ```powershell
+ powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
+ ```
- 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
+3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+4. Login with your admin account and type this in the command prompt to start encryption:
+ ```powershell
+ manage-bde -on c: -used
+ ```
- ```
- powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
- ```
+5. Close the command prompt and continue booting to regular Windows.
+6. Open an admin command prompt and run the following commands:
+ ```powershell
+ manage-bde c: -protectors -add -rp -tpm
+ manage-bde -protectors -enable c:
+ manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+ ```
- 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
+
+
Tip
- 4. Login with your admin account and type this in the command prompt to start encryption:
+Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
- ```
- manage-bde -on c: -used
- ```
+
### FileVault
-!!! recommendation
+
- { align=right }
-
- **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
-
- [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+{ align=right }
+
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
+
+[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
+
+
+
+
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
-!!! recommendation
+
- { align=right }
-
- **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
-
- [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
- [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
- [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+{ align=right }
-??? example "Creating and opening encrypted containers"
+**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
- ```
- dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
- sudo cryptsetup luksFormat /path-to-file
- ```
+[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
+[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
+[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
+
- #### Opening encrypted containers
- We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
- ```
- udisksctl loop-setup -f /path-to-file
- udisksctl unlock -b /dev/loop0
- ```
+
-!!! note "Remember to back up volume headers"
+
+Creating and opening encrypted containers
- We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+```bash
+dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
+sudo cryptsetup luksFormat /path-to-file
+```
- ```
- cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
- ```
+#### Opening encrypted containers
+
+We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+```bash
+udisksctl loop-setup -f /path-to-file
+udisksctl unlock -b /dev/loop0
+```
+
+
+
+
+
Remember to back up volume headers
+
+We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+```bash
+cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+```
+
+
- { align=right }
-
- **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
-
- [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://www.kryptor.co.uk)
- - [:simple-apple: macOS](https://www.kryptor.co.uk)
- - [:simple-linux: Linux](https://www.kryptor.co.uk)
+{ align=right }
+
+**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
+
+[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://www.kryptor.co.uk)
+- [:simple-apple: macOS](https://www.kryptor.co.uk)
+- [:simple-linux: Linux](https://www.kryptor.co.uk)
+
+
+
+
### Tomb
-!!! recommendation
+
- { align=right }
-
- **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
-
- [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
- [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+{ align=right }
+
+**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
+
+[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
+
+
+
+
## OpenPGP
@@ -230,99 +273,128 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
-!!! tip "Use future defaults when generating a key"
+
+
Use future defaults when generating a key
- When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
+When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
- ```bash
- gpg --quick-gen-key alice@example.com future-default
- ```
+```bash
+gpg --quick-gen-key alice@example.com future-default
+```
+
+
- { align=right }
-
- **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
-
- [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
- - [:simple-apple: macOS](https://gpgtools.org)
- - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+{ align=right }
+
+**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
+
+[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+- [:simple-apple: macOS](https://gpgtools.org)
+- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
+
+
+
+
### GPG4win
-!!! recommendation
+
- { align=right }
-
- **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
-
- [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
- [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
- [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
-
- ??? downloads
-
- - [:simple-windows11: Windows](https://gpg4win.org/download.html)
+{ align=right }
+
+**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
+
+[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
+[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
+
+
+Downloads
+
+- [:simple-windows11: Windows](https://gpg4win.org/download.html)
+
+
+
+
### GPG Suite
-!!! note
+
+
Note
- We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
+We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
-!!! recommendation
+
+
+{ align=right }
+
+**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
+
+We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
+
+[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-apple: macOS](https://gpgtools.org)
+
+
+
+
### OpenKeychain
-!!! recommendation
+
- { align=right }
-
- **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
-
- [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
- [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
- [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
- [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
-
- ??? downloads
-
- - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+{ align=right }
+
+**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
+
+[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
+
+
+Downloads
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
+
+
+
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-!!! example "This section is new"
+
+
This section is new
- We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+
+