22 KiB
meta_title, title, icon, description, cover
| meta_title | title | icon | description | cover |
|---|---|---|---|---|
| Recommended Encryption Software: VeraCrypt, Cryptomator, PicoCrypt, and OpenPGP - Privacy Guides | Perangkat Lunak Enkripsi | material/file-lock | Enkripsi data adalah satu-satunya cara untuk mengendalikan siapa saja yang dapat mengaksesnya. These tools allow you to encrypt your emails and any other files. | encryption.webp |
Enkripsi data adalah satu-satunya cara untuk mengendalikan siapa saja yang dapat mengaksesnya. Jika saat ini Anda tidak menggunakan perangkat lunak enkripsi untuk perangkat penyimpanan, surel, atau berkas Anda, Anda seharusnya memilih opsi di sini.
Multi-platform
Opsi yang tercantum di sini adalah multi-platform dan sangat bagus untuk membuat cadangan terenkripsi data Anda.
Cryptomator (Awan)
!!! recommendation
{ align=right }
**Cryptomator** adalah solusi enkripsi yang dirancang untuk menyimpan berkas secara pribadi ke penyedia layanan awan mana pun. Ini memungkinkan Anda untuk membuat brankas yang disimpan di penyimpanan virtual, yang isinya dienkripsi dan disinkronkan dengan penyedia penyimpanan awan Anda.
[:octicons-home-16: Laman Beranda](https://cryptomator.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Kebijakan Privasi" }
[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Dokumentasi}
[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Kode Sumber" }
[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Berkontribusi }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- [:simple-android: Android](https://cryptomator.org/android)
- [:simple-windows11: Windows](https://cryptomator.org/downloads)
- [:simple-apple: macOS](https://cryptomator.org/downloads)
- [:simple-linux: Linux](https://cryptomator.org/downloads)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
Some Cryptomator cryptographic libraries have been audited by Cure53. The scope of the audited libraries includes: cryptolib, cryptofs, siv-mode and cryptomator-objc-cryptor. The audit did not extend to cryptolib-swift, which is a library used by Cryptomator for iOS.
Cryptomator's documentation details its intended security target, security architecture, and best practices for use in further detail.
Picocrypt (File)
!!! recommendation
{ align=right }
**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
VeraCrypt (Disk)
!!! recommendation
{ align=right }
{ align=right }
**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
When encrypting with VeraCrypt, you have the option to select from different hash functions. We suggest you only select SHA-512 and stick to the AES block cipher.
Truecrypt has been audited a number of times, and VeraCrypt has also been audited separately.
OS Full Disk Encryption
Untuk mengenkripsi kandar tempat sistem operasi Anda melakukan but, kami umumnya menyarankan untuk mengaktifkan perangkat lunak enkripsi yang disertakan dengan sistem operasi, alih-alih menggunakan alat pihak ketiga. Hal ini karena alat enkripsi asli sistem operasi Anda sering kali menggunakan OS dan fitur khusus perangkat keras seperti secure cryptoprocessor di perangkat Anda untuk melindungi komputer Anda dari serangan fisik yang lebih canggih. Untuk kandar sekunder dan kandar eksternal yang tidak Anda gunakan untuk melakukan but, kami tetap menyarankan untuk menggunakan alat bantu sumber terbuka seperti VeraCrypt alih-alih alat bantu di bawah ini, karena alat bantu ini menawarkan fleksibilitas tambahan dan memungkinkan Anda menghindari penguncian dari vendor.
BitLocker
!!! recommendation
{ align=right }
**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. Alasan utama kami merekomendasikannya untuk mengenkripsi kandar but Anda adalah karena [penggunaan TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, sebuah perusahaan forensik, telah menulis tentang fitur ini di [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
BitLocker is only supported on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
??? example "Enabling BitLocker on Windows Home"
To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. Anda mungkin perlu [menonaktifkan fungsionalitas "Enkripsi perangkat" non-Bitlocker](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (yang inferior karena mengirimkan kunci pemulihan Anda ke server Microsoft) jika sudah diaktifkan di perangkat Anda sebelum mengikuti panduan ini.
1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
```
powershell Get-Disk
```
2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
```
powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
```
3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
4. Login with your admin account and type this in the command prompt to start encryption:
```
manage-bde -on c: -used
```
5. Close the command prompt and continue booting to regular Windows.
6. Open an admin command prompt and run the following commands:
```
manage-bde c: -protectors -add -rp -tpm
manage-bde -protectors -enable c:
manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
```
!!! tip
Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
FileVault
!!! recommendation
{ align=right }
**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
Linux Unified Key Setup
!!! recommendation
{ align=right }
**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
??? example "Creating and opening encrypted containers"
```
dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
sudo cryptsetup luksFormat /path-to-file
```
#### Opening encrypted containers
We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
```
udisksctl loop-setup -f /path-to-file
udisksctl unlock -b /dev/loop0
```
!!! note "Remember to back up volume headers"
We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
```
cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
```
Baris perintah
Tools with command-line interfaces are useful for integrating shell scripts.
Kryptor
!!! recommendation
{ align=right }
**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://www.kryptor.co.uk)
- [:simple-apple: macOS](https://www.kryptor.co.uk)
- [:simple-linux: Linux](https://www.kryptor.co.uk)
Tomb
!!! recommendation
{ align=right }
**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
OpenPGP
OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is complex as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options.
When encrypting with PGP, you have the option to configure different options in your gpg.conf file. We recommend staying with the standard options specified in the GnuPG user FAQ.
!!! tip "Use future defaults when generating a key"
When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
```bash
gpg --quick-gen-key alice@example.com future-default
```
GNU Privacy Guard
!!! recommendation
{ align=right }
**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- [:simple-windows11: Windows](https://gpg4win.org/download.html)
- [:simple-apple: macOS](https://gpgtools.org)
- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
GPG4win
!!! recommendation
{ align=right }
**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://gpg4win.org/download.html)
GPG Suite
!!! note
We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
!!! recommendation
{ align=right }
**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
??? downloads
- [:simple-apple: macOS](https://gpgtools.org)
OpenKeychain
!!! recommendation
{ align=right }
**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
Kriteria
Harap diperhatikan bahwa kami tidak berafiliasi dengan proyek-proyek yang kami rekomendasikan. Selain kriteria standar kami, kami telah mengembangkan serangkaian persyaratan yang jelas untuk memungkinkan kami memberikan rekomendasi yang objektif. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan penelitian sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda.
!!! contoh "Bagian ini baru"
Kami sedang berupaya menetapkan kriteria yang jelas untuk setiap bagian dari situs kami, dan hal ini dapat berubah sewaktu-waktu. Jika Anda memiliki pertanyaan mengenai kriteria kami, silakan [tanyakan di forum](https://discuss.privacyguides.net/latest) dan jangan berasumsi bahwa kami tidak mempertimbangkan sesuatu saat membuat rekomendasi jika tidak tercantum di sini. Ada banyak faktor yang dipertimbangkan dan didiskusikan saat kami merekomendasikan sebuah proyek, dan mendokumentasikan setiap faktor tersebut merupakan sebuah pekerjaan yang sedang berjalan.
Minimum Qualifications
- Aplikasi enkripsi lintas platform haruslah bersumber terbuka.
- File encryption apps must support decryption on Linux, macOS, and Windows.
- External disk encryption apps must support decryption on Linux, macOS, and Windows.
- Internal (OS) disk encryption apps must be cross-platform or built in to the operating system natively.
Kasus Terbaik
Kriteria kasus terbaik kami mewakili apa yang ingin kami lihat dari proyek yang sempurna dalam kategori ini. Rekomendasi kami mungkin tidak menyertakan salah satu atau semua fungsi ini, tetapi rekomendasi yang menyertakan fungsi ini mungkin memiliki peringkat yang lebih tinggi daripada yang lain di halaman ini.
- Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave.
- File encryption apps should have first- or third-party support for mobile platforms.