i18n/i18n/ko/encryption.md

meta_title, title, icon, description, cover

meta_title	title	icon	description	cover
Recommended Encryption Software: VeraCrypt, Cryptomator, PicoCrypt, and OpenPGP - Privacy Guides	암호화 소프트웨어	material/file-lock	데이터 암호화는 데이터에 접근 가능한 사람을 통제하는 유일한 방법입니다. These tools allow you to encrypt your emails and any other files.	encryption.webp

Encryption is the only secure way to control who can access your data. If you are currently not using encryption software for your hard disk, emails, or files, you should pick an option here.

Multi-platform

The options listed here are available on multiple platforms and great for creating encrypted backups of your data.

Cryptomator (클라우드)

Protects against the following threat(s):

• :material-bug-outline: 수동적 공격(Passive Attacks){.pg-orange}

{ align=right }

Cryptomator is an encryption solution designed for privately saving files to any cloud :material-server-network: Service Provider{ .pg-teal }, eliminating the need to trust that they won't access your files. 가상 드라이브에 Vault라고 불리는 파일 저장소를 생성할 수 있고, 여기에 저장된 파일들은 암호화되며 자동으로 클라우드와 동기화됩니다.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

• :simple-googleplay: Google Play
• :simple-appstore: App Store
• :simple-android: Android
• :fontawesome-brands-windows: Windows
• :simple-apple: macOS
• :simple-linux: Linux
• :simple-flathub: Flathub

Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.

Cryptomator is free to use on all desktop platforms, as well as on iOS in "read only" mode. Cryptomator offers paid apps with full functionality on iOS and Android. The Android version can be purchased anonymously via ProxyStore.

Some Cryptomator cryptographic libraries have been audited by Cure53. The scope of the audited libraries includes: cryptolib, cryptofs, siv-mode and cryptomator-objc-cryptor. The audit did not extend to cryptolib-swift, which is a library used by Cryptomator for iOS.

Cryptomator's documentation details its intended security target, security architecture, and best practices for use in further detail.

Picocrypt (파일)

Protects against the following threat(s):

• :material-target-account: 표적 공격(Targeted Attacks){.pg-red}

{ align=right }

Picocrypt is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.

:octicons-repo-16: Repository{ .md-button .md-button--primary } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

• :fontawesome-brands-windows: Windows
• :simple-apple: macOS
• :simple-linux: Linux

Picocrypt has been audited by Radically Open Security in August 2024, and most of the issues found in the audit were subsequently fixed.

VeraCrypt (디스크)

Protects against the following threat(s):

• :material-target-account: 표적 공격(Targeted Attacks){.pg-red}

{ align=right } { align=right }

VeraCrypt is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

• :fontawesome-brands-windows: Windows
• :simple-apple: macOS
• :simple-linux: Linux

VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.

When encrypting with VeraCrypt, you have the option to select from different hash functions. We suggest you only select SHA-512 and stick to the AES block cipher.

TrueCrypt has been audited a number of times, and VeraCrypt has also been audited separately.

Operating System Encryption

Protects against the following threat(s):

• :material-target-account: 표적 공격(Targeted Attacks){.pg-red}

Built-in OS encryption solutions generally leverage hardware security features such as a secure cryptoprocessor. Therefore, we recommend using the built-in encryption solutions for your operating system. For cross-platform encryption, we still recommend cross-platform tools for additional flexibility and to avoid vendor lock-in.

BitLocker

{ align=right }

BitLocker is the full volume encryption solution bundled with Microsoft Windows that uses the Trusted Platform Module (TPM) for hardware-based security.

:octicons-info-16:{ .card-link title="Documentation" }

BitLocker is officially supported on the Pro, Enterprise, and Education editions of Windows. It can be enabled on Home editions provided that they meet the following prerequisites.

Enabling BitLocker on Windows Home

To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a GUID Partition Table and have a dedicated TPM (v1.2, 2.0+) module. You may need to disable the non-Bitlocker "Device encryption" functionality (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.

1. Open a command prompt and check your drive's partition table format with the following command. You should see "GPT" listed under "Partition Style":

   powershell Get-Disk
   

2. Run this command (in an admin command prompt) to check your TPM version. You should see 2.0 or 1.2 listed next to SpecVersion:

   powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
   

3. Access Advanced Startup Options. You need to reboot while pressing the F8 key before Windows starts and go into the command prompt in Troubleshoot → Advanced Options → Command Prompt.

4. Login with your admin account and type this in the command prompt to start encryption:

   manage-bde -on c: -used
   

5. Close the command prompt and continue booting to regular Windows.

6. Open an admin command prompt and run the following commands:

   manage-bde c: -protectors -add -rp -tpm
   manage-bde -protectors -enable c:
   manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
   

Tip

데스크톱의 BitLocker-Recovery-Key.txt를 별도 저장 장치에 백업하세요. 해당 복구 코드를 분실하면 데이터를 잃어버리게 될 수 있습니다.

FileVault

{ align=right }

FileVault는 macOS에 기본 내장된, 즉시 사용 가능한 볼륨 암호화 솔루션입니다. FileVault takes advantage of the hardware security capabilities present on an Apple Silicon SoC or T2 Security Chip.

:octicons-info-16:{ .card-link title="Documentation" }

We advise against using your iCloud account for recovery; instead, you should securely store a local recovery key on a separate storage device.

Linux Unified Key Setup

{ align=right }

LUKS는 Linux에서 기본으로 사용하는 FDE 방식입니다. 전체 볼륨, 파티션을 암호화하거나 암호화 컨테이너를 만들 수 있습니다.

:octicons-repo-16: Repository{ .md-button .md-button--primary } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }

Creating and opening encrypted containers

dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
sudo cryptsetup luksFormat /path-to-file

Opening encrypted containers

We recommend opening containers and volumes with udisksctl as this uses Polkit. Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like udiskie can run in the system tray and provide a helpful user interface.

udisksctl loop-setup -f /path-to-file
udisksctl unlock -b /dev/loop0

Remember to back up volume headers

We recommend you always back up your LUKS headers in case of partial drive failure. This can be done with:

cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img

커맨드라인

Protects against the following threat(s):

• :material-target-account: 표적 공격(Targeted Attacks){.pg-red}

커맨드라인 인터페이스가 존재하는 툴은 Shell 스크립트에 통합하는 용도로 유용합니다.

Kryptor

{ align=right }

Kryptor는 현대적이고 안전한 암호화 알고리즘을 사용하는 무료 오픈 소스 툴로, 파일 암호화 및 서명 기능을 제공합니다. It aims to be a better version of age and Minisign to provide a simple, easier alternative to GPG.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

• :fontawesome-brands-windows: Windows
• :simple-apple: macOS
• :simple-linux: Linux

Tomb

{ align=right }

Tomb는 LUKS의 커맨드라인 Shell 래퍼(Wrapper)입니다. It supports steganography via third-party tools.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

OpenPGP

Protects against the following threat(s):

• :material-target-account: 표적 공격(Targeted Attacks){.pg-red}
• :material-bug-outline: 수동적 공격(Passive Attacks){.pg-orange}
• :material-server-network: 서비스 제공자/제공 업체(Service Providers){.pg-teal}

OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is complex as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options.

When encrypting with PGP, you have the option to configure different options in your gpg.conf file. We recommend staying with the standard options specified in the GnuPG user FAQ.

Use future defaults when generating a key

When generating keys we suggest using the future-default command as this will instruct GnuPG use modern cryptography such as Curve25519 and Ed25519:

gpg --quick-gen-key alice@example.com future-default

GNU Privacy Guard

{ align=right }

GnuPG is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF specification of OpenPGP. The GnuPG project has been working on an updated draft in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major funding from the German government.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }

Downloads

• :simple-googleplay: Google Play
• :fontawesome-brands-windows: Windows
• :simple-apple: macOS
• :simple-linux: Linux

GPG4win

{ align=right }

GPG4win is a package for Windows from Intevation and g10 Code. It includes various tools that can assist you in using GPG on Microsoft Windows. The project was initiated and originally funded by Germany's Federal Office for Information Security (BSI) in 2005.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

• :fontawesome-brands-windows: Windows

GPG Suite

{ align=right }

GPG Suite provides OpenPGP support for Apple Mail and other email clients on macOS.

We recommend taking a look at their First steps and Knowledge Base for support.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }

Downloads

• :simple-apple: macOS

Currently, GPG Suite does not yet have a stable release for macOS Sonoma and later.

OpenKeychain

{ align=right }

OpenKeychain is an implementation of GnuPG for Android. It's commonly required by mail clients such as Thunderbird, FairEmail, and other Android apps to provide encryption support.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }

Downloads

• :simple-googleplay: Google Play

Cure53 completed a security audit of OpenKeychain 3.6 in October 2015. The published audit and OpenKeychain's solutions to the issues raised in the audit can be found here.

평가 기준

Privacy Guides는 권장 목록의 어떠한 프로젝트와도 제휴를 맺지 않았습니다. 객관적인 권장 목록을 제공하기 위해, 일반적인 평가 기준에 더해 명확한 요구 사항을 정립하였습니다. 어떠한 프로젝트를 선택해 사용하기 전에, 이러한 요구 사항들을 숙지하고 여러분 스스로 조사하는 과정을 거쳐 적절한 선택을 하시기 바랍니다.

최소 요구 사항

• Cross-platform encryption apps must be open source.
• File encryption apps must support decryption on Linux, macOS, and Windows.
• External disk encryption apps must support decryption on Linux, macOS, and Windows.
• Internal (OS) disk encryption apps must be cross-platform or built in to the operating system natively.

우대 사항

평가 기준에서 '우대 사항'은 해당 부문에서 완벽한 프로젝트에 기대하는 바를 나타냅니다. 다음의 우대 사항에 해당하지 않더라도 권장 목록에 포함될 수 있습니다. 단, 우대 사항에 해당할수록 이 페이지의 다른 항목보다 높은 순위를 갖습니다.

• Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave.
• File encryption apps should have first- or third-party support for mobile platforms.