i18n/encryption.md at f0705d54e76a8a84468f712f54a35222c955ef61

privacyguides/i18n

Fork 0

mirror of https://github.com/privacyguides/i18n.git synced 2025-09-16 18:18:47 +00:00

Files

Crowdin Bot 363192b3ad New Crowdin translations by GitHub Action

2025-09-12 04:35:40 +00:00

22 KiB

Raw Blame History

meta_title, title, icon, description, cover

meta_title	title	icon	description	cover
Recommended Encryption Software: VeraCrypt, Cryptomator, and OpenPGP - Privacy Guides	Software de encriptação	material/file-lock	A encriptação de dados é a única forma de controlar quem pode acessá-los. These tools allow you to encrypt your emails and any other files.	encryption.webp

Encryption is the only secure way to control who can access your data. If you are currently not using encryption software for your hard disk, emails, or files, you should pick an option here.

Multi-plataforma

The options listed here are available on multiple platforms and great for creating encrypted backups of your data.

VeraCrypt

Protects against the following threat(s):

:material-bug-outline: Ataques passivos{.pg-orange}

{ align=right }

Cryptomator is an encryption solution designed for privately saving files to any cloud :material-server-network: Service Provider{ .pg-teal }, eliminating the need to trust that they won't access your files. Ele pode criar um disco virtual encriptado dentro de um ficheiro, encriptar uma partição ou encriptar todo o dispositivo de armazenamento com autenticação pré-boot.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

O VeraCrypt é um garfo do projeto TrueCrypt descontinuado. De acordo com seus desenvolvedores, melhorias de segurança foram implementadas e questões levantadas pela auditoria inicial do código TrueCrypt foram abordadas.

Cryptomator is free to use on all desktop platforms, as well as on iOS in "read only" mode. Cryptomator offers paid apps with full functionality on iOS and Android. The Android version can be purchased anonymously via ProxyStore.

Ao encriptar com VeraCrypt, o utilizador tem a opção de seleccionar de diferentes funções hash. Sugerimos aos utilizadores apenas seleccione SHA-512 e deve ficar com o AES cifra de bloco. The audit did not extend to cryptolib-swift, which is a library used by Cryptomator for iOS.

Cryptomator's documentation details its intended security target, security architecture, and best practices for use in further detail.

Picocrypt

Protects against the following threat(s):

:material-target-account: Ataques direcionados{.pg-red}

{ align=right }

Picocrypt é uma pequena e simples ferramenta de encriptação que fornece uma encriptação moderna. Picocrypt usa a cifra segura XChaCha20 e a função de derivação da chave Argon2id para proporcionar um alto nível de segurança.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.

When encrypting with VeraCrypt, you have the option to select from different hash functions. We suggest you only select SHA-512 and stick to the AES block cipher.

TrueCrypt has been audited a number of times, and VeraCrypt has also been audited separately.

Operating System Encryption

Protects against the following threat(s):

:material-target-account: Ataques direcionados{.pg-red}

Built-in OS encryption solutions generally leverage hardware security features such as a secure cryptoprocessor. Therefore, we recommend using the built-in encryption solutions for your operating system. For cross-platform encryption, we still recommend cross-platform tools for additional flexibility and to avoid vendor lock-in.

BitLocker

{ align=right }

BitLocker is the full volume encryption solution bundled with Microsoft Windows that uses the Trusted Platform Module (TPM) for hardware-based security.

:octicons-info-16:{ .card-link title="Documentation" }

BitLocker is officially supported on the Pro, Enterprise, and Education editions of Windows. It can be enabled on Home editions provided that they meet the following prerequisites.

Enabling BitLocker on Windows Home

To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a GUID Partition Table and have a dedicated TPM (v1.2, 2.0+) module. You may need to disable the non-Bitlocker "Device encryption" functionality (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.

Open a command prompt and check your drive's partition table format with the following command. You should see "GPT" listed under "Partition Style":
```
powershell Get-Disk
```
Run this command (in an admin command prompt) to check your TPM version. You should see 2.0 or 1.2 listed next to SpecVersion:
```
powerhell Get-Disk 0 | findstr GPT && echo Este é um disco do sistema GPT!
```
Access Advanced Startup Options. You need to reboot while pressing the F8 key before Windows starts and go into the command prompt in Troubleshoot → Advanced Options → Command Prompt.
Login with your admin account and type this in the command prompt to start encryption:
```
manage-bde -on c: -used
```
Close the command prompt and continue booting to regular Windows.

Feche o prompt de comando, e entre no PowerShell:

manage-bde c: -protectors -add -rp -tpm
manage-bde -protectors -enable c:
manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt

Tip

Backup BitLocker-Recovery-Key.txt on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.

FileVault

{ align=right }

FileVault é a solução de encriptação de volume on-the-fly integrada em macOS. FileVault takes advantage of the hardware security capabilities present on an Apple Silicon SoC or T2 Security Chip.

:octicons-info-16:{ .card-link title="Documentation" }

We advise against using your iCloud account for recovery; instead, you should securely store a local recovery key on a separate storage device.

Configuração da Chave Unificada Linux (LUKS)

{ align=right }

LUKS* é o método padrão de criptografia de disco completo para Linux. Ele pode ser usado para criptografar volumes completos, partições ou criar containers criptografados.

:octicons-repo-16: Repository{ .md-button .md-button--primary } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }

Creating and opening encrypted containers

dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
sudo cryptsetup luksFormat /path-to-file

Opening encrypted containers

We recommend opening containers and volumes with udisksctl as this uses Polkit. A maioria dos gestores de ficheiros, tais como os incluídos em ambientes de desktop populares, consegue desbloquear ficheiros encriptados. Tools like udiskie can run in the system tray and provide a helpful user interface.

udisksctl loop-setup -f /path-to-file
udisksctl unlock -b /dev/loop0

Remember to back up volume headers

Recomendamos que você sempre faça backup dos seus cabeçalhos LUKS em caso de falha parcial da unidade. This can be done with:

cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img

Linha de comando

Protects against the following threat(s):

:material-target-account: Ataques direcionados{.pg-red}

Tools with command-line interfaces are useful for integrating shell scripts.

Kryptor

{ align=right }

Kryptor é uma ferramenta de criptografia e assinatura de arquivos livre e de código aberto que faz uso de algoritmos criptográficos modernos e seguros. It aims to be a better version of age and Minisign to provide a simple, easier alternative to GPG.

Downloads

Túmulo

{ align=right }

Tomb é uma shell wrapper de linha de comando para LUKS. It supports steganography via third-party tools.

OpenPGP

Protects against the following threat(s):

:material-target-account: Ataques direcionados{.pg-red}
:material-bug-outline: Ataques passivos{.pg-orange}
:material-server-network: Fornecedores de serviços{.pg-teal}

OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. Dica "Use padrões futuros ao gerar uma chave". For tasks such as signing or encrypting files, we suggest the above options.

When encrypting with PGP, you have the option to configure different options in your gpg.conf file. We recommend staying with the standard options specified in the GnuPG user FAQ.

Use future defaults when generating a key

When generating keys we suggest using the future-default command as this will instruct GnuPG use modern cryptography such as Curve25519 and Ed25519:

gpg --quick-gen-key alice@example.com future-default

Guarda de Privacidade GNU

{ align=right }

GnuPG é uma alternativa GPL-licenciada ao conjunto de software criptográfico PGP. GnuPG está em conformidade com RFC 4880, que é a especificação atual da IETF do OpenPGP. The GnuPG project has been working on an updated draft in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major funding from the German government.

Downloads

GPG4win

{ align=right }

GPG4win é um pacote para Windows da Intevation and g10 Code. Inclui várias ferramentas que auxiliam os usuários do PGP no Microsoft Windows. O projeto foi iniciado e originalmente financiado por pelo Escritório Federal de Segurança da Informação (BSI) da Alemanha em 2005.

Downloads

:fontawesome-brands-windows: Windows

Suíte GPG

{ align=right }

GPG Suite provides OpenPGP support for Apple Mail and other email clients on macOS.

We recommend taking a look at their First steps and Knowledge Base for support.

Downloads

:simple-apple: macOS

Currently, GPG Suite does not yet have a stable release for macOS Sonoma and later.

OpenKeychain

{ align=right }

OpenKeychain is an implementation of GnuPG for Android. It's commonly required by mail clients such as Thunderbird, FairEmail, and other Android apps to provide encryption support.

Downloads

:simple-googleplay: Google Play

Cure53 completed a security audit of OpenKeychain 3.6 in October 2015. The published audit and OpenKeychain's solutions to the issues raised in the audit can be found here.

Framadate

Please note we are not affiliated with any of the projects we recommend. In addition to our standard criteria, we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

Minimum Qualifications

Cross-platform encryption apps must be open source.
File encryption apps must support decryption on Linux, macOS, and Windows.
External disk encryption apps must support decryption on Linux, macOS, and Windows.
Internal (OS) disk encryption apps must be cross-platform or built in to the operating system natively.

Melhor caso

Os nossos melhores critérios representam o que gostaríamos de ver num projeto perfeito desta categoria. As nossas recomendações podem não incluir todas as funcionalidades, mas incluem as que, na nossa opinião, têm um impacto mais elevado.

Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave.
File encryption apps should have first- or third-party support for mobile platforms.

22 KiB Raw Blame History

Multi-plataforma

VeraCrypt

Picocrypt

Operating System Encryption

BitLocker

FileVault

Configuração da Chave Unificada Linux (LUKS)

Opening encrypted containers

Linha de comando

Kryptor

Túmulo

OpenPGP

Guarda de Privacidade GNU

GPG4win

Suíte GPG

OpenKeychain

Framadate

Minimum Qualifications

Melhor caso

22 KiB

Raw Blame History