Differences between revisions 1 and 10 (spanning 9 versions)
Revision 1 as of 2021-03-25 15:30:34
Size: 1118
Editor: mreimers
Comment:
Revision 10 as of 2021-03-28 18:19:15
Size: 3326
Editor: mreimers
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
<<TableOfContents>>
Line 5: Line 7:
Sending any kind of information via "standard" email, i.e. without end-to-end encryption (E2E), is in general insecure since all mail data can be read by attackers. Consider email as a electronic post card. Sending any kind of information via "standard" email, i.e. without end-to-end encryption (E2E), is in general insecure since all mail data can be read by attackers. Consider email as an electronic post card.
Line 7: Line 9:
'''Important: Never send sensitive information in emails (neither in the subject/body nor as an unsecured attachment)''' /!\ '''Important: Never send sensitive information in emails (neither in the subject/body nor as an unsecured attachment)'''
Line 9: Line 11:
Unfortunately, to setup an E2E email is still challenging for the majority and annoying when you just want to send a single email to someone you do not correspond with regularly. Unfortunately, to setup an E2E email is still challenging for the majority of users and annoying when you just want to send a single email to someone you do not correspond with regularly.
Line 13: Line 15:
In case you want to send sensitive data (e.g. credit card, personal data, etc) via email it is much easier to store all these data in one or more file(s) and send them as an encrypted attachment. In case you want to send sensitive data (e.g. credit card, personal data, etc) via email, it is much easier to store all these data in one or more file(s) and send them as an encrypted attachment.
Line 15: Line 17:
== Step-by-step guidance == == Sending encrypted attachments ==
Line 17: Line 19:
 1. If your data are already in a document (e.g. Word, Excel) you are done here. For other data just create a new TXT file and store the data.  1. If your data are already in a document (e.g. Word, Excel) you are done with this step. For other data just create a new file (e.g. TXT) and enter your data.
Line 19: Line 21:
 1. Locate the document(s) you would like to send in Windows File Explorer and  1. Locate the document(s) you would like to send in Windows File Explorer and right-click. Click ''7-Zip'', then ''Add to archive...'' (see image).
    ''Remark: 7-Zip is installed on all ISG managed Windows clients. Users of self-managed/BOYD devices can download 7-Zip [[https://www.7-zip.org/download.html|here]].''

 {{attachment:7zip_1.png}}

 1.#3 Within 7-Zip select the ''archive format'' and ''Encryption method'' as shown in the image. Furthermore enter a password for encryption, according to the following rules:
   * Select a strong password, i.e. [a-z,A-Z,0-9] and at least 10 characters long.
   * The password must be different to any other passwords you use (also to encrypted attachments you sent to other users).
   * Keep in mind that the data in the encrypted archive cannot be recovered without this password.

 {{attachment:7zip_2.png}}

 1. Create the archive by clicking on ''OK''. If you have not changed the location, the archive will be created in the same location as the original data.

 1. Attach the encrypted and password-protected archive to your email and send it. /!\ '''Do not send the password with the same email!'''

 1. The best way to send the password is to use a different communication channel and to send it plain, i.e. without any further information (like the purpose of the password). Here is a list of possible communication channels in decreasing order of their level of trust:
   * in person
   * by phone
   * via chat, !WhatsApp, Signal etc.
   * by a separate email
 

== Receiving encrypted attachments ==

 1. Save the attached encrypted archive to the file system

 1. Locate the archive in Windows File Explorer and right-click. Click ''7-Zip'', then ''Extract Here'' (see image).
 {{attachment:7zip_3.png}}

 1. Enter the valid password
Line 22: Line 55:
7-Zip is also available on our managed Linux clients and for the major Linux distributions (package p7zip). On Ubuntu the default archive tool ''ark'' works as well.
 
 * Encrypting an attachment
 {{{
  /usr/bin/7z a -t7z -mhe=on -p <archive>.7z <file>
 }}}

 * Decrypting an attachment
 {{{
  /usr/bin/7z e <archive>.7z
 }}}

 Note: 7z will prompt for the password automatically

Contents

  1. How to send sensitive data by email
    1. What is the main problem
    2. Simple workaround
    3. Sending encrypted attachments
    4. Receiving encrypted attachments
    5. Additional note for Linux users

How to send sensitive data by email

What is the main problem

Sending any kind of information via "standard" email, i.e. without end-to-end encryption (E2E), is in general insecure since all mail data can be read by attackers. Consider email as an electronic post card.

/!\ Important: Never send sensitive information in emails (neither in the subject/body nor as an unsecured attachment)

Unfortunately, to setup an E2E email is still challenging for the majority of users and annoying when you just want to send a single email to someone you do not correspond with regularly.

Simple workaround

In case you want to send sensitive data (e.g. credit card, personal data, etc) via email, it is much easier to store all these data in one or more file(s) and send them as an encrypted attachment.

Sending encrypted attachments

  1. If your data are already in a document (e.g. Word, Excel) you are done with this step. For other data just create a new file (e.g. TXT) and enter your data.

  2. Locate the document(s) you would like to send in Windows File Explorer and right-click. Click 7-Zip, then Add to archive... (see image).

    • Remark: 7-Zip is installed on all ISG managed Windows clients. Users of self-managed/BOYD devices can download 7-Zip here.

    7zip_1.png

  3. Within 7-Zip select the archive format and Encryption method as shown in the image. Furthermore enter a password for encryption, according to the following rules:

    • Select a strong password, i.e. [a-z,A-Z,0-9] and at least 10 characters long.
    • The password must be different to any other passwords you use (also to encrypted attachments you sent to other users).
    • Keep in mind that the data in the encrypted archive cannot be recovered without this password.

    7zip_2.png

  4. Create the archive by clicking on OK. If you have not changed the location, the archive will be created in the same location as the original data.

  5. Attach the encrypted and password-protected archive to your email and send it. /!\ Do not send the password with the same email!

  6. The best way to send the password is to use a different communication channel and to send it plain, i.e. without any further information (like the purpose of the password). Here is a list of possible communication channels in decreasing order of their level of trust:
    • in person
    • by phone

    • via chat, WhatsApp, Signal etc.

    • by a separate email

Receiving encrypted attachments

  1. Save the attached encrypted archive to the file system

  2. Locate the archive in Windows File Explorer and right-click. Click 7-Zip, then Extract Here (see image). 7zip_3.png

  3. Enter the valid password

Additional note for Linux users

7-Zip is also available on our managed Linux clients and for the major Linux distributions (package p7zip). On Ubuntu the default archive tool ark works as well.

  • Encrypting an attachment 
      /usr/bin/7z a -t7z -mhe=on -p <archive>.7z <file>
  • Decrypting an attachment 
      /usr/bin/7z e <archive>.7z
    Note: 7z will prompt for the password automatically

Email/AttachmentEncryption (last edited 2023-10-16 13:58:58 by alders)