Want to add a padlock to your email messages? You can use S/MIME in Outlook Web App to increase the security of messages. A digitally encrypted message can only be opened by recipients who have the correct key. A digital signature assures recipients that the message hasnt been tampered with.

Note: S/MIME may not be available for your account.

Setting up to use S/MIME encryption

Encrypt and digitally sign outgoing messages

How do I encrypt or digitally sign all messages?

How do I encrypt individual messages?

How do I digitally sign individual messages?

Reading encrypted and digitally signed messages

How do I read an encrypted message?

How do I verify the signature of a digitally signed message?

What else do I need to know?

Get a certificate.

The first step to use S/MIME is to obtain a certificate, also called a digital ID, from your organizations administrator. Your certificate may be stored on a smart card, or may be a file that you store on your computer. Follow the instructions provided by your administrator to use your certificate.

Install the S/MIME control.

If you do not have the S/MIME control installed, and receive an encrypted or digitally signed message, youll be prompted to install the control when you open the message. Alternatively, if you do not have the S/MIME control installed, you can create a new message and select more options > Message options and select Encrypt this message (S/MIME). You will then be prompted to install the S/MIME control.

When youre prompted to run or save the file, select Run.

You may be prompted again to verify that you want to run the software. Select Run to continue the installation.

Note: You will have to close and reopen Outlook Web App before you can use the S/MIME control.

Top of Page

After youve installed the S/MIME control, you can go to the gear menu > S/MIME settings where you will find two options that you can select to digitally encrypt or digitally sign every message you send.

Select Encrypt contents and attachment of all messages I send to automatically encrypt all outgoing messages.

Select Add a digital signature to all messages I send to digitally sign all outgoing messages.

Note: All outgoing messages include new messages, replies, and forwards.

To add or remove digital encryption from an individual message that youre composing:

Go to the top of the message and select more options > Message options.

Select or deselect Encrypt this message (S/MIME).

If you encrypt an outgoing message and Outlook Web App cant verify that all recipients can decrypt the message, youll see a notice warning you which recipients may not be able to read the encrypted message. You can then send the message anyway, remove those recipients, or retry to check again.

To add or remove a digital signature from a message that youre composing:

Go to the top of the message and select more options > Message options.

Select or deselect Digitally sign this message (S/MIME).

If your certificate is stored on a smartcard, you will be prompted to insert the smartcard to digitally sign the message. Your smartcard may also require a PIN to access the certificate.

Top of Page

A key icon in the message list or reading pane indicates an encrypted message.

If you normally use Conversation view, you will have to open the message in a new window to read it. There will be a link on the message to make this easier.

When you receive an encrypted message, Outlook Web App will check whether the S/MIME control is installed and whether there is a certificate available on your computer. If the S/MIME control is installed and there is a certificate available, the message will be decrypted when you open it. If your certificate is stored on a smartcard, you will be prompted to insert the smartcard to read the message. Your smartcard may also require a PIN to access the certificate.

A ribbon icon in the message list or reading pane indicates a digitally signed message.

If you normally use Conversation view, you will have to open the message in a new window to read it. Information about the digital signature will be at the top of the message, along with a link that you can select to learn more about the digital signature.

Top of Page

Internet Explorer 9 or later is required to send and receive encrypted messages. It is also required to digitally sign messages that you send, and to verify digital signatures on messages that you receive.

S/MIME message encryption is supported only on messages sent to and from recipients in your organizations address list. If you send an encrypted message to someone outside your organization, they will not be able to decrypt and read the message.

S/MIME digital signatures are only fully supported for recipients inside your organization. Recipients can only verify the digital signature if theyre using an email client that supports S/MIME and have installed the S/MIME control.

If you send a digitally signed message to a recipient outside your organization, they will be able to read the message. Depending on the email client theyre using, they may or may not see and be able to verify the digital signature.

Encrypted messages can be read only by intended recipients who have a certificate. If you try to send an encrypted message to a recipient who doesn't have a certificate, Outlook Web App will warn you that the recipient cant decrypt S/MIME encrypted messages.

If at least one recipient of an encrypted message has a certificate, Outlook Web App will send the message to all recipients. If none of the intended recipients has a certificate, Outlook Web App won't let you send the message in encrypted form.

A digitally signed message reassures the recipient that the message hasn't been tampered with and verifies the identity of the sender. Digitally signed messages can be sent to anyone. However, the recipient must be using an email application that supports S/MIME and have installed the S/MIME control to verify the digital signature. Outlook and Outlook Web App both support S/MIME.

The S/MIME control is necessary to verify the signatures of digitally signed messages, but a certificate is not. If you receive a message that's been encrypted or digitally signed and you haven't installed the S/MIME control, you'll see a warning in the message header notifying you that the S/MIME control isn't available. The message will direct you to the S/MIME options page where you can install this control.

Top of Page

More:
Encrypt messages by using S/MIME in Outlook Web App

We have several Lenovo E560 laptops deployed with Samsung EVO 850 SSD's and Windows 10 1709. These happen to have the Infineon (IFX) TPM chips and we have BitLocker full-drive encryption with eDrive (hardware encryption) enabled using UEFI/Secure Boot. The key protectors are TPM+USB key and Numeric PIN for recovery. They produce this message in the tpm.msc console:

The TPM firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go tohttps://go.microsoft.com/fwlink/?linkid=852572

I read the article athttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012

An issue has been occurring after the March 2018 Cumulative update installs (KB4088776) and Windows restarts. The OS drive prompts for the recovery key. No problem here as we enter it and the drive unlocks. However, in Windows, the Manage BitLocker console reports that BitLocker is turned off! Also the manage-bde -status confirms that the drive is fully decrypted and protection is off.

Disk volumes that can be protected withBitLocker Drive Encryption:Volume C: [][OS Volume]

Size: 465.21 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Key Protectors: None Found

From Diskpart:

Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 450 MB 1024 KB Partition 2 System 100 MB 451 MB Partition 3 Reserved 16 MB 551 MB Partition 4 Primary 465 GB 567 MB

On the first laptop in which I encountered this, I tried to turn BitLocker back on, but on reboot during the check, it corrupted the Windows bootloader and put me in an automatic recovery repair loop. I was able to get out of the that, but the BitLocker recovery key prompt remained. Even clearing the TPM in Windows or manually from the BIOS doesn't resolve it. Also disabling the TPM in BIOS doesn't resolve it. What DID resolve it was deleting all the partitions and installing Windows from scratch.

I then applied a TPM firmware update from Lenovo (updated these from 6.40 to 6.43), now Microsoft no longer reports the vulnerability and all is well.

This took me many hours to diagnose and solve. Obviously, a complete Windows reinstallation is not the way to go and I have several other affected laptops waiting for a fix. But so far, I can't figure out what to do about clearing the BitLocker recovery key. I'd like to be able to do the following:

1. Clear any keys or prompts and allow Windows to boot normally with no BitLocker prompts.

2. Install the TPM firmware update.

3. Re-enable BitLocker.

4. Accomplish this without destroying the Windows installation or causing an OS reinstall.

How can I remove the continual BitLocker recovery key prompting when Windows is reporting that it is not enabled and doesn't exist to begin with?

Link:
BitLocker Recovery Key Prompt Issue in Windows 10 ...

We have several HP ElitePad 1000 G2 tablets running Windows 10 Pro that we want to set up encryption on.

The order of events that we are doing to accomplish encryption are:

1. Turn on Bitlocker from Control Panel > System and Security2. Select "Save to a file" when asked how I wanted to back up the recovery key3. Select "Encrypt entire drive" and "New encryption mode"

At this point, some of the tablets would spend hours apparently encrypting the SSD. Some of the tablets said the encryption was done after a few moments.

4. Add a startup PIN5. Restart the tablet to make sure the PIN was prompted for (it was)6. Check the encrypted status of the tablet by entering "manage-bde -status c:" at a Command Prompt. All tablets reported back someting like:

Volume C: [Windows][OS Volume] Size: 103.67 GB BitLocker Version: 2.0 Conversion Status: Fully Encrypted Percentage Encrypted: 100.0% Encryption Method: XTS-AES 128 Protection Status: Protection On Lock Status: Unlocked Identification Field: Unknown Key Protectors: TPM And PIN Numerical Password

7. Check whether BitLocker was actually encrypting files on the C: drive a. Create a new text file on the C: drive b. Copy the file to a USB flash drive (or email it as an attachment)

c. Download the file on another system

Upon opening the file on the other system, I found that it was not encrypted and everything was visible in clear text.

There seems to be something fundamental that I am missing or misunderstanding about just what BitLocker is supposed to be doing.

This link (https://msdn.microsoft.com/en-us/library/dd163562.aspx) indicates that encryption is available only on NTFS (which the tablet is formatted as), and that if you copy the file to a floppy disk or to any other file system, the file is no longer encrypted. I'm assuming this is old information (the "floppy disk" part kind of dates it) not relevant to BitLocker.

Read the original here:
BitLocker not encrypting? - Microsoft Community

If youve received an encrypted message from an organization that uses Microsoft Office 365 Message Encryption, you can sign in with a Microsoft account or with the work or school account you use with Office 365 to view your message. If you dont have a Microsoft account, you can follow this procedure to create one.

What's a Microsoft account?

A Microsoft account is the email address and password that you use to sign in to Microsoft services, such as Outlook.com, OneDrive, Windows Phone, or Xbox Live. What is a Microsoft account? is a short video thats helpful for understanding what a Microsoft account is and how its used.

I already have a Microsoft account. Do I need to create a new one to view an encrypted message?

No. You can refer to Send, view, and reply to encrypted messages to learn how to sign in with your existing account and view an encrypted message.

This procedure takes you through the process of creating a Microsoft account.

To create a Microsoft account to view encrypted messages:

Open the message in your Inbox. The subject line may indicate that the message is encrypted. The following screenshot shows a Gmail Inbox that contains an encrypted message.

Note:You can use any email service, such as Hotmail, Yahoo, or Gmail, to view encrypted messages.

After you open the message, youll see Message encryption by Microsoft Office 365 and an attachment called message.html. Open the attachment.

Select SIGN IN AND VIEW YOUR ENCRYPTED MESSAGE.

Select the option to create a Microsoft account.

Fill out the Create an account form. Youll see your email address in the User name box.

Review the summary page and select Verify your email address. You will receive a verification email.

Open the verification email and select the Verify button to confirm your email address.

Once youve verified your email address, go back and open the message.html file that you started with. You can now use your Microsoft account to sign in and view the encrypted message.

Last updated 2014-9-15

Read the original post:
Sign in to view your Office 365 encrypted message

A message that is encrypted by Office 365 Message Encryption is delivered to a recipients inbox just like any other email message. If the recipient has Outlook 2013 or 2016 and an Office 365 email account, they'll see an alert about the item's restricted permissions in the Reading pane. After opening the message, the recipient can view the message just like any other.

Note: We recently released the encrypt-only policy in Outlookfor PC versions 2019 and Office 365. That means messages that have the new encrypt-only policy applied can be read directly in Outlook on the web, in Outlook for iOS and Android, and now Outlook forPC versions 2019 and Office 365. Other customers will see a message with a link. That link will take Office 365 usersto Outlook on the web to read the message.Users with other email accounts will be promptedto obtain a one-time passcode and read the message in a browser window.

If the recipient is using another email client or email account, such as Gmail or Yahoo, they'll see a link that lets them either sign in to read the email message or request a one-time passcode to view the message in a web browser.

There are two primary ways to send encrypted messages.

Your admin can define rules to automatically encrypt messages that meet certain criteria. For instance, your admin can create a rule that encrypts all messages sent outside your organization or all messages that mention specific words or phrases. Any encryption rules will be applied automatically.

If you want to encrypt a message that doesn't meet a pre-defined rule or your admin hasn't set up any rules, you can apply a variety of different encryption rules before you send the message. To send an encrypted message from Outlook 2013 or 2016, or Outlook 2016 for Mac, select Options > Permissions, then select the protection option you need. You can also send an encrypted message by selecting the Protect button in Outlook on the web.

If you're in an Office 365 organization, you can read messages encrypted with the do-not-forward policy or custom protectiontemplates in Outlook 2013 and Outlook 2016 for PC, Outlook 2016 for Mac, Outlook on the web, Outlook for iOS, and Outlook for Android. Outlook on the web,and in Outlook for iOS and Android, and Outlook for PC in the Monthly Targeted Channel. Office 365 users on Semi Annual Channel will be taken to Outlook on the web to read the message.Users with other email accounts will be promptedto obtain a one-time passcode and read the message in a browser window.

To reply to an encrypted message

Choose Reply or Reply All.

On the page that appears, type a reply and choose Send. An encrypted copy of your reply message is sent to you.

If you're not using Outlook with Office 365, your encrypted message will contain a link in the message body.

Select Read the message.

Select how you'd like to sign in to read the message. If your email provider is Google, Yahoo, or Microsoft, you can select Sign in with Google, Yahoo, or Microsoft respectively. Otherwise, select sign in with a one-time passcode.

Once you receive the passcode in an email message, make a note of the passcode, then return to the web page where you requested the passcode and enter the passcode, and select CONTINUE.

Tip:Each passcode expires after 15 minutes. If that happens, or if you cant open the message for any reason, start over by opening the attachment again and following the steps.

See more here:
Send, view, and reply to encrypted messages in Outlook for ...

With recent acts of terrorism in Paris and Lebanon, news media and government have been using the word encryption as if its somehow to blame. Nonsense. Encryption is easy to understand, and if youre not using it, you should be.

Like many technologies, encryption has the potential to be misused, but that does not make it dangerous. And it doesnt mean that people who use it are dangerous or bad. But since its so commonly misunderstood and currently a media boogeyman, a few minutes with How-To Geek will help get you caught up.

While computer scientists, developers, and cryptographers have created far smarter and complex methods for doing so, at its heart, encryption is simplytaking some information that makes sense and scrambling it so it become gibberish. Turning it back into real informationvideo files, images, or simple messagescan only be done by decrypting it back from gibberish using a method called a cipher, usually relying onimportant piece of information called a key.

Already there area lot of unusual words being thrown around. If youve ever written in a secret code when you were a child, youve encrypted a sentence.A cipher can be as simple as moving a letter down in the alphabet. For example, if we take the following sentence:

This is really geeky

With this simple encryption, A becomes B, and so on. This becomes:

Uijt jt sfbmmz hfflz

If you want to make it more difficult to understand, you can easily represent letters as numbers, when A is represented by a 1, and Z by 26. With our cipher, we simply add one to our number:

208919 919 1851121225 7551125

And then when we move our letters position with our A-becomes-B-method, our encrypted message now looks like this:

2191020 1020 1962131326 8661226

In our example, our method, or cipher, is to change letters to certain numbers and add to that number to encrypt. If we wanted to, we could call ourkeythe actual information that A = 2, Y = 26, and Z = 1.

With a code this simple, sharing keys isnt necessary as any codebreaker could decipher ourcode and figure out themessage. Thankfully, comparing modern encryption methods to this is like comparingan abacus to an iPad. Intheorythere are alot of similarities, but the methods used haveyears of study and genius applied to making them richer and more challenging to decrypt without the proper keysthat is, by the users who are doing the encrypting. Its almost impossible to decrypt using brute force methods or by reassembling data back into something that looks useful, so hackers and bad guys look to humans for the weak link in encryption, not the encryption methods themselves.

Its no secret that plenty of governments get the willies when they think aboutstrong encryption. Modern computers can encrypt text messaging, images, data files, even whole partitions on hard drives and the operating systems that run them, effectively locking out anyone with the keys needed to decrypt the information on them. These could contain anything, and when it could theoretically beanything, imaginations tend to run wild. They contain stolen nuclear codes, child pornography, all kinds of stolen government secrets or, more likely, your tax documents, bank transactions, kids pictures, and other personal information you dont want others to have access to.

A lot of attention was recently drawn to the ISIL-associated terrorism suspects using encrypted methods of communication with the popular messaging service WhatsApp. The boogeyman here is strong encryption allows spooky people to communicate about who-knows-what and many prominent government and intelligence officials are taking advantage of the situation, shaping narrative to say encryption is for bad people, terrorists, and hackers. Never waste a good crisis, as the saying goes.

Many government powers have approached the Googles and Apples of the world, asking them to create encryption with secret backdoor decryption methodsclosed-source methods of encryption that hide somethingnefariousor have master keys to cipher and decrypt anything using thatparticular method.

The current CEO of Apple, Tim Cook, was quoted as saying You cant have a backdoor thats only for the good guys. Because, basically, an intentionally engineered flaw like a backdoor encryption method totally weakens the integrity of a technology we use in many aspects of our lives. Theres absolutely no guarantee that simply because something isdesigned for the good guys to use, that bad guys wont figure out how to use it. It goes without saying once this happens, all data using these methods is no longer secure.

Without putting on our tinfoil hats and getting super political, historically, governments have a tendency of being afraid of their people, and do whatever they think they can get away with to maintain control. So, unsurprisingly, the idea of these little informational black boxes created by strong encryption makes them nervous.

Its probablypretty clear to you faster than you can say the terrorists have won putting a backdoor in an infrastructure as basic as encryption would make life for us much worse, since strong encryption standards are used in web browsers, email, banking, credit card transactions, and password storage. Making those less secure for all of us just isnt a good idea.

Encryption, thankfully, is becoming the default. If youve ever noticed that little lock icon in your web browsercongratulations! Youre using encryption to send and receive data from that website. You dontfeel like a bad guy, doyou?

Basically, by establishing a secure connection, your computer uses a public key to send scrambled information to the remote system, which it then decodes using a private key (since the public key can be downloaded by anyone, but only decrypted using the private key). Since it can be difficult to ensure that nobody can intercept your messages, emails, or banking data, but encryption can turn your information into gibberish that they cant use, so your transactions remain safe. Chances are, youre already doing lots of encrypted message and data transmission and you didnt even realize it.

Nearly everyone in tech is awareit needs to simply be standard and is pushing the idea of encryption by default. Simply because you dont have anything to hide doesnt mean you shouldnt value your privacy, particularly in these days when preventing cybercrime, data theft, and hacking scandals isbecoming more and more critical to our safety and financial well-being.

Speaking simply, computers and the Internet have allowed us to open ourselves up and become more vulnerable than ever before to these privacy concerns, and encryption is one of the only methods of keeping yourself safe. Many years ago, if you were speaking to someone face to face and saw nobody around, you could feel reasonably secure that nobody was eavesdropping on you. Now, without encryption, theres basically no privacy in any kind of communication, at all, ever.

When should a normal user incorporate encryption into their digital life? Certainly, if any of your messaging services or accounts offer HTTPS (HTTP over SSL, an encryption standard) you should opt-in. In this day and age, you shouldnt even have to opt-in; it should be on by default! If a service does not allow for encrypted connections and it allows you to send any kind of sensitive data (credit card numbers, family members names, phone numbers, Social Security numbers, etc.) simply opt not to usethat website. But realistically, any modern website with a login will most likely create a secure, encrypted connection.

Should you keep thepictures, documents and other important files on your PC in an encrypted container or disk? Perhaps. You can do thisby using encrypted file containers or by lockingwhole disks using software. Some years back,popular cross-platform encryption software TrueCrypt suddenly and mysteriously asked users to stop using their software, insisting their product was insecure, and shutdown all development.In a final message to their users,TrueCrypturged them to migrate their data tothe Microsoft product, Bitlocker,now part of some versions of Windows. TrueCrypt was a standard tool for whole disk encryption, along with other software like bcrypt or Filevault. Whole disk encryption is also possible using BitLocker, or, if you prefer open-source methods, by using LUKS onLinux systems, or the successor to TrueCrypt, VeraCrypt.

You very likely do not need to encrypt the files that are actually onyour PC to stop hackers and data thieves from taking them. It is not a bad idea to do so to keep important files in a crypt to keep them out of the hands of other people who may get a chance to use your computer. Encryption doesnt need to be spooky or dangerous; it can simply be thought of as a digital privacy fence, and a way to keep honest people honest. Simply because you like your neighbors doesnt mean you always want them to be able to watch you!

The same can be said for all digital messaging services, whether theyre on your phone, tablet, or on your PC. If youre not using encryption, you have little to no guarantee that your messages arent being intercepted by others, nefarious or not. If this matters to youand perhaps it should matter to all of usyou have an increasing number of options. It is worth noting that some services like iMessage from Apple send encrypted messages by default, but communicate through Apple servers, and they could conceivably be read and stored there.

Hopefully weve helped to dispel some of the misinformation surrounding this misunderstood technology. Simply because someone chooses to keep their information private doesnt mean that they are doing somethingsinister. Allowing the conversation about encryption to be entirely about terrorism and not about basic privacy and prevention of identity theft is fundamentally bad for all of us. Its not a thing to be feared or misunderstood, but rather a tool that all of us should use as we see fit, without the stigma of being used only for evil purposes.

If youre interested in learning more about encryption methods, here are some How-To Geek classics, as well as some software that we recommend to start incorporating encryption into your digital life.

How to Set Up BitLocker Encryption on Windows

3 Alternatives to the Now-Defunct TrueCrypt for Your Encryption Needs

HTG Explains: When Should You Use Encryption?

Image Credits:Christiaan Colen,Mark Fischer,Intel Free Press,Sarah(Flickr),Valery Marchive,Walt Jabsco.

More here:
What is Encryption, and Why Are People Afraid of It?

Windows 10 sometimes uses encryption by default, and sometimes doesntits complicated. Heres how to check if your Windows 10 PCs storage is encrypted and how to encrypt it if it isnt.Encryption isnt just about stopping the NSAits about protecting your sensitivedata in case you ever lose your PC, which is something everyoneneeds.

Unlike all other modern consumer operating systemsmacOS, Chrome OS, iOS, and AndroidWindows 10 still doesnt offer integrated encryption tools to everyone. You may have to pay for the Professional edition of Windows 10 or use a third-party encryption solution.

RELATED: Windows 8.1 Will Start Encrypting Hard Drives By Default: Everything You Need to Know

Many new PCs that ship with Windows 10 will automatically have Device Encryption enabled.This feature was first introduced in Windows 8.1, andthere are specific hardware requirements for this. Not every PC will have this feature, but some will.

Theres another limitation, tooit only actually encrypts your driveif you sign into Windowswitha Microsoft account. Your recovery key is then uploaded to Microsofts servers. This will help you recover your files if you ever cant log into your PC. (This is also why the FBIlikely isnt too worried about this feature, but were just recommendingencryption as a means to protect your data fromlaptop thieves here. If youre worried about the NSA, you may want to use a different encryption solution.)

Device Encryption will also be enabled if you sign into an organizations domain. For example, you might sign into a domain owned by your employer or school. Your recovery key would then be uploaded to your organizations domain servers. However, this doesnt apply to the average persons PConly PCs joined to domains.

To check if Device Encryption is enabled, open the Settings app, navigate to System > About, and look for a Device encryption setting at the bottom of the About pane. If you dont see anything about Device Encryption here, your PC doesnt support Device Encryption and its not enabled. If Device Encryption is enabledor if you can enable it by signing in with a Microsoft accountyoull see a message saying so here.

RELATED: Should You Upgrade to the Professional Edition of Windows 10?

If Device Encryption isnt enabledor if you want a more powerful encryption solution that can also encrypt removable USB drives, for exampleyoull want to use BitLocker. Microsofts BitLocker encryption tool has been part of Windows for several versions now, and its generally well regarded. However, Microsoft still restricts BitLocker to Professional, Enterprise, and Education editions of Windows 10.

BitLocker is most secure on a computer that contains Trusted Platform Module (TPM) hardware, which most modern PCs do. You can quickly check whether your PC has TPM hardware from within Windows, or check with your computers manufacturer if youre not sure.If you built your own PC, you may able to add a TPM chip to it. Search for a TPM chip thats sold as an add-on module. Youll need one that supports the exact motherboard inside your PC.

RELATED: How to Use BitLocker Without a Trusted Platform Module (TPM)

Windows normally says BitLocker requires a TPM, but theres a hidden option that allows you to enable BitLocker without a TPM. Youll have to use a USB flash drive as a startup key that must be present every boot if you enable this option.

If you already have a Professional edition of Windows 10 installed on your PC, you can search for BitLocker in the Start menu and use the BitLocker control panel to enable it. If you upgraded for free from Windows 7 Professional or Windows 8.1 Professional, you should have Windows 10 Professional.

If you dont have a Professional edition of Windows 10, you can pay $99 to upgrade your Windows 10 Home to Windows 10 Professional. Just open the Settings app, navigate to Update & security > Activation, and click the Go to Store button.Youll gain access to BitLocker and the other features that Windows 10 Professional includes.

Security expert Bruce Schneier also likes a proprietary full-disk encryption tool for Windows named BestCrypt. Its fully functional on Windows 10 with modern hardware. However, this tool costs $99the same price as an upgrade to Windows 10 Professionalso upgrading Windows to take advantage of BitLocker may be a better choice.

RELATED: 3 Alternatives to the Now-Defunct TrueCrypt for Your Encryption Needs

Spending another $99 just to encrypt your hard drive for some additional security can be a tough sell when modern Windows PCs often only cost a few hundred bucks in the first place. You dont have to pay the extra money for encryption, because BitLocker isnt the only option. BitLocker is the most integrated, well-supported optionbut there are other encryption tools you can use.

The venerable TrueCrypt, an open-source full-disk encryption tool that is no longer being developed, has some issues with Windows 10 PCs. It cant encrypt GPT system partitions and boot them using UEFI, a configuration most Windows 10 PCs use. However, VeraCryptan open-source full-disk encryption tool based on the TrueCrypt source codedoes support EFI system partition encryption as of versions 1.18a and 1.19.

In other words, VeraCrypt should allow you to encrypt your Windows 10 PCs system partition for free.

RELATED: How to Secure Sensitive Files on Your PC with VeraCrypt

TrueCrypts developers did famously shut down development and declare TrueCrypt vulnerable and unsafe to use, but the jury is still out on whether this is true.Much of the discussion around this centers on whether the NSA and other security agencies have a way to crack this open-source encryption. If youre just encrypting your hard drive so thieves cant access your personal files if they steal your laptop, you dont have to worry about this. TrueCrypt should be more than secure enough. The VeraCrypt project has also made security improvements, and should potentially be more secure than TrueCrypt. Whether youre encrypting just a few files or your entire system partition, its what we recommend.

Wed like to see Microsoft give more Windows 10 users access to BitLockeror at least extend Device Encryption so it can be enabled on more PCs. Modern Windows computers should have built-in encryption tools, just like all other modern consumer operating systems do. Windows 10 users shouldnt have to pay extra or hunt down third-party software to protect their important data if their laptops are ever misplaced or stolen.

View original post here:
How to Enable Full-Disk Encryption on Windows 10

MDaemon uses a layered approach to email encryption for safely sending your emails and attachments. On the client-side, MDaemon Webmail users can enable basic encryption features when sending emails and attachments within Webmail. On the server-side, Administrators have the ability to use encryption, decryption, and basic key management capabilities.

MDaemon Webmail uses HTTPS connections to power its webmail encryption

MDaemon supports Open PGP to power its server-side email encryption

When composing a message, MDaemon Webmail users can use the Advanced Options screen to instruct MDaemon to encrypt the message, retrieve their public key, or retrieve the public key of another user (if available). This greatly simplifies the process of sending secure, encrypted email using MDaemon PGP.

On the server side, OpenPGP for MDaemon has been added to give administrators the ability to use encryption, decryption, and basic key management capabilities through OpenPGP support.

This additional layer helps administrators who want to ensure user compliance by managing encryption settings at the server versus the user implemented client level. Also, MDaemon's Content Filter now contains actions to encrypt and decrypt messages. And finally, server-side encryption capabilities are beneficial when using email archiving with MDaemon.

MDaemon Webmail has a unique setting that allows it to be used as basic public key server. When this feature is enabled, Webmail will honor requests for your users' public keys using a specially formatted URL. Additionally, MDaemon's OpenPGP feature supports collection of public keys over DNS. This helps to automate the process of exchanging encryption keys.

MDaemon's OpenPGP features can verify embedded signatures found within messages. This helps the recipient ensure that the message is authentic. MDaemon Webmail will display an icon or text label for verified messages. Webmail will also display labels for messages with valid DKIM signatures, messages decrypted by OpenPGP, and messages signed with an OpenPGP key.

Automated Encryption Key Exchange allows the process of exchanging public keys for OpenPGP to take place during the SMTP message delivery process. When this feature is enabled, authorized users will no longer need to manually send their public key to another user from whom they wish to receive encrypted email.

See the original post:
Email Encryption Options for MDaemon Email Server

If you're looking for a simple way to keep files and folders private on your Windows computer, you have several options right in front of you. Thanks to the Microsoft Office Suite, you can use a built-in encryption feature to password-protect Office files, such as Word documents or PowerPoint presentations.

Some Windows operating systems also come with Encrypting File System (EFS), which lets you encrypt any kind of file, as well as whole folders and subfolders. Note, however, that EFS is only available for Windows 10 Pro, Windows 7 Professional, Windows 7 Ultimate, Windows 7 Enterprise, Windows 8 Pro or Windows 8 Enterprise. Users with a Home edition of Windows will need to use either Office Suite encryption or a third-party solution, such as TrueCrypt, VeraCrypt or 7-Zip.

Illustration: Toms GuideTo set up your Windows encryption, you'll want to follow these step-by-step instructions.

MORE: Best Password Managers

Before you start altering your files, there are some tips you need to keep in mind.

This process encrypts individual files compatible with Microsoft Office applications such as Word, PowerPoint or Excel. Once you encrypt a file this way, you'll need to reopen it in Microsoft Office; you won't be able to open it in Google Docs, Adobe Reader or LibreOffice. These steps work for all up-to-date versions of Office, across Windows 7 and Windows 10.

1. Open a Microsoft Office program and click Open Other Documents.

2. Click Browse.

3. Select a file you want to encrypt and click Open.

4. Click the File tab at the top of the page.

5. Click "Protect Document" on the left side.

3. Select Encrypt with Password from the pop-up menu.

4. Enter a password for the file. You'll be prompted to re-enter the same password, then click OK. After you exit this file, you'll have to enter the same password to reopen it. Be sure to store this password in a separate, safe place.

You're not quite done yet, though. One of the flaws with Microsoft Office's encryption is that unencrypted versions of recently opened files might still be stored in your computer's temporary memory. You'll want to go clear that out after you've encrypted a file.

1. Click the Start button.

2. Type "Disk Cleanup" into the text field and select Disk Cleanup.

3. Wait for the loading bar to complete, it's calculating how many files it will be able to delete.

4. After the window "Disk Cleanup for OS (C:) appears, check the box next to "Temporary files" (you may need to scroll down) and click OK.

5. A new pop-up window will appear asking you to confirm the deletion. Click Delete Files.

6. Youll see a new pop-up window (pictured below) with a loading bar running as your files are deleted. Once it's finished, the window will disappear and the temporary files are gone.

EFS works by letting you apply encryption to already-existing files or folders in your file system. You can still edit or modify these files or folders following the encryption process. With EFS you won't notice any change in the way you access your files; all you have to do is log in to your Windows account at startup and the files will be accessible. However, this means that you need to pick a strong, difficult-to-guess password for your Windows user account. Note: Step 7 is time-sensitive, so make sure to click the "Back up your file encryption key" prompt after confirming attribute changes in step 6. Missing that prompt means you'll need to start over again.

1. Right-click on the file or folder you wish to encrypt.

2. Click Properties selection at the bottom of the menu.

3. Click Advanced under the General tab. This will bring up a second pop-up window entitled Advanced Attributes.

4. Check "Encrypt contents to secure data."

5. Click OK.

6. Click Apply.

7. Choose how extensive you want the encryption to be, click OK. You can choose to encrypt just that folder, or to encrypt all of the folder's subfolders and files. We recommend the latter. Whichever you choose, click that option and then press OK.

8. Make sure to click the "Back up your file encryption key" pop-up message before it disappears. If you miss the pop-up message, you'll need to restart your machine and try again.

The computer creates an encryption key using an encryption certificate provided by Microsoft. Now your file or folder is encrypted, you won't need a password to access it other than the password you use to sign into your Windows profile when you turn the computer on.

You should back up that encryption key to a separate device, because if that key is ever lost or damaged, you won't be able to access your encrypted files. The easiest method is with an external USB drive, so plug one into your PC before starting.

1. Click the option "Back up now (recommended)."

2. Click Next.

3. Click Next again.

4. Check the box next to Password, enter your password twice and click Next.

5. Click Browse.

6. Navigate to a directory, such as a USB drive, name your encryption key and click save.

7. Click Next.

8. Click Finish.

9. Click OK, now eject your USB drive (or wherever you stored the file) and keep it somewhere safe where you'll remember it.

Windows' built-in encryption isn't a perfect solution. If you encrypt a single file, the computer stores an unencrypted version of that file in its temporary memory, so a savvy snoop can still access it.

It's fairly easy for an attacker to break Windows encryption using a brute-force attack, which is when an attacker uses a program that methodically guesses every possible combination of letters and numbers, starting with common passwords.

MORE: Your Router's Security Stinks: Here's How to Fix It

If you're very serious about security and privacy, you might not trust a Microsoft solution. The FBI and NSA can require U.S. companies to hand over data or encryption keys. For those reasons, we suggest using a free third-party service, such as TrueCrypt, its successor VeraCrypt or WinZip.

Read this article:
How to Encrypt Files on Windows - Tutorial - Toms Guide

Data encryption, also called encryption or encipherment, the process of disguising information as ciphertext, or data unintelligible to an unauthorized person. Conversely, decryption, or decipherment, is the process of converting ciphertext back into its original format. Manual encryption has been used since Roman times, but the term has become associated with the disguising of information via electronic computers. Encryption is a process basic to cryptology.

Computers encrypt data by applying an algorithmi.e., a set of procedures or instructions for performing a specified taskto a block of data. A personal encryption key, or name, known only to the transmitter of the message and its intended receiver, is used to control the algorithms encryption of the data, thus yielding unique ciphertext that can be decrypted only by using the key.

Since the late 1970s, two types of encryption have emerged. Conventional symmetric encryption requires the same key for both encryption and decryption. A common symmetric encryption system is the Advanced Encryption Standard (AES), an extremely complex algorithm approved as a standard by the U.S. National Institute of Standards and Technology. Asymmetric encryption, or public-key cryptography, requires a pair of keys; one for encryption and one for decryption. It allows disguised data to be transferred between allied parties at different locations without also having to transfer the (not encrypted) key. A common asymmetric encryption standard is the RSA (Rivest-Shamir-Adleman) algorithm.

Encryption keys selected at random and of sufficient length are considered almost impregnable. A key 10 characters long selected from the 256 available ASCII characters could take roughly 40 billion centuries to decode, assuming that the perpetrator was attempting 10,000 different keys per second.

Excerpt from:
Data encryption | cryptology | Britannica.com