OFFICIAL SECURITY BLOG
July 29, 2013 | BY Pieter Arntz
Encrypting files and folders is a way to protect them from unwanted access. Although modern Windows versions do have built-in options to store files in an encrypted format on your hard disk, you may be looking for another option.
So, after looking at how to send and receive encrypted mail, I’d like to discuss using file encryption.
To keep out anything from nosy roommates to aggressive competitors, you can encrypt files, so they can only be accessed by the holder of the key needed to decrypt the files.
Make sure you do not lose your keys or passphrase to unlock the files /drives or you could end up in an even worse off than the victims of the Birele ransomware — this ransomware encrypts all your files and offers to sell you the password needed to access them again.
We’ll be looking at Gpg4win again for the encryption software.
Gpg4win supports both relevant cryptography standards, OpenPGP and S/MIME (X.509), and is the official GnuPG distribution for Windows. It is maintained by the developers of GnuPG. GnuPG is a volume and individual file encryption tool with support for a dozen encryption schemes, paired keys, and expiring signatures. GnuPG does not only provide local file encryption; it is, thanks to paired encryption and public key servers, a great tool for encrypted communication.
Please note, regular old GnuPG is a command line tool.
First you need to install Gpg4Win if you haven’t already. Or re-install it if you left out a few options the last time.
Download the installer from gpg4win.org
Run the installer and follow the prompts.
Kleopatra is a Certificate Manager and Unified Crypto GUI. Claws Mail is an email client (and news reader). Those two are optional in this case. The compendium might have its use but is also optional.
To ensure a complete installation, close all windows that could interfere.
You may need to reboot to get ready for the next step. The installer will prompt you if this is necessary.
Next step: Generate a key pair.
In the Start menu find the shortcut to GPA under the Gpg4win entry and click it. In the prompt shown below click “Generate key now” or in the menu click “Keys” > “New key…”
You will be prompted for your name, email-address, passphrase and asked if you want to create a backup.
You can make a backup now or later, but you are advised to make one and store it outside of the computer, in case anything happens to it.
The passphrase is extremely important as well. There is no way to recover it if you ever forget the passphrase. So try to use something that is easy for you to remember but difficult for anyone else to guess. I have both the backup and the passphrase stored on a USB stick away from the computer.
When you are done you should see this in the Key Manager.
When this was done successfully you can start encrypting (and decrypting) files. Run GPA again and under the Windows menu you will find the File Manager. Click it and use the file browser to select the file(s) you wish to encrypt (or decrypt).
Select the key you wish to use, if necessary (if you have more than one).
A file with a gpg extension will be created. These files will need to be Decrypted before they can be accessed. Decrypting works pretty much the same. Select the file(s) with the pgp extension that you want to decrypt and click on Decrypt. One difference is that you will be asked for your passphrase before the file is decrypted.
There are many more options like sending encrypted files to other people, but this will be fairly easy once you have practiced the basics about file encryption and even easier if you have already been using encrypted mail.
Conclusion: encrypting files is easy if you find the proper tools. Your choice may be different then mine. It doesn’t matter very much which ones you use as long as they suit you. My hope is that we have handed you a starting point for using encryption, should you ever feel the need.
More reading material: