University of Reading cookie policy

We use cookies on reading.ac.uk to improve your experience, monitor site performance and tailor content to you.

Read our cookie policy to find out how to manage your cookie settings.

Encryption of files

What is encryption?

Encryption is a method of scrambling or locking the contents of a file so that only intended recipients can read it by unlocking the file with a special key, which is often a password but the key can also be a private file which only the intended recipient holds.

Why encrypt files?

Sometimes you may be required to send sensitive information to another party as an email attachment. There is usually no way of ensuring that the entire path from the sender to the recipient is safe and free from prying onlookers who could intercept the attachment and make their own copy.

One way of ensuring that only the sender and recipient can read an attachment is to encrypt it, passing the special key via a different channel, e.g. over the phone or as a text message. It is critically important that the key is not sent by the same method as the attachment, as then the prying onlookers would have both the file and the means to unlock it.

How should I encrypt the file?

There are several methods available to encrypt a file. The University of Reading have opted, for now, to use the simplest and most compatible method which is also free to use. This is achieved by converting the file into an encrypted ZIP file using the free Windows tool called "7-Zip". 7-Zip runs on Windows XP, Vista, 7 or 8 and the installation process is very simple. It may be downloaded from their website here:

http://7-zip.org/download.html

Select the second link down if you're running a 32-bit version of Windows or the third link down if you're running a 64-bit version of Windows. If you're not sure then open your C: drive in Windows File Explorer. If you see a folder called "Program Files (x86)" then you're running 64-bit Windows and need the third download link; otherwise you're running 32-bit Windows and need the second download link. Install the program as you would any other (the defaults are all fine) but see below if you're not running Windows XP.

Extra installation step if running Windows Vista, 7 or 8

The later versions of Windows, i.e. not Windows XP, need to install 7-Zip as an admin, not as a regular user. To do this, right-click on the 7-Zip installation file which was downloaded and select "Run as Administrator" rather than simply double-clicking on it as one normally would.

You'll also find that if you want to change any 7-Zip options then you should run 7-Zip as an admin by right-clicking on "7-Zip File Manager" in your Start menu and selecting "Run as Administrator".

Using 7-Zip to encrypt your file

To encrypt a file with 7-Zip simply right-click on the file in question and select the 7-Zip menu entry. In the sub-menu which follows select "Add to archiveā€¦". You can highlight as many files as you wish it needn't be just one.

Selecting this option will present you with the following window, and you only need pay attention to the highlighted options. Select zip format, a very good long password (at least 12 characters is preferred), and the AES-256 method. Note that if you have trouble thinking of good passwords we recommend the use of a password generator such as PWGen.

A copy of your file will now be encrypted as a zip file, which may only be reopened again by opening it and entering the very good long password which you entered. It is recommended that you test your zip file before emailing it to someone by entering the password, as very rarely it doesn't work.

Assuming that all is well, you may now send the email as an attachment but whatever you do never, ever send the password by email or you've defeated the whole point of the exercise. You're only doing this encryption because you can't trust intermediaries, so don't give them the password too! In the email you should state that the password will follow via another channel.

It is recommended that you either give out the password over the phone, or send it as a text message or instant message.

Further considerations

You should be careful with the selection of the original unencrypted file name (not to be confused with the name of the zip file). Even without the password an unauthorised user will see the name of the original file, and this may spark their interest to persist in cracking the password. For example, if they see that the file name is meaningless (e.g. "bob's_list.txt", or coded in some way "abc123_part1x.doc", they are less likely to be interested in it than if it were called "my_list_of_passwords.docx" or "my_banking_details.xls".

On rare occasions you may hear back from the recipient that the file wouldn't open and it gave an error message. This is nothing to worry about and simply means that they don't have any modern file archiving software installed on their PC such as 7-Zip, WinZip or WinRAR. In this case simply re-create the zip file again but this time select the ZipCrypto encryption method (the only other choice) rather than AES-256. This isn't as secure, but it's more compatible with Windows PCs.

On even rarer occasions your recipient may tell you that they also have 7-Zip installed too. This is great news as you may then select the "7z" archive format instead of the zip format. This is not only more efficient, but also only allows the secure AES-256 encryption method and also allows encryption of the file names themselves (be aware that encrypted "zip" files still let you see the file name, even if you do not know the password).


Installation steps if using a Mac

Creating an encrypted disk image on a Mac
How to create an encrypted disk image on a Mac, as a secure container for files.

The steps here show the basic outline, but Apple change the details with each new version of the Operating System. Take these steps as a guide.

Open Disk Utility found in the Utilities folder (/Applications/Utilities).
Click the New Image button, or choose New then Blank Disk Image from the Disk Utility File menu.
Enter a name in the Save As: field. This name is used for the disk image (.dmg) file.
Change the save destination if you wish to.
Mac OS X encrypt disk image window
Change the volume name to match the disk image name.
Select a size for the image file from the Volume Size drop-down menu, or use Custom to set the space you require.
The default Mac OS X Extended (Journaled) volume format will be correct in most cases, if you wish to change it use the drop-down menu.
Choose an image format. You can use sparse disk image for a disk image that only uses as much space as it needs, rather than a set amount of space. If you're not sure use the read/write disk image choice.
From the Encryption: drop-down choose 256-bit AES if available, otherwise choose 128-bit AES to encrypt the image's contents with a password.
Click the Create button.
Enter and verify a good password in the dialog window that appears. This password will be saved in your keychain by default, it is recommended that you deselect this. Note: If you forget this password then the files stored within the disk image will be inaccessible.
Click OK.

Things to do now

Download Encryption Policy (PDF-369KB)

Contact IMPS