Securing Confidential Files

It is frequently important to protect the contents of a file to ensure it remains confidential. For example, if you wish to securely share a document via an attachment on an email message, the file contents must be encrypted to prevent the file from being accessed if it is forwarded or saved to a public location. The following is a list of methods you can securely store and share documents which are sensitive or confidential, and this requires encryption.

There are two important points to remember with file encryption.

It is vital you do not transmit the encryption password via the same method as the encrypted data. You should use another method to provide the password to the recipient. For example, if you are sending an encrypted file via email, you can send the password in a paper-based letter, or tell it to the recipient on the phone.
Do not lose your password (encryption key). If you do, the files encrypted will not be accessible any longer.

Using Microsoft Office

Windows	The currently supported versions of Microsoft Office for Windows can encrypt a file using strong encryption. Versions prior to Office 2007 only used very weak encryption which can easily be bypassed and should not be used. Microsoft provide their own guidance on protecting Office files. This guidance includes instructions on encryption under the sections "Encrypt with Password". Office 2010, 2013 and 2016
Mac	Microsoft provide their own guidance on protecting Office files. This guidance includes instructions on encryption under the sections "Encrypt with Password". Office 2016 for Mac, Office for Mac 2011

Windows

The currently supported versions of Microsoft Office for Windows can encrypt a file using strong encryption. Versions prior to Office 2007 only used very weak encryption which can easily be bypassed and should not be used.

Microsoft provide their own guidance on protecting Office files. This guidance includes instructions on encryption under the sections "Encrypt with Password".

Office 2010, 2013 and 2016

Mac

Microsoft provide their own guidance on protecting Office files. This guidance includes instructions on encryption under the sections "Encrypt with Password".

Office 2016 for Mac, Office for Mac 2011

Using PDFs

Encrypted PDF files can be a good method for transmitted and storing data. Encrypted PDF files can be read with most PDF readers, including Adobe Reader. Below are various methods for creating a PDF protected by a password.

Microsoft Word	1. Create your document or open an existing PDF document using Word 2. From the File menu select Save As 3. Browse to a location to save the document 4. Select PDF (*.pdf) as the document type and click the Options... button 5. In the PDF options section check the Encrypt the document with a password option (Highlighted): 6. You will be prompted to type in the password twice and then click OK:
Adobe	Adobe provide their own guidance on encrypting a PDF by adding a password to the file: Adobe Acrobat 2017, Adobe Acrobat DC
Nuance	Nuance Power PDF is the supported PDF tool at the University of Regina. Nuance provides guidance on how to create an "Open password " so that the document can not be viewed without the password: Microsoft provide their own guidance on protecting Office files. This guidance includes instructions on encryption under the sections "Encrypt with Password". Nuance Power PDF
Pdftk	Pdftk Server is a free set of command line tools for modifying PDF files. Is available for Mac, Windows, and Linux. Pdftk Server Once installed, you can encrypt a PDF file with the following terminal command: pdftk MyFile.pdf output MyFile_encrypted.pdf user_pw PasswordGoesHere Note: Replace file names and password as appropriate.

Microsoft

Word

1. Create your document or open an existing PDF document using Word
2. From the File menu select Save As
3. Browse to a location to save the document
4. Select PDF (*.pdf) as the document type and click the Options... button
5. In the PDF options section check the Encrypt the document with a password option (Highlighted):

Password options for Word PDF Creation

6. You will be prompted to type in the password twice and then click OK:

Password options for Word PDF Creation

Adobe

Adobe provide their own guidance on encrypting a PDF by adding a password to the file:

Adobe Acrobat 2017, Adobe Acrobat DC

Nuance

Nuance Power PDF is the supported PDF tool at the University of Regina. Nuance provides guidance on how to create an "Open password " so that the document can not be viewed without the password:

Microsoft provide their own guidance on protecting Office files. This guidance includes instructions on encryption under the sections "Encrypt with Password".

Nuance Power PDF

Pdftk

Pdftk Server is a free set of command line tools for modifying PDF files. Is available for Mac, Windows, and Linux.

Pdftk Server

Once installed, you can encrypt a PDF file with the following terminal command:

pdftk MyFile.pdf output MyFile_encrypted.pdf user_pw PasswordGoesHere

Note: Replace file names and password as appropriate.

Using Encrypted Zip Files

Zip files allow allow one or more files to be encrypted within a single file. When adding encryption to a zip file, files cannot be extracted without the password.

Windows	On most managed computers, zip files can be created and read with the software 7-Zip. The program can be should already be installed on managed systems. On unmanaged or personally owned PCs, 7-Zip can be install for free: 7-Zip To create an encrypted zip file with 7-Zip: Start 7-Zip, and in the main screen, select the file that you wish to encrypt Click the Add button. This will open the Add to Archive window Set Archive format to zip Set Encryption method to AES-256 Enter a strong password (See our guidance for choosing a strong password) Click OK You will now find a new file with a .zip extension in the same folder as the original file. The contents of this zip file can be accessed only with knowledge of the password.
Mac	One option for secure zip encryption on Mac OS X is to use iZip, which is a free download: iZip To create an encrypted zip file with iZip: Start iZip and click New Click Specify name In the Save As field, enter the name you want to give the encrypted zip file, select the location you want to save it in the Where field, then click Create When asked about password protection, tick Enable password protection and enter a strong password (See our guidance for choosing a strong password) When asked about using encryption, choose AES 256 bit iZip will then ask you which files and folders you want to add to the encrypted zip file. When you have finished adding your files/folders, click Next iZip will display a summary of the options you've selected, click Next and your encrypted zip file will be created.
Linux	The following instructions are based on Ubuntu 14.04. Other Linux distros may be similar but not identical. You can use p7zip (a Linux command line version of 7-Zip on Windows) to create encrypted zip files. You can install p7zip with the following terminal command: sudo apt-get install p7zip-full Once p7zip is installed, encrypted zip files can be created with the following terminal command: 7za a -y -tzip -p -mem=AES256 archivename.zip /path/to/filestoencrypt You will be prompted to enter a password for your encrypted zip file, which will then be saved to your current location in the terminal. You can see a list of all available commands and switches in p7zip with the following terminal command: 7za -h

Windows

On most managed computers, zip files can be created and read with the software 7-Zip. The program can be should already be installed on managed systems.

On unmanaged or personally owned PCs, 7-Zip can be install for free:

7-Zip

To create an encrypted zip file with 7-Zip:

Start 7-Zip, and in the main screen, select the file that you wish to encrypt
Click the Add button. This will open the Add to Archive window
Set Archive format to zip
Set Encryption method to AES-256
Enter a strong password (See our guidance for choosing a strong password)
Click OK

You will now find a new file with a .zip extension in the same folder as the original file. The contents of this zip file can be accessed only with knowledge of the password.

Mac

One option for secure zip encryption on Mac OS X is to use iZip, which is a free download:

iZip

To create an encrypted zip file with iZip:

Start iZip and click New
Click Specify name
In the Save As field, enter the name you want to give the encrypted zip file, select the location you want to save it in the Where field, then click Create
When asked about password protection, tick Enable password protection and enter a strong password (See our guidance for choosing a strong password)
When asked about using encryption, choose AES 256 bit
iZip will then ask you which files and folders you want to add to the encrypted zip file. When you have finished adding your files/folders, click Next
iZip will display a summary of the options you've selected, click Next and your encrypted zip file will be created.

Linux

The following instructions are based on Ubuntu 14.04. Other Linux distros may be similar but not identical.

You can use p7zip (a Linux command line version of 7-Zip on Windows) to create encrypted zip files. You can install p7zip with the following terminal command:

sudo apt-get install p7zip-full

Once p7zip is installed, encrypted zip files can be created with the following terminal command:

7za a -y -tzip -p -mem=AES256 archivename.zip /path/to/filestoencrypt

You will be prompted to enter a password for your encrypted zip file, which will then be saved to your current location in the terminal.

You can see a list of all available commands and switches in p7zip with the following terminal command:

7za -h

Using File Encryption Software

Tools such as VeraCrypt can encrypt a single file or a file container. See the resources page on File Encryption with VeraCrypt.