diff --git a/_data/nav/2_software.yml b/_data/nav/2_software.yml
index 906f36b255..3beef9e33f 100644
--- a/_data/nav/2_software.yml
+++ b/_data/nav/2_software.yml
@@ -21,7 +21,7 @@ items:
- type: link
title: File Encryption Tools
icon: fad fa-file-certificate
- file: legacy_pages/software/file-encryption.html
+ file: _evergreen/encryption-software.md
- type: link
title: File Sharing and Sync
icon: fad fa-file-user
diff --git a/_data/software/encryption-browser-based/1_hat-sh.yml b/_data/software/encryption-browser-based/1_hat-sh.yml
new file mode 100644
index 0000000000..bb011be858
--- /dev/null
+++ b/_data/software/encryption-browser-based/1_hat-sh.yml
@@ -0,0 +1,10 @@
+title: hat.sh
+type: Recommendation
+logo: /assets/img/encryption-software/hat-sh.png
+logo-dark: /assets/img/encryption-software/hat-sh-dark.png
+description: |
+ **Hat.sh** is a web application that provides secure client-side file encryption in your browser. It can also be selfhosted and is useful if you need to encrypt a file but cannot install any software on your device due to organizational policies.
+website: 'https://hat.sh'
+downloads:
+ - icon: fab fa-github
+ url: 'https://github.com/sh-dv/hat.sh'
diff --git a/_data/software/encryption-commandline/1_kryptor.yml b/_data/software/encryption-commandline/1_kryptor.yml
new file mode 100644
index 0000000000..a086ec0fd6
--- /dev/null
+++ b/_data/software/encryption-commandline/1_kryptor.yml
@@ -0,0 +1,16 @@
+title: Kryptor
+type: Recommendation
+logo: /assets/img/encryption-software/kryptor.png
+description: |
+ **Kryptor** is a free and open source file encryption tool that simplifies the use of [age](https://github.com/FiloSottile/age) and [minisign](https://jedisct1.github.io/minisign/).
+privacy_policy: ''
+website: 'https://www.kryptor.co.uk'
+downloads:
+ - icon: fab fa-windows
+ url: 'https://www.kryptor.co.uk'
+ - icon: fab fa-apple
+ url: 'https://www.kryptor.co.uk'
+ - icon: fab fa-linux
+ url: 'https://www.kryptor.co.uk'
+ - icon: fab fa-github
+ url: 'https://github.com/samuel-lucas6/Kryptor'
diff --git a/_data/software/encryption-commandline/2_tomb.yml b/_data/software/encryption-commandline/2_tomb.yml
new file mode 100644
index 0000000000..634dcd7c32
--- /dev/null
+++ b/_data/software/encryption-commandline/2_tomb.yml
@@ -0,0 +1,9 @@
+title: Tomb
+type: Recommendation
+logo: /assets/img/encryption-software/tomb.png
+description: |
+ **Tomb** is an is a commandline shell wrapper around LUKS. It includes uses some [third party tools](https://github.com/dyne/Tomb#how-does-it-work) to provide [steganography](https://en.wikipedia.org/wiki/Steganography).
+website: 'https://www.dyne.org/software/tomb'
+downloads:
+ - icon: fab fa-github
+ url: 'https://github.com/dyne/Tomb'
diff --git a/_data/software/encryption-multi-platform/1_veracrypt.yml b/_data/software/encryption-multi-platform/1_veracrypt.yml
new file mode 100644
index 0000000000..8c46946f5a
--- /dev/null
+++ b/_data/software/encryption-multi-platform/1_veracrypt.yml
@@ -0,0 +1,16 @@
+title: VeraCrypt
+type: Recommendation
+logo: /assets/img/encryption-software/veracrypt.svg
+description: |
+ **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device with pre-boot authentication. VeraCrypt is a fork of the discontinued TrueCrypt project. It was initially released on June 22, 2013. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
+privacy_policy: ''
+website: 'https://veracrypt.fr'
+downloads:
+ - icon: fab fa-windows
+ url: 'https://www.veracrypt.fr/en/Downloads.html'
+ - icon: fab fa-apple
+ url: 'https://www.veracrypt.fr/en/Downloads.html'
+ - icon: fab fa-linux
+ url: 'https://www.veracrypt.fr/en/Downloads.html'
+ - icon: fab fa-github
+ url: 'https://www.veracrypt.fr/code'
diff --git a/_data/software/encryption-multi-platform/2_gnupg.yml b/_data/software/encryption-multi-platform/2_gnupg.yml
new file mode 100644
index 0000000000..73ab9775d3
--- /dev/null
+++ b/_data/software/encryption-multi-platform/2_gnupg.yml
@@ -0,0 +1,26 @@
+title: GNU Privacy Guard
+type: Recommendation
+logo: /assets/img/encryption-software/gnupg.svg
+description: |
+ **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems. GnuPG is a part of the Free Software Foundation's GNU software project, and has received major funding from the German government.
+privacy_policy: 'https://gnupg.org/privacy-policy.html'
+website: 'https://gnupg.org'
+downloads:
+ - icon: fab fa-windows
+ url: 'https://gpg4win.org/download.html'
+ - icon: fab fa-apple
+ url: 'https://gpgtools.org'
+ - icon: fab fa-linux
+ url: 'https://gnupg.org/download/index.html#binary'
+ - icon: fab fa-freebsd
+ url: 'https://www.freshports.org/security/gnupg'
+ - icon: pg-openbsd
+ url: 'http://openports.se/security/gnupg'
+ - icon: pg-netbsd
+ url: 'http://pkgsrc.se/security/gnupg'
+ - icon: fab fa-google-play
+ url: 'https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain'
+ - icon: pg-f-droid
+ url: 'https://f-droid.org/app/org.sufficientlysecure.keychain'
+ - icon: fab fa-git
+ url: 'https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git'
diff --git a/_data/software/encryption-multi-platform/3_cryptomator.yml b/_data/software/encryption-multi-platform/3_cryptomator.yml
new file mode 100644
index 0000000000..01e0d713c0
--- /dev/null
+++ b/_data/software/encryption-multi-platform/3_cryptomator.yml
@@ -0,0 +1,22 @@
+title: Cryptomator
+type: Recommendation
+logo: /assets/img/encryption-software/cryptomator.svg
+description: |
+ **Cryptomator** makes it easy for for you to upload files ot the cloud in an virtual encrypted filesystem. The software was [audited](https://cryptomator.org/open-source/) by [cure53](https://cryptomator.org/audits/2017-11-27%20crypto%20cure53.pdf).
+privacy_policy: 'https://cryptomator.org/privacy'
+website: 'https://cryptomator.org'
+downloads:
+ - icon: fab fa-windows
+ url: 'https://cryptomator.org/downloads/'
+ - icon: fab fa-apple
+ url: 'https://cryptomator.org/downloads/'
+ - icon: fab fa-linux
+ url: 'https://cryptomator.org/downloads/'
+ - icon: fab fa-google-play
+ url: 'https://play.google.com/store/apps/details?id=org.cryptomator'
+ - icon: fab fa-app-store-ios
+ url: 'https://apps.apple.com/us/app/cryptomator-2/id1560822163'
+ - icon: fab fa-android
+ url: 'https://cryptomator.org/android'
+ - icon: fab fa-github
+ url: 'https://github.com/cryptomator'
diff --git a/_data/software/encryption-multi-platform/4_picocrypt.yml b/_data/software/encryption-multi-platform/4_picocrypt.yml
new file mode 100644
index 0000000000..084aa5ae20
--- /dev/null
+++ b/_data/software/encryption-multi-platform/4_picocrypt.yml
@@ -0,0 +1,17 @@
+title: Picocrypt
+type: Recommendation
+logo: /assets/img/encryption-software/picocrypt.svg
+description: |
+ **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for it's encryption features.
+
+ We think the best usecase for this is if you need to encrypt some files, or archives.
+website: 'https://github.com/HACKERALERT/Picocrypt'
+downloads:
+ - icon: fab fa-windows
+ url: 'https://github.com/HACKERALERT/Picocrypt/releases'
+ - icon: fab fa-apple
+ url: 'https://github.com/HACKERALERT/Picocrypt/releases'
+ - icon: fab fa-linux
+ url: 'https://github.com/HACKERALERT/Picocrypt/releases'
+ - icon: fab fa-github
+ url: 'https://github.com/HACKERALERT/Picocrypt'
diff --git a/_data/software/encryption-operating-system/1_bitlocker.yml b/_data/software/encryption-operating-system/1_bitlocker.yml
new file mode 100644
index 0000000000..5fd9a9d9b6
--- /dev/null
+++ b/_data/software/encryption-operating-system/1_bitlocker.yml
@@ -0,0 +1,6 @@
+title: Bitlocker
+type: Recommendation
+logo: /assets/img/encryption-software/bitlocker.png
+description: |
+ **Bitlocker** is the default full volume encryption that comes with Microsoft Windows. Over the years there has been development since it was released in 2007 and the main reason we recommend it is because of it's [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [Elcomsoft](https://en.wikipedia.org/wiki/ElcomSoft) a forensics company has written about it: [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-bitlocker-tpm-protection/).
+website: 'https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview'
diff --git a/_data/software/encryption-operating-system/2_filevault.yml b/_data/software/encryption-operating-system/2_filevault.yml
new file mode 100644
index 0000000000..5d3bf6e519
--- /dev/null
+++ b/_data/software/encryption-operating-system/2_filevault.yml
@@ -0,0 +1,6 @@
+title: Filevault
+type: Recommendation
+logo: /assets/img/encryption-software/filevault.png
+description: |
+ **Filevault** is the on-the-fly disk encryption that comes with MacOS. The reason we recommend it, is because it tightly intergrates with the [Apple T2 Security Chip](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/1/web/1).
+website: 'https://support.apple.com/en-us/HT204837'
diff --git a/_data/software/encryption-operating-system/3_luks.yml b/_data/software/encryption-operating-system/3_luks.yml
new file mode 100644
index 0000000000..e47efc5751
--- /dev/null
+++ b/_data/software/encryption-operating-system/3_luks.yml
@@ -0,0 +1,30 @@
+title: Linux Unified Key Setup (LUKS)
+type: Recommendation
+logo: /assets/img/encryption-software/luks.png
+description: |
+ **LUKS** is the default full disk encryption method for Linux. It can be used to encrypt full volumes, partitions or create encrypted containers.
+
+ ## Creating encrypted containers
+
+
+ ## Opening encrypted containers
+ We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments can now unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
+
+
+
+ ## Backup of volume headers
+ We recommend you always [backup your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
+
+
- If you are currently not using encryption software for your hard disk, emails, or file archives, you should pick one here.
-
-
-{%
- include legacy/cardv2.html
- title="VeraCrypt - Disk Encryption"
- image="/assets/img/legacy_svg/3rd-party/veracrypt.svg"
- image-dark="/assets/img/legacy_svg/3rd-party/veracrypt-dark.svg"
- description="VeraCrypt is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device with pre-boot authentication. VeraCrypt is a fork of the discontinued TrueCrypt project. It was initially released on June 22, 2013. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed."
- website="https://veracrypt.fr/"
- git="https://www.veracrypt.fr/code/"
- windows="https://www.veracrypt.fr/en/Downloads.html"
- linux="https://www.veracrypt.fr/en/Downloads.html"
- mac="https://www.veracrypt.fr/en/Downloads.html"
-%}
-
-{%
- include legacy/cardv2.html
- title="GNU Privacy Guard - Email Encryption"
- image="/assets/img/legacy_svg/3rd-party/gnupg.svg"
- description="GnuPG is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems. GnuPG is a part of the Free Software Foundation's GNU software project, and has received major funding from the German government."
- website="https://gnupg.org/"
- privacy-policy="https://gnupg.org/privacy-policy.html"
- git="https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git"
- windows="https://gpg4win.org/download.html"
- linux="https://gnupg.org/download/index.html#binary"
- freebsd="https://www.freshports.org/security/gnupg/"
- openbsd="http://openports.se/security/gnupg"
- netbsd="http://pkgsrc.se/security/gnupg"
- mac="https://gpgtools.org/"
- fdroid="https://f-droid.org/app/org.sufficientlysecure.keychain"
- googleplay="https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain"
-%}
-
-
Worth Mentioning
-
-
-
Cryptomator - Free client-side AES encryption for your cloud files. Open source software: No backdoors, no registration.
-
Linux Unified Key Setup (LUKS) - A full disk encryption system for Linux using dm-crypt as the disk encryption backend. Included by default in Ubuntu. Available for Windows and Linux.
-
Tomb - A simple zsh script for making LUKS containers on the commandline.
-
Hat.sh - A web application that provides secure client-side file encryption in your browser. It can also be selfhosted.
-
Kryptor - Free and open source file encryption software for Windows, macOS, and Linux.
-
diff --git a/assets/img/encryption-software/bitlocker.png b/assets/img/encryption-software/bitlocker.png
new file mode 100644
index 0000000000..dcc8f474f0
Binary files /dev/null and b/assets/img/encryption-software/bitlocker.png differ
diff --git a/assets/img/encryption-software/cryptomator.svg b/assets/img/encryption-software/cryptomator.svg
new file mode 100644
index 0000000000..f0bd11f522
--- /dev/null
+++ b/assets/img/encryption-software/cryptomator.svg
@@ -0,0 +1,2 @@
+
+
diff --git a/assets/img/encryption-software/filevault.png b/assets/img/encryption-software/filevault.png
new file mode 100644
index 0000000000..d306ba0b80
Binary files /dev/null and b/assets/img/encryption-software/filevault.png differ
diff --git a/assets/img/legacy_svg/3rd-party/gnupg.svg b/assets/img/encryption-software/gnupg.svg
similarity index 100%
rename from assets/img/legacy_svg/3rd-party/gnupg.svg
rename to assets/img/encryption-software/gnupg.svg
diff --git a/assets/img/encryption-software/hat-sh-dark.png b/assets/img/encryption-software/hat-sh-dark.png
new file mode 100644
index 0000000000..0c5931e967
Binary files /dev/null and b/assets/img/encryption-software/hat-sh-dark.png differ
diff --git a/assets/img/encryption-software/hat-sh.png b/assets/img/encryption-software/hat-sh.png
new file mode 100644
index 0000000000..f514b78097
Binary files /dev/null and b/assets/img/encryption-software/hat-sh.png differ
diff --git a/assets/img/encryption-software/kryptor.png b/assets/img/encryption-software/kryptor.png
new file mode 100644
index 0000000000..08669e020c
Binary files /dev/null and b/assets/img/encryption-software/kryptor.png differ
diff --git a/assets/img/encryption-software/luks.png b/assets/img/encryption-software/luks.png
new file mode 100644
index 0000000000..566254942a
Binary files /dev/null and b/assets/img/encryption-software/luks.png differ
diff --git a/assets/img/encryption-software/picocrypt.svg b/assets/img/encryption-software/picocrypt.svg
new file mode 100644
index 0000000000..53c41f508b
--- /dev/null
+++ b/assets/img/encryption-software/picocrypt.svg
@@ -0,0 +1,2 @@
+
+
diff --git a/assets/img/encryption-software/tomb.png b/assets/img/encryption-software/tomb.png
new file mode 100644
index 0000000000..a7de2dd8e4
Binary files /dev/null and b/assets/img/encryption-software/tomb.png differ
diff --git a/assets/img/legacy_svg/3rd-party/veracrypt-dark.svg b/assets/img/encryption-software/veracrypt-dark.svg
similarity index 100%
rename from assets/img/legacy_svg/3rd-party/veracrypt-dark.svg
rename to assets/img/encryption-software/veracrypt-dark.svg
diff --git a/assets/img/legacy_svg/3rd-party/veracrypt.svg b/assets/img/encryption-software/veracrypt.svg
similarity index 100%
rename from assets/img/legacy_svg/3rd-party/veracrypt.svg
rename to assets/img/encryption-software/veracrypt.svg
diff --git a/collections/_evergreen/cloud.md b/collections/_evergreen/cloud.md
index 759326bfee..c8f26f4dcf 100644
--- a/collections/_evergreen/cloud.md
+++ b/collections/_evergreen/cloud.md
@@ -2,9 +2,9 @@
layout: evergreen
title: Cloud Storage
description: |
- If you are currently using a Cloud Storage Service like Dropbox, Google Drive, Microsoft OneDrive or Apple iCloud, you are putting complete trust in your service provider to not look at your files.
+ If you are currently using a Cloud Storage Service like Dropbox, Google Drive, Microsoft OneDrive or Apple iCloud, you are putting complete trust in your service provider to not look at your files.
- Consider reducing the need to trust your provider, by using an alternative below that supports [end-to-end encryption](https://wikipedia.org/wiki/End-to-end_encryption) (E2EE).
+ Consider reducing the need to trust your provider, by using an alternative below that supports [end-to-end encryption](https://wikipedia.org/wiki/End-to-end_encryption) (E2EE).
---
{% for item_hash in site.data.providers.cloud %}
diff --git a/collections/_evergreen/encryption-software.md b/collections/_evergreen/encryption-software.md
new file mode 100644
index 0000000000..3337530f59
--- /dev/null
+++ b/collections/_evergreen/encryption-software.md
@@ -0,0 +1,50 @@
+---
+layout: evergreen
+title: Cloud Storage
+description: |
+ Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails, or file archives, you should pick one here.
+---
+
+## Multi-platform
+The options listed here are multi-platform and great for creating encrypted backups of your data.
+
+{% for item_hash in site.data.software.encryption-multi-platform %}
+{% assign item = item_hash[1] %}
+
+{% if item.type == "Recommendation" %}
+{% include recommendation-card.html %}
+{% endif %}
+{% endfor %}
+
+## Operating system included Full Disk Encryption (FDE)
+Modern operating systems often include [disk encryption](https://en.wikipedia.org/wiki/Disk_encryption) and will of a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor).
+
+{% for item_hash in site.data.software.encryption-operating-system %}
+{% assign item = item_hash[1] %}
+
+{% if item.type == "Recommendation" %}
+{% include recommendation-card.html %}
+{% endif %}
+{% endfor %}
+
+## Browser-based
+Web based encryption can be useful when you need to encrypt a file, and you cannot install software or apps on your device.
+
+{% for item_hash in site.data.software.encryption-browser-based %}
+{% assign item = item_hash[1] %}
+
+{% if item.type == "Recommendation" %}
+{% include recommendation-card.html %}
+{% endif %}
+{% endfor %}
+
+## Command-line
+Tools with commandline interfaces are useful for intergrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script).
+
+{% for item_hash in site.data.software.encryption-commandline %}
+{% assign item = item_hash[1] %}
+
+{% if item.type == "Recommendation" %}
+{% include recommendation-card.html %}
+{% endif %}
+{% endfor %}
diff --git a/legacy_pages/software/file-encryption.html b/legacy_pages/software/file-encryption.html
deleted file mode 100644
index 40f9d1534d..0000000000
--- a/legacy_pages/software/file-encryption.html
+++ /dev/null
@@ -1,9 +0,0 @@
----
-layout: page
-permalink: /software/file-encryption/
-title: "File Encryption Software"
-description: "Get working and collaborating without sharing your documents with a middleman or trusting a cloud provider."
----
-
-{% include legacy/sections/file-encryption.html %}
-