diff --git a/_data/nav/2_software.yml b/_data/nav/2_software.yml index 6f3892dea9..02c9cf189e 100644 --- a/_data/nav/2_software.yml +++ b/_data/nav/2_software.yml @@ -21,7 +21,7 @@ items: - type: link title: File Encryption Tools icon: fad fa-file-certificate - file: legacy_pages/software/file-encryption.html + file: _evergreen/encryption-software.md - type: link title: File Sharing and Sync icon: fad fa-file-user diff --git a/_data/software/encryption-browser-based/1_hat-sh.yml b/_data/software/encryption-browser-based/1_hat-sh.yml new file mode 100644 index 0000000000..2630e41d03 --- /dev/null +++ b/_data/software/encryption-browser-based/1_hat-sh.yml @@ -0,0 +1,10 @@ +title: hat.sh +type: Recommendation +logo: /assets/img/encryption-software/hat-sh.png +logo_dark: /assets/img/encryption-software/hat-sh-dark.png +description: | + **Hat.sh** is a web application that provides secure client-side file encryption in your browser. It can also be selfhosted and is useful if you need to encrypt a file but cannot install any software on your device due to organizational policies. +website: 'https://hat.sh' +downloads: + - icon: fab fa-github + url: 'https://github.com/sh-dv/hat.sh' diff --git a/_data/software/encryption-commandline/1_kryptor.yml b/_data/software/encryption-commandline/1_kryptor.yml new file mode 100644 index 0000000000..39310ec4f8 --- /dev/null +++ b/_data/software/encryption-commandline/1_kryptor.yml @@ -0,0 +1,16 @@ +title: Kryptor +type: Recommendation +logo: /assets/img/encryption-software/kryptor.png +description: | + **Kryptor** is a free and open source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, user friendly alternative to GPG. +privacy_policy: '' +website: 'https://www.kryptor.co.uk' +downloads: + - icon: fab fa-windows + url: 'https://www.kryptor.co.uk' + - icon: fab fa-apple + url: 'https://www.kryptor.co.uk' + - icon: fab fa-linux + url: 'https://www.kryptor.co.uk' + - icon: fab fa-github + url: 'https://github.com/samuel-lucas6/Kryptor' diff --git a/_data/software/encryption-commandline/2_tomb.yml b/_data/software/encryption-commandline/2_tomb.yml new file mode 100644 index 0000000000..634dcd7c32 --- /dev/null +++ b/_data/software/encryption-commandline/2_tomb.yml @@ -0,0 +1,9 @@ +title: Tomb +type: Recommendation +logo: /assets/img/encryption-software/tomb.png +description: | + **Tomb** is an is a commandline shell wrapper around LUKS. It includes uses some [third party tools](https://github.com/dyne/Tomb#how-does-it-work) to provide [steganography](https://en.wikipedia.org/wiki/Steganography). +website: 'https://www.dyne.org/software/tomb' +downloads: + - icon: fab fa-github + url: 'https://github.com/dyne/Tomb' diff --git a/_data/software/encryption-multi-platform/1_veracrypt.yml b/_data/software/encryption-multi-platform/1_veracrypt.yml new file mode 100644 index 0000000000..5054a3ef04 --- /dev/null +++ b/_data/software/encryption-multi-platform/1_veracrypt.yml @@ -0,0 +1,16 @@ +title: VeraCrypt +type: Recommendation +logo: /assets/img/encryption-software/veracrypt.svg +description: | + **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication. VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed. +privacy_policy: '' +website: 'https://veracrypt.fr' +downloads: + - icon: fab fa-windows + url: 'https://www.veracrypt.fr/en/Downloads.html' + - icon: fab fa-apple + url: 'https://www.veracrypt.fr/en/Downloads.html' + - icon: fab fa-linux + url: 'https://www.veracrypt.fr/en/Downloads.html' + - icon: fab fa-github + url: 'https://www.veracrypt.fr/code' diff --git a/_data/software/encryption-multi-platform/2_gnupg.yml b/_data/software/encryption-multi-platform/2_gnupg.yml new file mode 100644 index 0000000000..73ab9775d3 --- /dev/null +++ b/_data/software/encryption-multi-platform/2_gnupg.yml @@ -0,0 +1,26 @@ +title: GNU Privacy Guard +type: Recommendation +logo: /assets/img/encryption-software/gnupg.svg +description: | + **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems. GnuPG is a part of the Free Software Foundation's GNU software project, and has received major funding from the German government. +privacy_policy: 'https://gnupg.org/privacy-policy.html' +website: 'https://gnupg.org' +downloads: + - icon: fab fa-windows + url: 'https://gpg4win.org/download.html' + - icon: fab fa-apple + url: 'https://gpgtools.org' + - icon: fab fa-linux + url: 'https://gnupg.org/download/index.html#binary' + - icon: fab fa-freebsd + url: 'https://www.freshports.org/security/gnupg' + - icon: pg-openbsd + url: 'http://openports.se/security/gnupg' + - icon: pg-netbsd + url: 'http://pkgsrc.se/security/gnupg' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain' + - icon: pg-f-droid + url: 'https://f-droid.org/app/org.sufficientlysecure.keychain' + - icon: fab fa-git + url: 'https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git' diff --git a/_data/software/encryption-multi-platform/3_cryptomator.yml b/_data/software/encryption-multi-platform/3_cryptomator.yml new file mode 100644 index 0000000000..eda56d6ba2 --- /dev/null +++ b/_data/software/encryption-multi-platform/3_cryptomator.yml @@ -0,0 +1,22 @@ +title: Cryptomator +type: Recommendation +logo: /assets/img/encryption-software/cryptomator.svg +description: | + **Cryptomator** makes it easy for you to upload files to the cloud in a virtual encrypted filesystem. The software was [audited](https://cryptomator.org/open-source/) by [cure53](https://cryptomator.org/audits/2017-11-27%20crypto%20cure53.pdf). +privacy_policy: 'https://cryptomator.org/privacy' +website: 'https://cryptomator.org' +downloads: + - icon: fab fa-windows + url: 'https://cryptomator.org/downloads/' + - icon: fab fa-apple + url: 'https://cryptomator.org/downloads/' + - icon: fab fa-linux + url: 'https://cryptomator.org/downloads/' + - icon: fab fa-google-play + url: 'https://play.google.com/store/apps/details?id=org.cryptomator' + - icon: fab fa-app-store-ios + url: 'https://apps.apple.com/us/app/cryptomator-2/id1560822163' + - icon: fab fa-android + url: 'https://cryptomator.org/android' + - icon: fab fa-github + url: 'https://github.com/cryptomator' diff --git a/_data/software/encryption-multi-platform/4_picocrypt.yml b/_data/software/encryption-multi-platform/4_picocrypt.yml new file mode 100644 index 0000000000..59bb756719 --- /dev/null +++ b/_data/software/encryption-multi-platform/4_picocrypt.yml @@ -0,0 +1,17 @@ +title: Picocrypt +type: Recommendation +logo: /assets/img/encryption-software/picocrypt.svg +description: | + **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features. + + We think the best usecase for this is if you need to encrypt some files, or archives. +website: 'https://github.com/HACKERALERT/Picocrypt' +downloads: + - icon: fab fa-windows + url: 'https://github.com/HACKERALERT/Picocrypt/releases' + - icon: fab fa-apple + url: 'https://github.com/HACKERALERT/Picocrypt/releases' + - icon: fab fa-linux + url: 'https://github.com/HACKERALERT/Picocrypt/releases' + - icon: fab fa-github + url: 'https://github.com/HACKERALERT/Picocrypt' diff --git a/_data/software/encryption-operating-system/1_bitlocker.yml b/_data/software/encryption-operating-system/1_bitlocker.yml new file mode 100644 index 0000000000..ba83bad7d7 --- /dev/null +++ b/_data/software/encryption-operating-system/1_bitlocker.yml @@ -0,0 +1,6 @@ +title: Bitlocker +type: Recommendation +logo: /assets/img/encryption-software/bitlocker.png +description: | + **Bitlocker** is the default full volume encryption that comes with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [Elcomsoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it: [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-bitlocker-tpm-protection/). +website: 'https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview' diff --git a/_data/software/encryption-operating-system/2_filevault.yml b/_data/software/encryption-operating-system/2_filevault.yml new file mode 100644 index 0000000000..e4ffb68cbd --- /dev/null +++ b/_data/software/encryption-operating-system/2_filevault.yml @@ -0,0 +1,6 @@ +title: Filevault +type: Recommendation +logo: /assets/img/encryption-software/filevault.png +description: | + **Filevault** is the on-the-fly disk encryption that comes with MacOS. We recommend it because tightly intergrates with the [Apple T2 Security Chip](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/1/web/1). +website: 'https://support.apple.com/en-us/HT204837' diff --git a/_data/software/encryption-operating-system/3_luks.yml b/_data/software/encryption-operating-system/3_luks.yml new file mode 100644 index 0000000000..86d3219edf --- /dev/null +++ b/_data/software/encryption-operating-system/3_luks.yml @@ -0,0 +1,30 @@ +title: Linux Unified Key Setup (LUKS) +type: Recommendation +logo: /assets/img/encryption-software/luks.png +description: | + **LUKS** is the default full disk encryption method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers. + + ## Creating encrypted containers +
+ dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress + sudo cryptsetup luksFormat /path-to-file ++ + ## Opening encrypted containers + We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can now unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface. + +
+ udisksctl loop-setup -f /path-to-file + udisksctl unlock -b /dev/loop0 ++ + ## Backup of volume headers + We recommend you always [backup your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with: + +
+ cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img ++website: 'https://gitlab.com/cryptsetup/cryptsetup' +downloads: + - icon: fab fa-gitlab + url: 'https://gitlab.com/cryptsetup/cryptsetup' diff --git a/_includes/legacy/sections/file-encryption.html b/_includes/legacy/sections/file-encryption.html deleted file mode 100644 index aeeba3a037..0000000000 --- a/_includes/legacy/sections/file-encryption.html +++ /dev/null @@ -1,44 +0,0 @@ -