Differences between revisions 1 and 5 (spanning 4 versions)
Revision 1 as of 2011-08-05 10:53:18
Size: 6334
Editor: kondek
Comment:
Revision 5 as of 2015-05-20 10:03:48
Size: 6179
Editor: tirpak
Comment:
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:

Topic: Secure File Transmission and Encryption <<BR>>
Audience: Students, Faculty and Staff <<BR>>
Creation Date: August 5, 2011 <<BR>>
Author: Chitralekha Gopalaiah <<BR>>
Topic: Secure File Transmission and Encryption <<BR>> Audience: Students, Faculty and Staff <<BR>> Creation Date: August 5, 2011 <<BR>> Author: Chitralekha Gopalaiah <<BR>>
Line 16: Line 12:
Encryption refers to algorithmic schemes that encode plain text into non-readable form or cyphertext, thereby providing privacy. The receiver of the encrypted text uses a "key" to decrypt the message, returning it to its original plain text form.  Encryption refers to algorithmic schemes that encode plain text into non-readable form or cyphertext, thereby providing privacy. The receiver of the encrypted text uses a "key" to decrypt the message, returning it to its original plain text form.
Line 22: Line 18:
Encryption is commonly used in protecting information within many kinds of civilian systems.  Encryption is commonly used in protecting information within many kinds of civilian systems.
Line 24: Line 20:
 * Encryption can be used to protect data "at rest", such as files on computers and storage devices (e.g. USB flash drives).   * Encryption can be used to protect data "at rest", such as files on computers and storage devices (e.g. USB flash drives).
Line 26: Line 22:
 * Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature.   * Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature.
Line 39: Line 35:
File Transmission<<BR>>
In practice, there are several types of file transmissions most users perform, including the transmission of files through SFTP (secure file transfer protocol), submitting forms by a Web server, and sending e-mail.
Information transferred in this way should be encrypted before transmission. Transferring unencrypted files with these methods means the files travel as plain text, ready to be intercepted and interpreted by anyone.
Many PGP programs exist to allow a user to encrypt a file. Other stronger methods exist for purchase, including products made by RSA security. The advantage of using these programs is that the encryption can be tested before the file is sent, ensuring its usefulness.
usefulness.
File Transmission<<BR>> In practice, there are several types of file transmissions most users perform, including the transmission of files through SFTP (secure file transfer protocol), submitting forms by a Web server, and sending e-mail. Information transferred in this way should be encrypted before transmission. Transferring unencrypted files with these methods means the files travel as plain text, ready to be intercepted and interpreted by anyone. Many PGP programs exist to allow a user to encrypt a file. Other stronger methods exist for purchase, including products made by RSA security. The advantage of using these programs is that the encryption can be tested before the file is sent, ensuring its usefulness. usefulness.
Line 45: Line 37:
SSL<<BR>>
The final encrypted transmission method is SSL (secure sockets layer). SSL is a method of encrypting all the communications between computers. It is used to encrypt and decrypt communications between a Web browser and a Web server. Whenever you use URLs beginning with https://, you're using SSL. SSL is included with security capable Netscape browsers. SSL uses technology based on the commercially available public key encryption products of RSA, Inc. SSL itself is an open standard, and the algorithms are free to all. SSL libraries can be used to encrypt all traffic among computers, because the encryption occurs at a level that makes it transparent to both the user and any programs he or she is running.
SSL<<BR>> The final encrypted transmission method is SSL (secure sockets layer). SSL is a method of encrypting all the communications between computers. It is used to encrypt and decrypt communications between a Web browser and a Web server. Whenever you use URLs beginning with https://, you're using SSL. SSL is included with security capable Netscape browsers. SSL uses technology based on the commercially available public key encryption products of RSA, Inc. SSL itself is an open standard, and the algorithms are free to all. SSL libraries can be used to encrypt all traffic among computers, because the encryption occurs at a level that makes it transparent to both the user and any programs he or she is running.
Line 52: Line 43:
1. Download and follow the instructions to install the software:<<BR>>
http://www.gnupg.org/download/index.html (look for the Binaries section to make your life easier)<<BR>>
1. Download and follow the instructions to install the software:<<BR>> http://www.gnupg.org/download/index.html (look for the Binaries section to make your life easier)<<BR>>
Line 57: Line 47:
3. Export your public key so that you can give it to others. Run a command similar to this one (replace key name with the key name that you chose when you generated the key pair):
gpg --armor --output !YourCompany.asc --export "!YourCompany "<<BR>>
3. Export your public key so that you can give it to others. Run a command similar to this one (replace key name with the key name that you chose when you generated the key pair): gpg --armor --output !YourCompany.asc --export "!YourCompany "<<BR>>
Line 62: Line 51:
5. Sign their public key. You need to know their User ID (the name that they gave their key). Run the command gpg --sign-key "their User ID"
To encrypt files, use the following format:
gpg --yes -eq -r "their User ID" -o encrypted_file.pgp file_to_encrypt<<BR>>
5. Sign their public key. You need to know their User ID (the name that they gave their key). Run the command gpg --sign-key "their User ID"<<BR>> To encrypt files, use the following format: gpg --yes -eq -r "their User ID" -o encrypted_file.pgp file_to_encrypt<<BR>>
Line 66: Line 53:
6. To decrypt files, use the following format:<<BR>>
gpg -o decrypted_file_name file_to_decrypt.pgp<<BR>>
6. To decrypt files, use the following format:<<BR>> gpg -o decrypted_file_name file_to_decrypt.pgp<<BR>>
Line 71: Line 57:
Yes, We use GoAnywhere tool for encryption, decryption and transmission of files, which in turn uses PGP encryption and decryption.
Help document for GoAnywhere can be found at https://goanywhere.oakland.edu/goanywhere/webhelp/goanywhere.htm
Yes, We use !GoAnywhere tool for encryption, decryption and transmission of files, which in turn uses PGP encryption and decryption. Help document for !GoAnywhere can be found at https://goanywhere.oakland.edu/goanywhere/webhelp/goanywhere.htm
Line 76: Line 61:
Contact database application team for any questions <<BR>>
Lakshmi Maktala ([email protected]) <<BR>>
Chitra Gopalaiah (go[email protected]) <<BR>>
Milus Earl Jones (ejones
@oakland.edu) <<BR>>
Contact database application team for any questions <<BR>> Lakshmi Maktala ( [email protected] ) <<BR>> Mike Cox ( cox@oakland.edu ) <<BR>>
Line 82: Line 64:
For further help, please email [[mailto:[email protected]|<<MailTo(helpdesk@oakland.edu)>>]], visit us at 202 Kresge Library or call (248)370-4357 Monday-Friday, 8 am - 5 pm. For further help, please email [[mailto:[email protected]|<<MailTo(ut[email protected])>>]].

HelpdeskDocsTemplate/logo.png HelpdeskDocsTemplate/UTS.png

User Documentation for Secure File Transmission and Encryption


Topic: Secure File Transmission and Encryption
Audience: Students, Faculty and Staff
Creation Date: August 5, 2011
Author: Chitralekha Gopalaiah

What is encryption?

Encryption refers to algorithmic schemes that encode plain text into non-readable form or cyphertext, thereby providing privacy. The receiver of the encrypted text uses a "key" to decrypt the message, returning it to its original plain text form.

Encryption is used to protect the confidentiality of information when it must reside or be transmitted through otherwise unsafe environments. Encryption is also used for "digital signatures" to authenticate the origin of messages or data.

Where is encryption used?

Encryption is commonly used in protecting information within many kinds of civilian systems.

  • Encryption can be used to protect data "at rest", such as files on computers and storage devices (e.g. USB flash drives).
  • Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks.
  • Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature.
  • Digital signature and encryption must be applied at message creation time (i.e. on the same device it has been composed) to avoid tampering. Otherwise any node between the sender and the encryption agent could potentially tamper it.

Under what circumstances do I need secure file transmissions?

If you are sending or receiving data classified as Confidential under University Policy #860 Information Security, you need to have the permission of the data steward and you need to use a process for "secure file transmission."

What is a secure file transmission?

In a secure file transmission, the data file is encrypted, the transmission method is encrypted, and whenever possible the delivery points are secured so that the file may not be transmitted to an unauthorized location.

How is the transmission encrypted?

File Transmission
In practice, there are several types of file transmissions most users perform, including the transmission of files through SFTP (secure file transfer protocol), submitting forms by a Web server, and sending e-mail. Information transferred in this way should be encrypted before transmission. Transferring unencrypted files with these methods means the files travel as plain text, ready to be intercepted and interpreted by anyone. Many PGP programs exist to allow a user to encrypt a file. Other stronger methods exist for purchase, including products made by RSA security. The advantage of using these programs is that the encryption can be tested before the file is sent, ensuring its usefulness. usefulness.

SSL
The final encrypted transmission method is SSL (secure sockets layer). SSL is a method of encrypting all the communications between computers. It is used to encrypt and decrypt communications between a Web browser and a Web server. Whenever you use URLs beginning with https://, you're using SSL. SSL is included with security capable Netscape browsers. SSL uses technology based on the commercially available public key encryption products of RSA, Inc. SSL itself is an open standard, and the algorithms are free to all. SSL libraries can be used to encrypt all traffic among computers, because the encryption occurs at a level that makes it transparent to both the user and any programs he or she is running.

How do I encrypt and decrypt a file?

We use PGP for encryption and decryption. Below are the steps.

1. Download and follow the instructions to install the software:
http://www.gnupg.org/download/index.html (look for the Binaries section to make your life easier)

2. Generate a public/private key pair: Go to your GnuPG install directory and type in gpg --gen-key. The default settings are usually good (DSA (1024 bit) and Elgamal (2048 bit)/never expires).

3. Export your public key so that you can give it to others. Run a command similar to this one (replace key name with the key name that you chose when you generated the key pair): gpg --armor --output YourCompany.asc --export "YourCompany "

4. To encrypt a file for someone else to decrypt you have to import their public key. Copy their public key file to your GnuPG install directory and run the command gpg --import other_persons_pub_key_file.asc

5. Sign their public key. You need to know their User ID (the name that they gave their key). Run the command gpg --sign-key "their User ID"
To encrypt files, use the following format: gpg --yes -eq -r "their User ID" -o encrypted_file.pgp file_to_encrypt

6. To decrypt files, use the following format:
gpg -o decrypted_file_name file_to_decrypt.pgp

Does Oakland university use any tool for transmission and enrcyption of files?

Yes, We use GoAnywhere tool for encryption, decryption and transmission of files, which in turn uses PGP encryption and decryption. Help document for GoAnywhere can be found at https://goanywhere.oakland.edu/goanywhere/webhelp/goanywhere.htm

Who do I contact for assistance?

Contact database application team for any questions
Lakshmi Maktala ( [email protected] )
Mike Cox ( [email protected] )


For further help, please email <<MailTo([email protected])>>.