WebSensitiveInformation

From UMIACS
Jump to navigation Jump to search

Overview

In order to maintain maximum security, we do not store any sensitive information on our web servers. Such information is encrypted in memory upon receipt and sent to a designated email address, the owner of which will decrypt it using a email encryption/decryption program.

The recommended email encryption/decryption software at UMIACS is WinPT (Windows Privacy Tray), a small and powerful software from http://winpt.wald.intevation.org/. It is freely available to all users. It must be noted that you need GnuPG 1.4.11 or higher installed on your computer to use WinPT. You can download GnuPG for free from the GnuPG website.

WinPT Instructions

The first time you run this program, you will be asked to generate your "keypair". A keypair contains a public key, which is usually used for encryption, and a private key, which is used for decryption.

Now you are ready to encrypt and decrypt messages. To do so:

  1. Simply copy the text you wish to encrypt/decrypt into the Windows clipboard (i.e., use "copy" or "ctrl-v")
  2. Click on the WinPT icon in the lower-right corner of the screen
  3. Select the approriate menu item
  4. Follow the on-screen prompts.

To have others send you encrypted messages, you must give them your public key. To do so: export your public key (There are three different ways to do this, reference this manual to decide which is best for you.), and send it to the other side. Never distribute your private key.

In the case of the standard UMIACS setup for accepting sensitive information online, such as credit card information, social security number, etc, it is mandatory that we use encrypted messages. Send your public key to webmaster@umiacs.umd.edu and clearly indicate which online form this is for.

Extra Links

For an even more in-depth guide, consult this over-simplified WinPT Tutorial.