WebSensitiveInformation: Difference between revisions

From UMIACS
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 1: Line 1:
==Overview==
In order to maintain maximum security, we do not store any sensitive information on our web servers. Such information is encrypted in memory upon receipt and sent to a designated email address, the owner of which will decrypt it using a email encryption/decryption program.
In order to maintain maximum security, we do not store any sensitive information on our web servers. Such information is encrypted in memory upon receipt and sent to a designated email address, the owner of which will decrypt it using a email encryption/decryption program.


The recommended email encryption/decryption software at UMIACS is WinPT (Windows Privacy Tray), a small and powerful software from http://winpt.sourceforge.net/en/. It is freely available to all users.
The recommended email encryption/decryption software at UMIACS is WinPT (Windows Privacy Tray), a small and powerful software from http://winpt.wald.intevation.org/. It is freely available to all users. It must be noted that you need GnuPG 1.4.11 or higher installed on your computer to use WinPT. You can download GnuPG for free from the [https://www.gnupg.org/ GnuPG website].


==WinPT Instructions==
The first time you run this program, you will be asked to generate your "keypair". A keypair contains a public key, which is usually used for encryption, and a private key, which is used for decryption.
The first time you run this program, you will be asked to generate your "keypair". A keypair contains a public key, which is usually used for encryption, and a private key, which is used for decryption.


Now you are ready to encrypt and decrypt messages. To do so, simply copy the text you wish to encrypt/decrypt into the Windows clipboard (i.e., use "copy" or "ctrl-v"), click on the WinPT icon in the lower-right corner of the screen, select the approriate menu item, and follow the on-screen prompts.
Now you are ready to encrypt and decrypt messages. To do so:
#Simply copy the text you wish to encrypt/decrypt into the Windows clipboard (i.e., use "copy" or "ctrl-v")
#Click on the WinPT icon in the lower-right corner of the screen
# Select the approriate menu item
# Follow the on-screen prompts.


To have others send you encrypted messages, you must give them your public key. To do so, export your public key (consult the WinPT manual on how to do this), and send it to the other side. Never distribute your private key.
To have others send you encrypted messages, you must give them your public key. To do so:
export your public key (There are three different ways to do this, reference this [http://www.mavi1.org/web_security/cryptography/pgp/gnupg-frontend/WinPT/winpt-handbook-0.2rc2.pdf manual] to decide which is best for you.), and send it to the other side. Never distribute your private key.


In the case of the standard UMIACS setup for accepting sensitive information online, such as credit card information, social security number, etc, it is mandatory that we use encrypted messages. Send your public key to webmaster@umiacs.umd.edu and clearly indicate which online form this is for.
'''In the case of the standard UMIACS setup for accepting sensitive information online, such as credit card information, social security number, etc, it is mandatory that we use encrypted messages. Send your public key to webmaster@umiacs.umd.edu and clearly indicate which online form this is for.'''
 
==Extra Links==
For an even more in-depth guide, consult [http://sebsauvage.net/winpt_en.html this] over-simplified WinPT Tutorial.

Latest revision as of 15:08, 10 July 2014

Overview

In order to maintain maximum security, we do not store any sensitive information on our web servers. Such information is encrypted in memory upon receipt and sent to a designated email address, the owner of which will decrypt it using a email encryption/decryption program.

The recommended email encryption/decryption software at UMIACS is WinPT (Windows Privacy Tray), a small and powerful software from http://winpt.wald.intevation.org/. It is freely available to all users. It must be noted that you need GnuPG 1.4.11 or higher installed on your computer to use WinPT. You can download GnuPG for free from the GnuPG website.

WinPT Instructions

The first time you run this program, you will be asked to generate your "keypair". A keypair contains a public key, which is usually used for encryption, and a private key, which is used for decryption.

Now you are ready to encrypt and decrypt messages. To do so:

  1. Simply copy the text you wish to encrypt/decrypt into the Windows clipboard (i.e., use "copy" or "ctrl-v")
  2. Click on the WinPT icon in the lower-right corner of the screen
  3. Select the approriate menu item
  4. Follow the on-screen prompts.

To have others send you encrypted messages, you must give them your public key. To do so: export your public key (There are three different ways to do this, reference this manual to decide which is best for you.), and send it to the other side. Never distribute your private key.

In the case of the standard UMIACS setup for accepting sensitive information online, such as credit card information, social security number, etc, it is mandatory that we use encrypted messages. Send your public key to webmaster@umiacs.umd.edu and clearly indicate which online form this is for.

Extra Links

For an even more in-depth guide, consult this over-simplified WinPT Tutorial.