WebSensitiveInformation

From UMIACS
Revision as of 21:13, 6 March 2007 by Derek (talk | contribs)
Jump to navigation Jump to search

In order to maintain maximum security, we do not store any sensitive information on our web servers. Such information is encrypted in memory upon receipt and sent to a designated email address, the owner of which will decrypt it using a email encryption/decryption program.

The recommended email encryption/decryption software at UMIACS is WinPT (Windows Privacy Tray), a small and powerful software from http://www.winpt.org . It is freely available to all users.

The first time you run this program, you will be asked to generate your "keypair". A keypair contains a public key, which is usually used for encryption, and a private key, which is used for decryption.

Now you are ready to encrypt and decrypt messages. To do so, simply copy the text you wish to encrypt/decrypt into the Windows clipboard (i.e., use "copy" or "ctrl-v"), click on the WinPT icon in the lower-right corner of the screen, select the approriate menu item, and follow the on-screen prompts.

To have others send you encrypted messages, you must give them your public key. To do so, export your public key (consult the WinPT manual on how to do this), and send it to the other side. Never distribute your private key.

In the case of the standard UMIACS setup for accepting sensitive information online, such as credit card information, social security number, etc, it is mandatory that we use encrypted messages. Send your public key to webmaster@umiacs.umd.edu and clearly indicate which online form this is for.