Page Comparison

Purpose

Encryption encodes information in such a way that unauthorized parties should be unable to read it. This helps to prevent compromises to the confidentiality and integrity of your data and is a part of robust, multi-layered security approach. Whether it is a compromised desktop, or a lost mobile or storage devices, encryption ensures that your data remains accessible to only you and your team.

Audience

Status

title	faculty

Status

colour	Blue
title	researchers

Status

colour	Red
title	Admin staff

Status

colour	Purple
title	IT staff

Status

colour	Green
title	students

Initial considerations

Note
Not all encryption algorithms are the same. AES-128 bit (or equivalent) is the absolute minimum you should consider. AES-256 bit or greater is preferred.

Determine your data's classification.

Classifying your data is the first step to knowing what safeguards are required to securely store your data.
- Classify data
- Level 3 and level 4 data must be stored on a secure server or must be encrypted at rest on a laptop, mobile device, or removeable storage.

Consult with your local IT group.

Your department or division may support or recommend specific encryption solutions.
- https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8F-Informationus#Information-Technology-(IT)

What can I do?

Enable or install full-disk encryption packages.

Windows (institutionally managed)

.

Bitlocker.
Pre-installed but might need to be enabled.
Contact your Local IT group for support.
https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8Fus#Information-Information-Technology-(IT)

Windows (self-managed)

.

Bitlocker.
Pre-installed but might need to be enabled.
https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838#ID0EBD=Windows_11

MacOS (self-managed)

.

Filevault.
Pre-installed but might need to be enabled.
https://support.apple.com/en-ca/guide/mac-help/mh11785/mac

Linux (self-managed)

.

Various options; distribution dependent.
Contact your Local IT group for assistance managing encryption on Linux systems.
https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8F-Informationus#Information-Technology-(IT)
Common solutions include:
https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home
https://gnupg.org/

Android (self-managed)

.

File-based encryption by default when lock screen enabled.
https://support.google.com/android/answer/9079129?hl=en

iOS (self-managed)

.

File-based encryption by default when lock screen enabled.
https://support.apple.com/en-us/HT204060

Cross-platform

.

Various options.
Contact your Local IT group for assistance managing encryption through other third-party options.
https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8Fus#Information-Information-Technology-(IT)
Common solutions include:
https://www.veracrypt.fr/en/Home.html

Encrypt at the file or folder level.

Info
ZIP files can be transferred across platforms.

Windows

.

7-Zip.
https://www.7-zip.org/

MacOS

.

Encrypted DMG (MacOS only) or ZIP files.
ZIP.
https://ss64.com/osx/zip.html
DMG.
https://support.apple.com/en-ca/guide/disk-utility/dskutl11888/mac
Scroll to “Create a secure disk image”.

Linux

.

Contact your Local IT group for assistance.
https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8Fus#Information-Information-Technology-(IT)
Common solutions include:
https://gnupg.org/
https://www.7-zip.org/
https://www.linux.org/docs/man1/zip.html

Cross-platform

.

Contact your Local IT group for assistance.
https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8F-Informationus#Information-Technology-(IT)
Common solutions include:
https://www.veracrypt.fr/en/Home.html
https://www.aescrypt.com/

Use a self-encrypting device (SED).

Servers

.

Where possible, order SED storage drives and motherboards supporting Trusted Platform Module (TPM).

Storage

.

External drives
https://www.kingston.com/en/ssd/ironkey-vp80es-encrypted-external-ssd
https://www.samsung.com/ca/memory-storage/portable-ssd/portable-ssd-t7-usb-3-2-2tb-red-mu-pc2t0r-am/?cid=ca_pd_ppc_google_t7-portable-ssd_sustain_portable-ssd-retent_text_t7-portable-ssd_20180110-samsung%20t7_w&gad_source=1
USB keys
https://www.kingston.com/en/usb-flash-drives/ironkey-lp50-encrypted
Page Properties
hidden true
Name
Role
Date
Michael Laurentius
Author
Carl Chan
Approver (Manager)
Reviewer

Search

Live Search

spaceKey	ISH
size	large
additional	page excerpt
placeholder	How do I...
type	page
labels	kb-how-to-article,kb-general-concepts,kb-spec-how-to-article

Additional help

General

https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%9B%A1%EF%B8%8F-Informationus#Information-Security-(IS)

https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8F-Informationus#Information-Technology-(IT)

Researchers

https://security.utoronto.ca/services/research-information-security-program/

Versions Compared

Old Version 46

New Version Current

Key

Purpose

Audience

On this page

Initial considerations

Determine your data's classification.

Consult with your local IT group.

What can I do?

Enable or install full-disk encryption packages.

Windows (institutionally managed)

Bitlocker.
Pre-installed but might need to be enabled.
Contact your Local IT group for support.
https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8Fus#Information-Information-Technology-(IT)

Windows (self-managed)

Bitlocker.
Pre-installed but might need to be enabled.
https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838#ID0EBD=Windows_11

MacOS (self-managed)

Filevault.
Pre-installed but might need to be enabled.
https://support.apple.com/en-ca/guide/mac-help/mh11785/mac

Linux (self-managed)

Android (self-managed)

File-based encryption by default when lock screen enabled.
https://support.google.com/android/answer/9079129?hl=en

iOS (self-managed)

File-based encryption by default when lock screen enabled.
https://support.apple.com/en-us/HT204060

Cross-platform

Encrypt at the file or folder level.

Windows

7-Zip.
https://www.7-zip.org/

MacOS

Encrypted DMG (MacOS only) or ZIP files.
ZIP.
https://ss64.com/osx/zip.html
DMG.
https://support.apple.com/en-ca/guide/disk-utility/dskutl11888/mac
Scroll to “Create a secure disk image”.

Linux

Cross-platform

Use a self-encrypting device (SED).

Servers

Where possible, order SED storage drives and motherboards supporting Trusted Platform Module (TPM).

Storage

Search

Additional help

Related articles

Page Comparison

Versions Compared

Old Version 46

New Version Current

Key

Purpose

Audience

On this page

Initial considerations

Determine your data's classification.

Consult with your local IT group.

What can I do?

Enable or install full-disk encryption packages.

Windows (institutionally managed)

Bitlocker.Pre-installed but might need to be enabled.Contact your Local IT group for support. https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8Fus#Information-Information-Technology-(IT)

Windows (self-managed)

Bitlocker.Pre-installed but might need to be enabled.https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838#ID0EBD=Windows_11

MacOS (self-managed)

Filevault.Pre-installed but might need to be enabled.https://support.apple.com/en-ca/guide/mac-help/mh11785/mac

Linux (self-managed)

Android (self-managed)

File-based encryption by default when lock screen enabled.https://support.google.com/android/answer/9079129?hl=en

iOS (self-managed)

File-based encryption by default when lock screen enabled.https://support.apple.com/en-us/HT204060

Cross-platform

Encrypt at the file or folder level.

Windows

7-Zip.https://www.7-zip.org/

MacOS

Encrypted DMG (MacOS only) or ZIP files.ZIP.https://ss64.com/osx/zip.html DMG.https://support.apple.com/en-ca/guide/disk-utility/dskutl11888/mac Scroll to “Create a secure disk image”.

Linux

Cross-platform

Use a self-encrypting device (SED).

Servers

Where possible, order SED storage drives and motherboards supporting Trusted Platform Module (TPM).

Storage

Search

Additional help

Related articles

Bitlocker.
Pre-installed but might need to be enabled.
Contact your Local IT group for support.
https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8Fus#Information-Information-Technology-(IT)

Bitlocker.
Pre-installed but might need to be enabled.
https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838#ID0EBD=Windows_11

Filevault.
Pre-installed but might need to be enabled.
https://support.apple.com/en-ca/guide/mac-help/mh11785/mac

File-based encryption by default when lock screen enabled.
https://support.google.com/android/answer/9079129?hl=en

File-based encryption by default when lock screen enabled.
https://support.apple.com/en-us/HT204060

7-Zip.
https://www.7-zip.org/

Encrypted DMG (MacOS only) or ZIP files.
ZIP.
https://ss64.com/osx/zip.html
DMG.
https://support.apple.com/en-ca/guide/disk-utility/dskutl11888/mac
Scroll to “Create a secure disk image”.