I emailed an encrypted document for testing purposes. When the other person received it, it was no longer encrypted. Not sure what I am doing wrong here. Can anyone link me to a document that steps you through emailing an encrypted document.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
VeraCrypt is a disk encryption utility that allows you to encrypt an entire disk, a partition on the disk or create a virtual disk (file container).
The only way you could email the document encrypted in VeraCrypt is to create a file container, place your document in the mounted file container, dismount the file container and email the file container to the recipient. Of course you will need to contact the recipient to provide the password.
There are other more appropriate products for encrypting a single or multiple files that would be more appropriate for your needs that you can find using Google.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
That is confusing. I have sent Veracrypt encrypted file containers which arrived still encrypted.
They needed to be mounted in the Veracrypt window to open, as you normally would with a password after downloading it from a email attachment to my PC.
A 1Mb veracrypt file is easy to email. It can contain many text files with the all messages and replies from both senders. Totally private.
You can transfer it to a USB stick and take it to an air gapped computer to open with Veracrypt if real paranoid security is called for.
Or just open it offline if you are unsure about keylogger or display capture malware on your system. Read it and then maybe add a reply. Then dismount it and then attach it to an email to send back. Very secure but a little slow.
Do not trust google. Assume they have been paid or forced to back door ALL of their crypto apps.
Last edit: karrson 2015-04-20
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I realize this thread is 3 years old but it's still just as relevant. As for karrson's advice not to trust Google, I have to disagree. Use it to educate yourself about encryption and how it affects a normal person, not someone in the security industry, and most importantly, who is considered trustworthy.
VeraCrypt is at the very top of this trustworthiness list. It's been audited by an outside security company and has been proven beyond any doubt whatsoever to be extremely secure and not have "backdoors" (which is just hidden programming code that allows a hostile person or persons to open your files without your password.)
I repeat that VeraCrypt is proven beyond doubt to NOT do this. Second, the company is located in France, outside the reach of U.S. goverment entities that have been caught trying to force companies that make software or provide services to the general public to allow them access, e.g. Microsoft, Yahoo, Google and possibly even Intel and others are strongly suspected to have agreed to their demands. Apple has famously resisted.
Third, I have personally spoken (by email) to the lead developer of VeraCrypt, Mounir Idrassi, and I can assure you that he would simply discontinue the product rather than compromise it in any way. A very nice man always ready to help with any questions or problems. As a further assurance against tampering, he goes the extra mile and regularly publishes on the front page a link to his "warrant canary". Google that, but in short it's a legal declaration that he has not been asked or forced to insert a "backdoor" into his software,
Back to using containers (your encrypted file with the private data inside, probably written in Notepad, Kate, gedit, Microsoft Word, LibreOffice or any other word processor) to send secure email. I have recently read comments to NOT do this but mysteriously no reason is given for this strong advice.
I can only think of three reaons why they may say this. The first is that they are trying to discourage users away from VeraCrypt and use their product instead, or they are concerned about file corruption while in transit, or they are concerned that with many copies of your files in hand, it's easier for an attacker to decrypt it. This is not a comprehensive list of reasons. I'm sure others have different advice.
The first and third ideas are ridiculous. Which leaves the file corruption concern. My advice is very simple: If your friend says that your file doesn't seem to want to decrypt properly on her end, just send the file again.
I've emailed and received multitudes of VeraCrypt containers and never once had this problem, though, so it would be very unusual for that to happen.
Some advise against this secure method of communicating because it's unconventional,
PGP, OpenPGP, and GnuPG have long been used for that purpose but several security experts have begun to question its continued viability. The encryption itself has never been broken but training users in its proper use on a company level is dreaded by IT personnel.
Letting Outlook or another email client automatically encrypt your outgoing mail has resulted on more than one occasion in accidentally sending the unencrypted version. Currrent advice is to use iMessage (texting with an iPhone), WhatsApp, or Signal. Although there were issues with WhatsApp at one time, it's considered secure again.
I personally will continue to send VeraCrypt containers with my files inside when emailing encrytped messages or iMessage when texting.
.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I emailed an encrypted document for testing purposes. When the other person received it, it was no longer encrypted. Not sure what I am doing wrong here. Can anyone link me to a document that steps you through emailing an encrypted document.
Hello Tina,
VeraCrypt is a disk encryption utility that allows you to encrypt an entire disk, a partition on the disk or create a virtual disk (file container).
The only way you could email the document encrypted in VeraCrypt is to create a file container, place your document in the mounted file container, dismount the file container and email the file container to the recipient. Of course you will need to contact the recipient to provide the password.
https://veracrypt.codeplex.com/wikipage?title=Beginner%27s%20Tutorial
There are other more appropriate products for encrypting a single or multiple files that would be more appropriate for your needs that you can find using Google.
Thank you
That is confusing. I have sent Veracrypt encrypted file containers which arrived still encrypted.
They needed to be mounted in the Veracrypt window to open, as you normally would with a password after downloading it from a email attachment to my PC.
A 1Mb veracrypt file is easy to email. It can contain many text files with the all messages and replies from both senders. Totally private.
You can transfer it to a USB stick and take it to an air gapped computer to open with Veracrypt if real paranoid security is called for.
Or just open it offline if you are unsure about keylogger or display capture malware on your system. Read it and then maybe add a reply. Then dismount it and then attach it to an email to send back. Very secure but a little slow.
Do not trust google. Assume they have been paid or forced to back door ALL of their crypto apps.
Last edit: karrson 2015-04-20
I realize this thread is 3 years old but it's still just as relevant. As for karrson's advice not to trust Google, I have to disagree. Use it to educate yourself about encryption and how it affects a normal person, not someone in the security industry, and most importantly, who is considered trustworthy.
VeraCrypt is at the very top of this trustworthiness list. It's been audited by an outside security company and has been proven beyond any doubt whatsoever to be extremely secure and not have "backdoors" (which is just hidden programming code that allows a hostile person or persons to open your files without your password.)
I repeat that VeraCrypt is proven beyond doubt to NOT do this. Second, the company is located in France, outside the reach of U.S. goverment entities that have been caught trying to force companies that make software or provide services to the general public to allow them access, e.g. Microsoft, Yahoo, Google and possibly even Intel and others are strongly suspected to have agreed to their demands. Apple has famously resisted.
Third, I have personally spoken (by email) to the lead developer of VeraCrypt, Mounir Idrassi, and I can assure you that he would simply discontinue the product rather than compromise it in any way. A very nice man always ready to help with any questions or problems. As a further assurance against tampering, he goes the extra mile and regularly publishes on the front page a link to his "warrant canary". Google that, but in short it's a legal declaration that he has not been asked or forced to insert a "backdoor" into his software,
Back to using containers (your encrypted file with the private data inside, probably written in Notepad, Kate, gedit, Microsoft Word, LibreOffice or any other word processor) to send secure email. I have recently read comments to NOT do this but mysteriously no reason is given for this strong advice.
I can only think of three reaons why they may say this. The first is that they are trying to discourage users away from VeraCrypt and use their product instead, or they are concerned about file corruption while in transit, or they are concerned that with many copies of your files in hand, it's easier for an attacker to decrypt it. This is not a comprehensive list of reasons. I'm sure others have different advice.
The first and third ideas are ridiculous. Which leaves the file corruption concern. My advice is very simple: If your friend says that your file doesn't seem to want to decrypt properly on her end, just send the file again.
I've emailed and received multitudes of VeraCrypt containers and never once had this problem, though, so it would be very unusual for that to happen.
Some advise against this secure method of communicating because it's unconventional,
PGP, OpenPGP, and GnuPG have long been used for that purpose but several security experts have begun to question its continued viability. The encryption itself has never been broken but training users in its proper use on a company level is dreaded by IT personnel.
Letting Outlook or another email client automatically encrypt your outgoing mail has resulted on more than one occasion in accidentally sending the unencrypted version. Currrent advice is to use iMessage (texting with an iPhone), WhatsApp, or Signal. Although there were issues with WhatsApp at one time, it's considered secure again.
I personally will continue to send VeraCrypt containers with my files inside when emailing encrytped messages or iMessage when texting.
.