Skip to end of metadata
Go to start of metadata


No Alerts at this time.


Encryption Recommendations


Support for email and file encryption at Berkeley Lab is best effort only. Below are Cyber Security team's recommendations, not Berkeley Lab standards.

Remember that Personally Identifiable Information (PII) and Health Information as defined here may only be stored in the central business systems approved for PII (HRIS, FMS, etc).

If you hold sole source institutional information under encryption, you must archive your key and passphrase with your supervisor, two different individuals, or a designee. This is required in order to allow recovery of sole source institutional information in the event that it is deemed necessary by the Laboratory.

Encrypting Email

PGP - one of the commonly used methods to encrypt email is Public Key Encryption, or specifically PGP. For Email encryption, Cyber Security recommends using Enigmail, an extension to the lab standard email client Mozilla. With Enigmail and Mozilla, you can seamless use GnuPG, an open source replacement for PGP, to encrypt email communications. Cyber Security has prepared a presentation that documents the setup of Enigmail and GnuPG for Mozilla (see below). This is the strongest and best alternative for encrypting email.

Encrypting Files


Using a PGP application such as GnuPG, mentioned above for email encryption, you can encrypt files. In addition, tools such as Windows Privacy Tools facilitate file encryption and key management for GnuPG.


Many modern operating systems have built-in capabilities to encrypt files. The use of these built-in capabilities is a recommended.

Utilities - the following utilities can be used to encrypt files.

  • 7zip is a utility that can be used to password protect (encrypt) and compress a file.
  • Password protected MS Office documents Your colleague password protects an Office document and calls you with the password. MS office encryption is not robust and is easily breakable, however, this may be sufficient for transmitting Official-Use Only (OUO) or other low-sensitivity information.