Data encryption

Encryption is the process of encoding digital information in such a way that only authorised parties can view it. Individual files can be encrypted, as can folders or entire disk volumes and USB storage devices. Encryption software uses an algorithm to encode information and a decryption key or password to decrypt the information.

Some types of encryption provide greater protection than others, the type and level of encryption used should correspond to the sensitivity of the data being protected. As a general rule, more bits equals stronger encryption, therefore, 256-bit encryption is stronger than 128-bit encryption; the latter should, ideally, be the minimum level of encryption used.

In addition to securing data, encryption can also be used to verify the sender’s identity and the integrity of the data.

Commonly used encryption software includes:

  • BitLocker – standard on selected editions of Windows; for the encryption of disk volumes and USB devices
  • FileVault2 – standard on Apple Macs; for full disc encryption
  • VeraCrypt – multi-platform encryption software (Windows, Mac and Linux); for full disk and container encryption
  • Axcrypt – open source file-level encryption for Windows
  • SafeHouse – free and commercial software versions available for Windows. Encrypts files, folders and drives

We have created video tutorials on how to use a variety of encryption software programmes. These are available from the quick access menu on the right side of the page.

PGP – Pretty Good Privacy can encrypt anything from a file to an entire disk volume and is widely recognised as the most ubiquitous encryption software commonly available. Open source versions (Gpg4win) and commercial versions (PGP) are available, the latter having more functionality, but identical levels of security.

Encryption of data files when exchanging data with the UK Data Service

For secure data transmission to and from the UK Data Service we recommend the use of PGP.

Encryption using PGP requires the creation of a public and private key pair and a passphrase. The recipient's public PGP key is installed by the sender in order to encrypt files so that only the authorised recipient can decrypt them. The senders private PGP key and passphrase are used to digitally sign the encrypted file, thereby validating the sender's identity.

Steps to encrypt data files for deposit with the UK Data Service, using the PGP

Once:

  • install a PGP encryption software, for example GnuPG
  • create your own public/private key pair and passphrase
  • download the UK Data Service Public Key and unzip it
  • import the UK Data Service Public Key into your PGP software's keychain

Every time files need encrypting:

  • select files for encryption
  • select the UK Data Service Public Key as your encryption key
  • confirm your PGP signing key and enter your passphrase
  • encrypt and digitally sign the selected files
  • send files to the UK Data Service using our secure SFTP server or Royal Mail Special Delivery

Back to top