What is an encrypted container?
It's a file which you can store other files inside. It's encrypted so it can only be opened - and the contents accessed - with a password. When it is closed it can be copied, transferred or attached like any other file.
An encrypted container can be used to store data securely for your own use or can be used to share data in a more secure way.
Extracted Files
If you copy or extract files from an encrypted container those files will not be encrypted, and you must make sure to handle them appropriately.
Why would you use an encrypted container instead of encrypting a single file?
Although some applications have ways to strongly encrypt files - for example, most Microsoft Office applications can encrypt files with a mechanism called AES-256 - it may not always be clear if the entire file is encrypted. By placing the file inside an encrypted container the data within the file is definitely encrypted. You could also use both the application encryption and an encrypted container; if you do then it is recommended to use different passwords for both.
Which software to use
The following software can be used to create encrypted containers using the same file format so that they can be opened on either Windows or MacOS. Both are available via the University Supported Desktops (Software Center or Self Service) or can be installed manually on self-managed devices. Other packages with similar functions are available.
More advanced mechanisms include:
- Apple Mac encrypted disk images - can only be created or opened on Apple Macs
- Veracrypt - cross platform but has some issues on Apple Macs
If you are sharing encrypted files then agree in advance what encryption method and file format will be used, especially if you are using different operating systems. Confirm that it works with a test file.
Sharing securely
When sending an encrypted file to somebody, do not send them the password using the same method as the encrypted container was sent. If you emailed the file then phone them with the password or tell them face-to-face. If both the encrypted container and the password are in the recipient's email then anyone who gains access to that email can open it. Make sure that cannot happen.
More information can be found on our Encryption Use Cases page.