Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

What is the most secure yet inexpensive NAS drive encryption software?
Introduction to R
LVL 13
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

We will be implementing a GPO that will require USB drives to be encrypted before they can be written to.  I have this GPO working, but I also need to exclude this policy from applying to certain users (Domain Admins, Desktop Support, etc.).  So far any attempts at this piece have been unsuccessful.  We are using BitLocker for the encryption.

Any suggestions as to how to accomplish this?
Does anyone know if the Azure Information Protection labels work on the MAC OSX version of Word, Excel and Outlook?  We have Microsoft Business 365 and I'm trying to see if our mac users can utilize the security encryption features.
Does BitLocker encrypt individual files inside a zip file?

I know that when data is a rest, it is encrypted in the Microsoft cloud, but if the file has a zipped extension, are individual files encrypted?
Does BitLocker encryption on OneDrive for Business encrypt individual files with in a zipped file? I was told that Microsoft uses BitLocker to encrypt data on OneDrive for Business, so if this is still true, then would it only encrypt the zip file and not the files instead of it?
Dear Experts,

I want to use Bitlocker encryption for my USB flash and USB portable drive.

I encrypted my 1TB USB portable drive by my laptop, both my laptop and desktop PC can access as they prompt to key in password.

I did the same for my USB flash drive on my laptop. I then want to access it from my desktop, there is no drive appearing on my PC neither in disk management, nor in diskpart.

But when I insert back into my laptop, it prompts for bitlocker password.

Both portable and flash drives I convert to GPT.

Any idea what went wrong that causes the drive to appear in my desktop?
I'm curious and would like to settle an argument in our office. If we are running desktops with Windows 10 Pro v1903 with all updates, and all drives are Bitlocker encrypted (including the free space), is it possible for our data on these drives to be attacked by Ransomware?
I have OpenSSL encrypt / decrypt working on a sales form. The OpenSSL code is specific in order to decrypt old MCRYPT data as well as encrypt/decrypt new data with OpenSSL, due to a move from PHP 5.6 to 7.2.

The issue now is that the return data has extra "hidden" characters and isn't being "trimmed" properly with a simple trim($data).
This in itself isn't terrible for display, but when our users resubmit the sales form after making other changes, the fields with the returned, decrypted data, now gets re-encrypted with the extra "hidden" characters. This effects things, such as "last four" of a number saved and displayed, since now, the last 4 are hidden.
By hidden, I mean ASCII / hex characters that don't normally display like backspace, EOT - End of Transmission, SOH - Start of Header, etc.
These are seen in a bin2hex of the data which looks like this:

On a 16 digit number, I get 16 (hex) characters added to the end of the returned number - 20202020202020200808080808080808
These happen to be a space(20) and backspace(08).

With 4 or 3 digits, its a little different:
0620 (<--Actual Number) 3036323004040404 <- Hex return of EOT- End of Transmission
495 (<--Actual Number)  3439352020030303 <- Hex return of Spaces and ET - End of Text

I have been able to mitigate the display and re-encryption issue by adding to the trim function, i.e. $result = trim($decrypt, "\x00.. \x20");

However, I'm hoping to nip this in the bud at the encryption /…
I am trying to develop some software for a company. This company has at IT department with active directory. I would like to talk with IT, about getting Active Directory Certificate services setup so I can be issues with a Internal Cert to sign my app.
What documentation does Microsoft release regarding if they recommend AD CS. Is there any documentation that says if a domain doesn’t have a AD CS its not complete or its not whole?
Im sort of looking for historical document too. I want to be able to demonstrate to management the importance of AD CS for signing encryption and use of TPM on our laptops.
Thank you in advance for your help.
i install nextcloud (16.03) on ubuntu. i try to setup mail function as:
send mode :smtp
 encryption :STARTTLS
serveradress: smtp.gmail.com port:587
(attach file)
i have error: A problem occurred while sending the email. Please revise your settings. (Error: Expected response code 250 but got code "530", with message "530-5.5.1 Authentication Required. Learn more at
 530 5.5.1 https://support.google.com/mail/?p=WantAuthError m11sm3234263lfk.56 - gsmtp

Any idea?
i set less security app on google account
We have provisioned a HTTPS web server using windows server 2012. An valid SSL certificate with valid CN (Common Name) has been installed on the web server.

However, due to DNS issue some Web client use IP Address (e.g. https://10.x.x.x) on the browser to access our HTTPS server and prompt for warning.  The user will proceed with the warning anyway in order to access the Web service. We are going to have an internal auditing session soon and our question is:

When the end user using IP address to visit our HTTPS site instead of host / CN (Common name) that match with the installed SSL certificate name, we understand a warning will be prompted before connected to the https server but will the HTTPS traffic still encrypted over the transmission during the network communication as we need to get back to our audit department ?

Thanks for your prompt advice in advance.

Expert Spotlight: Joe Anderson (DatabaseMX)
LVL 13
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

Using MCRYPT is hindering my move to PHP 7.3. Currently mcrypt works fine for encryption and decryption; however, OpenSSL cannot decrypt my MCRYPT’ed data. So it appears that I need to run some kind of script that will get the 3 post_meta fileds from each post, decrypt them using mcrypt, then re-encrypt them with OpenSSL. Further “day-forward encryption will be done using OpenSSL.

I’ve attempted many options for decrypting the MCRYPT’ed data with OpenSSL and they have all returned NULL.
So I’m giving up on that direction.

I think an ETL like script would work to run through the posts (they are (CPT) Custom Post Types called formlead), see if they have encrypted data in the 3 fields (to which most of them will) , then decrypt each field using current MCRYPT method into new vars, then re-encrypt into new OpenSSL method, then write this back to database with the same postID. Then the new decryption method could read the data when needed in the future.

However, I’m not the greatest WordPress PHP coder. Can someone help with the script please? I could load this as a page and specify date range to make sure I’m not overloading the server. There’s about150k posts with 8 million + postmeta rows.

I would be doing this against a local copy of the DB and not production to test. Then I would snapshot the production DB and run against it after hours.

Mock code:

vars = manually set date range

get posts within date range

while have_posts


Open in new window

Moving custom wordpress theme from PHP 5.6 to 7.3 to which MCRYPT is no longer supported. However, I have encrypted data that I will still need access to.

How can I move “day forward” with new OpenSSL Encrypt/Decrypt and still decrypt older MCRYPT’ed data?

I will show Current encryption functions as well as new attempts to migrate.
P.S. I did not write the old MCRYPT code, so I don’t know exactly why it written the way it was.

Current Encrypt:
function crypt_ecrypt($key, $algo = MCRYPT_BLOWFISH, $data){
    $key = substr($key, 0, mcrypt_get_key_size($algo, MCRYPT_MODE_ECB));
    $algo = $algo;

	return '';
    //Optional Part, only necessary if you use other encryption mode than ECB
    $iv_size = mcrypt_get_iv_size($algo, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $crypt = mcrypt_encrypt($algo, $key, $data, MCRYPT_MODE_ECB, $iv);
    return trim(base64_encode($crypt));

Open in new window

Current Decrypt
function crypt_decrypt($key, $algo = MCRYPT_BLOWFISH, $data){

    $key = substr($key, 0, mcrypt_get_key_size($algo, MCRYPT_MODE_ECB));
    $algo = $algo;
	return '';

    $crypt = base64_decode($data);

    //Optional Part, only necessary if you use other encryption mode than ECB
    $iv_size = mcrypt_get_iv_size($algo, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

    $decrypt = mcrypt_decrypt($algo, $key, $crypt, MCRYPT_MODE_ECB, $iv);
    return trim($decrypt);


Open in new window

NEW Encrypt: (Sample for Encrypting cookies day-forward)
$method = 'AES-256-CBC';  <— Method passed in
function crypt_cookies_encrypt($key, $method, $data){

    $ivSize = openssl_cipher_iv_length($method);
    $iv = openssl_random_pseudo_bytes($ivSize);

    $encrypted = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv);

    // For storage/transmission, we simply concatenate the IV and cipher text
    $encrypted = base64_encode($iv . $encrypted);

    return $encrypted;

Open in new window

NEW Decrypt Attempt for MCRYPT’ed data only using OpenSSL: This isn’t meant to decrypt NEW encrypted data. However, I would like to have both NEW and OLD decrypted in the same function, even if it means changing the way the NEW data is encrypted.
And to be clear, the code below does not appear to work with decrypting the MCRYPT’ed data, it’s still gibberish.

$method = 'bf-ecb';  <— Method passed in
function crypt_decrypt($key, $method, $data){

        return '';
    $decrypt = openssl_decrypt($data, $method, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING);  //This is what I found that should decrypt MCRYPT data with OpenSSL, but I’m probably doing it wrong by not including the $iv stuff.

    return $decrypt;


Open in new window

NEW Decrypt: (Sample for Decrypting cookies day-forward)
$method = 'AES-256-CBC';  <— Method passed in
function crypt_cookies_decrypt($key, $method, $data){

    $data = base64_decode($data);
    $ivSize = openssl_cipher_iv_length($method);
    $iv = substr($data, 0, $ivSize);
    $data = openssl_decrypt(substr($data, $ivSize), $method, $key, OPENSSL_RAW_DATA, $iv);

    return $data;

Open in new window

I have enabled email encryption for an office 365 tenant.
The issue is I can't find a list of which Office versions support the new "Encrypt-Only" template.

They run Office 2016 Pro Plus VL, and In Outlook, when they go to select the encryption option it does not show the "Encrypt-Only" template.
The option is available via webmail, so it is enabled, just does not show in Outlook 2016.

Using O365 Pro Plus, the option is available.

To me it seems strange that Office 2016, sees some put not all Templates, however I have seen posts indicating the same issue.

So my question is, does any one know what versions of office support the new Template.  Is there any documentation on this.
Am I missing an update for Office 2016?
If we upgraded to Office 2019 Pro Plus VL, does that support the "Encrypt-Only" Template.

All help is appreciated.

Thank you
The user needs to use PGP on two different computers.  They have Symantec Encryption Desktop 10.4.2 on each.

I can select and export the key, and check off "Include Private Key(s)

When I use the Import option on the second computer, I get the warning below, "The trust values on these keys must be set manually via the Key Properties dialog."

This is where I stop.
They want the same set of keys on the second computer as on the first, and be able to use the keys the same way they are using them on the first.

Would like to be able to send encrypted e-mail to an Org box. Do not understand how to create an encryption certificate for an org box.
“If encryption is enabled on the connecting system, the encryption type must match what is set in the AP.” I believe this means that the client and the AP, must support the same encryption level.
Has anyone encountered a case where a client cannot connect to an Access Point, because it does not support the encryption?
We are currently on Oracle  & plan to
tech refresh to Oracle 11g with Transparent
Data Encryption (TDE).

Is TDE just a paper license & the TDE feature
comes with both Oracle & 11g &
we just have to enable TDE?

We have several subsystems that are accessing
this Oracle DB which has several tables containing
PII data.  Heard that implementing TDE is quite
seamless : just enable TDE & no changes needed
in the applications?

Besides a bit of overhead/slowness, did anyone
out there encounter specific handling to turn on
TDE?  Do we need create keys & store the keys
in safe place, etc ...?

Will an entry level Oracle DBA able to implement
TDE or it'll require Professional Service from
Oracle?  Trying to gauge the difficulty level as
our only DBA just left & in case an entry-level
DBA is hired.
I am trying to make a hp laserjet 607 printer work on our network wirelessly.   we are currently using Datamax RL4e Printer .  I need an adapter that can be configured like the datamax rl4e printer.  
Security-Authentication Mode WPA/WPA2
Group Cipher - Encryption  CCMP
 Authentication Protocol   WPA2-PSK
EAP type
does anyone know an exact model that will work?
There is an Azure VM encrypted disk with Bitlocker in North Europe. Everything has replicated well in West Europe. While doing Test Failover, getting below error.

Failover Error: ID28031 Error Message: Virtual machine XXX-AZ-WEB01-test' could not be created under the resource group 'XXXX-Destination-RG'. Azure error message: 'Key Vault https://XXX-keyvault-ne.vault.azure.net/keys/Bitlocker/XXXX either has not been enabled for Volume Encryption or the vault id provided does not match /subscriptions/XXXX-XX-XXXX-XXX-XXXX/resourceGroups/XXX-Destination-RG/providers/Microsoft.KeyVault/vaults/XXX-KEYVAULT-WE's true resource id. (Provisioning failed)'.

Things are already in place what is showing in error.

Volume encryption has enabled in both source and destination Key vault.

The user has assigned all the permission as per this doc.

Thanks in advance.
OWASP: Avoiding Hacker Tricks
LVL 13
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

In setting up bit locker, I had to adjust the computer policy since I received the error: "the device can't use a trusted platform module..."

It required a password or USB drive to secure the startup of the computer.  Its nice and secure but annoying.  Can I simply remove this requirement and is it a bad idea to do so?
Hello, I need to create a Scheduled task Powershell script that will:

#1 Once a month change the Local Admin account password on all domain Pc's.
#2 Utilize a random password generator.
#3 Pipe the new updated password out to an encrypted AES 256 7-Zip secure file location.
#4 Send out a message alerting me of its status and completion.

Thank you so much for your help and time!
Hi All,

I have encrypted my Powerbook Mac with FileVault and now I lost my details. There is anyway i could retrieve my FileVault code from my machine?
Hi All,

I am encryption all laptops and desktops with Windows 10 Pro and IOS X Mac. In Windows 10 Pro I am using BitLocker and I am not sure what I use for our Powerbook IOS 11.

Can you advise me what I should use to encrypt our Macs?

I hope to hear from you soon.
Wanting to backup my profile to and external drive, encrypt it, and send it up to my Google Drive.

Any thought on such?

Which program to encrypt?

What issues might I encounter?

What should I keep in mind?
I am installing Certbot for the first time using Amazon Linux 2.

I am following these directions: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html#letsencrypt

I am creating a new site that is already live and running (for the purpose of this questions is called "mydomain.com").

Here's my question: If MYDOMAIN.COM is up and running, but I want to create the Certificates for this NEW server using Let's Encrypt how can I do so when the DNS resolves to it's live site? (For the purpose of this question it's

Here is the challenge failed:

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mydomain.com
http-01 challenge for www.mydomain.com
Waiting for verification...
Challenge failed for domain www.mydomain.com
Challenge failed for domain mydomain.com
http-01 challenge for www.mydomain.com
http-01 challenge for mydomain.com
Cleaning up challenges
Some challenges have failed.

 - The following errors were reported by the server:

   Domain: www.mydomain.com
   Type:   unauthorized
   Detail: Invalid response from
   []: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head
   >\n<meta charset=\"UTF-8\" />\n<meta name=\"viewport\"

Open in new window



Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.