Encrypting and Decrypting Email Attachments Using Symantec Endpoint Encryption
NOTE: Symantec Endpoint Encryption (SEE) is no longer available for download, please see information on BitLocker to meet encryption compliance on Windows computers used at CUMC.
Information below is for existing SEE installations only, the main SEE page will be updated with details on its use at CUMC going forward. If using an Exchange (@cumc.columbia.edu) email account see the Secure Email page instead.
Using SEE you can encrypt a file before attaching it to an email. When you are encrypting the file you can select a password that must be entered to decrypt and open the file.
- To open the attachment, the receiver must have Symantec Endpoint Encryption installed on their computer.
- If someone is using the older version of SEE called GuardianEdge (GE), they will not be able to open an SEE encrypted file; however a computer running SEE can open file encrypted with GE.
Encrypting and Sending an Email Attachment
- On your computer, find the file or folder you wish to encrypt and right click on it. From the menu that appears, select Symantec and then Encrypt, rename and email.
The example below shows a file called report.doc on the computer's desktop.
- The Symantec Endpoint Encryption Encrypt, Rename, and email window will appear, displaying a randomly generated Archive Name for the encrypted file with an .rse extension. If preferred you may change the Archive Name to something more descriptive, but do not remove or change the .rse extension at the end of the file name.
- Select the check box to the left of the Password option, then type in your desired strong password in both the Password and Confirm fields.
- Keep in mind that this password must be given to any desired recipient; do not use one that must be not be shared such as the password used when logging into your computer.
- There is an option to Use Removable Storage default password, which can be chosen in the main SEE Client screen. If you will be the only person accessing the file/folder, it is ok to select this option.
- Click the email button at the bottom of the window. SEE will open the default email program on the computer with a new message started and the encrypted file attached to it.
The example picture below uses Outlook email.
- Add the desired recipient's email address, a subject and any additional message in the body of the email before sending. Be sure to leave the default text generated by SEE in the body of the email instructing them to "Please rename the file with a .exe extension..."
- Per CUMC policy, do not send a password or decryption key in the same medium as the encrypted file(s). This is insecure and can allow anyone who may accidentally or maliciously intercept the message to view the information you intended to protect. Sanctioned methods of sending a password to encrypted file attachments are by phone call or text message.
- When ready, send the message as you normally would from your email program.
Opening an SEE encrypted file received as an email attachment
Symantec Endpoint Encryption must be installed on your computer to open a file that was encrypted and emailed via the method above.
NOTE: If the computer is running the older version of SEE called GuardianEdge (GE), they will not be able to open an attachment encrypted with SEE; however a computer running SEE can open an attachment that was encrypted with GE.
- Open the email that has the encrypted file attachment and save the attachment on your computer. In Outlook, you can right-click on the attached file and select Save As, then browse to the desired location on your computer.
- SEE will display the file name with the .rse extension; in order to decrypt it you will need to rename or change this from .rse to .exe.
To save and rename the attachment from Outlook onto a Windows computer:
- When prompted, change the Save as type: field at the bottom of the Save Attachment window to All Files (*.*)
- Delete .rse from the end of the file name and type in .exe instead. If .rse isn't shown in the File Name field, simply add .exe to the end of the file name.
- Browse to the location on your computer where you would like to save the file and click Save.
- To decrypt and view the file, find it in the saved location and double click on it to open.
- An Open File - Security Warning window will appear; select Run to continue.
- The Symantec Endpoint Encryption Self-Extractor Password will appear. Type in the password that was given to you by the sender and click OK.
- Per CUMC policy, the password or decryption key must not be sent in the same medium as the encrypted file(s). If needed please call the sender for the password, do not reply to the email to ask for it. This is insecure and can allow anyone who may accidentally or maliciously intercept the message to view the information you intended to protect. Sanctioned methods of sending a password to encrypted file attachments are by phone call or text message.
- Be sure to follow all other CUMC password requirements, i.e. do not write it down on a piece of paper or share with others not authorized to view the information.
- SEE allows four attempts to type in the correct password, if it is not entered correctly you will see a message that you must wait one minute before it can be tried again.
- When the correct password is entered, the Symantec Endpoint Encryption Removable Storage Package Modifier window will appear and display the original file or folder name. Select the Extract To button near the bottom of the window.
- The Removable Storage Extractor window will appear. You can decrypt the file in the default Extract to location, or select a different location under the Folders/Drives area. Click the Extract button at the bottom of the window when you are ready.
- When decryption is done a success message will be displayed. Click OK.
- The decrypted file will appear in the location specified in step 7 above, with the original name it had before it was encrypted. Double-click on the file to open.
| TOP |