Before encryption, activate your O365 in OMA-service. Also install the Cryptomator program on your computer. On JYU devices, Cryptomator can be downloaded from the Software Center. You can download Cryptomator for your own personal computer here: Downloads (cryptomator.org).
1. Creating a storage location in OneDrive
If necessary, create a new folder in OneDrive in the desired folder location. An encrypted folder will be created later in this guide in this desired folder location as its subfolder (Chapter 2 of this guide).
2. Creating an encrypted folder with Cryptomator
Open the Cryptomator program. Press "Add vault" (see the next picture). The vault is practically the folder that is encrypted and that appears after encryption when opened in the computer's File Explorer as a separate disk space (Windows machines) or a directory (Macintosh and Linux machines).
Next, press the button "Create New Vault".
Give an informative name for the vault/folder and then press the "Next" button.
NOTE! The folder to be encrypted and the files it contains must be named in such a way that its name does not contain, for example, direct or indirect personal data of the persons being investigated, because the folder name is visible to the person viewing the folder via Cryptomator even when the encrypted folder is locked and the names of the files contained in the folder can be displayed in the file explorers's "recent files" -view, even if the files are encrypted (the files cannot be opened in this case, however). The subfolders and files contained in the encrypted folder are only visible when the encryption is opened with a password via Cryptomator. However, the name should be informative so that both you and other parties who may process the material recognize what the contents of the folder are related to.
In this instruction example, the encrypted folder is named the same as its parent folder ("Test Encryption"). For the sake of clarity, the encrypted folder and its parent directory should be named so that the name of the subfolder gives a more accurate picture of the contents of the folder.
Choose either the folder created in before or another desired folder location in OneDrive as the location of the vault (encrypted folder). First select "Custom Location", and press the button "Choose...".
Search for the desired folder location and select it (The storage location to be encrypted becomes a subfolder of the selected folder). Confirm the selection by pressing the "Select folder" button.
Once the folder location is selected, press the "Next" button.
Create a password for the encrypted folder. You can also create a recovery key in case you forget or lose your password. When these are done, press the button "Create vault".
NOTE! The password must comply with university password policy. The recommended password length is at least 15 characters!
NOTE! Store the password carefully, as it allows you to access your material after encryption. If the password is forgotten or otherwise lost, the encrypted material can only be accessed using the recovery key created at this stage, if one has been created. The recovery key and password must be stored and shared securely (Store it in collabRoom and, if needed, share through it). Avoid using a recovery key if possible.
This window appears if you chose to generate a recovery key in the previous section. Save the recovery key. Move it to collabRoom immediately. When this is done, press the "Next" button.
Now the encrypted folder is created. If you press the button "Unlock now", the program will ask for the previously defined password to open the folder.
When the encrypted folder is opened for the first time, Cryptomator adds this storage location to the list on the left side of the application window. Pressing the folder name opens the possibility to open the folder via the "Unlock" button on the right side of the application window.
If you press this button or if you pressed the button "Unlock now" in the previous section, Cryptomator will ask you for the password of the encrypted folder.
3. Unlocking the folder encryption
Open Cryptomator, select the desired storage location on the left side and press the "Unlock" button shown on the right in the application window.
Enter the password which you created for the encrypted folder in the password field and finally press the "Unlock" button.
The application informs that the encryption was successfully opened. Now you can either return to the Cryptomator application window view by pressing "Done" or open the folder in File Explorer by pressing the button "Reveal Drive".
After the folder's encryption is unlocked, the folder appears in File Explorer as a disk drive (on a Windows machine) or as a directory (Macintosh and Linux systems).
NOTE! Encrypted files can only be viewed through this, and files to be encrypted must also be saved through this (see chapter 4 of the instructions and the preceding instructions).
4. Saving the file in an encrypted folder
When the encryption of the folder has been opened with a password, it appears in the computer's File Explorer as disk space (on a Windows machine) or as a directory (Macintosh or Linux systems). Once the encryption has been opened, you can save files in the folder as usual.
NOTE! Save confidential material in an encrypted folder only through this, after the directory/disk space has been opened with a password. If you save files or subfolders directly to the Nextcloud directory, the files are not saved in an encrypted storage location and are visible and accessible in OneDrive even when encryption is on. The files added in this way will not appear in the encrypted directory (drive D in the image below. Please note that the drive letter may be different from what is shown in the image). You can store both encrypted and unencrypted files in the same OneDrive directory. Encrypted files can only be viewed and processed here.
5. Locking the encrypted folder
Press "lock" to lock the folder.
The view in Cryptomator when the folder is locked:
6. Locking problem if the file or encrypted folder is open somewhere
If you try to lock an encrypted folder at the same time when one of the files it contains is open or the encrypted folder is open in the file explorer, Cryptomator will notify you of a problem related to locking (Image below). Close the files stored in the folder and the file explorer window before locking. After that, locking should be successful without forcing the lock. Avoid force locking.