Government Edition

Encryption Wizard Government Edition (EW-Govt) uses a FIPS 140-2 validated cryptographic module from RSA Security, Inc. instead of Java's built-in crypto support. Files encrypted with EW-Govt can be decrypted with other editions of EW, and vice-versa. EW-Govt is accredited for NIPRNet and SIPRNet.

The RSA BSAFE® Crypto-J library included in the current version of EW-Govt has FIPS 140-2 certificates 2468 and 2469.

Proof of US Federal Government employment or a contractual relationship is required to obtain EW-Govt. (As a practical matter, if you have a working email account from a .gov/.mil address, then you meet the requirements.) There are two methods of obtaining EW-Govt:

  1. If you have a DoD-issued CAC/PIV, the Downloads page on the left sidebar will let you download EW-Govt directly. This is entirely automated and the fastest method.
  2. If you do not have a CAC/PIV, you may download this request form, fill it out, and email it to us. This goes through at least one human being and will require verification of your eligibility; expect a total delay of as much as a week.

You may make EW-Govt available on your local networks (e.g., placed on a network share drive, or pushed to workstations via administrative scripts), as long as the users accessing it meet the same criteria as above. You may redistribute EW-Govt (e.g., remote personnel) as long as the recipients meet the same criteria.

Customization

example screenshot

The TENS Program Office offers customization of Encryption Wizard; at present, only Federal organizations can request a custom build.

Customization Details

At minimum, your organization's name and logo augment or replace those of TENS in the software. This includes the email/URL points of contact for support in Help→About, so that your helpdesk remains in the loop for your users.

Most of the changes requested by customers fall into broad categories. If what you want is on this list, then it can be done with relatively little trouble:

  • Entries under the Options menu can be given a different initial value and/or locked so that your users cannot change away from a specific behavior. This includes most of the advanced option settings.
  • Restricting the key types used during encryption. For example, "no passwords," "only passwords," etc.
  • Parameters for the random password generator can be altered to meet your organization's policies, including enforcing minimum thresholds (not available in the standard EW editions).
  • Adding organizational escrow recovery keys, so that encrypted files can always be recovered, even when the original keys are lost. The escrow decryption keys never leave your organization.
  • Some of the algorithmic choices can be altered, to a limited extent.

If you're interested in other changes, contact us!