（中英文对照）什么是零知识加密？

https://www.goanywhere.com/blog/what-is-zero-knowledge-encryption

What is Zero Knowledge Encryption?

If zero knowledge means every piece of information is absolutely confidential, and all data remains only with the user of a software or service, how does zero knowledge apply to encryption?

Zero knowledge encryption basically states that data is kept secure via a unique user or encryption key, one that even the application developer does not know. You, and only you, can access your encryption key.

But wait, aren’t all encrypted files or data always inaccessible except to authorized users given the appropriate keys? Well…yes and no. Some cloud-based applications, such as Dropbox, Google Drive, and OneDrive sacrifice true zero knowledge encryption to keep file exchanges humming along at not-quite-warp-speed. The result: speedy file transfers, but with the accompanying fact that the application or service technically holds the key to your data. In theory (or with a bad-egg employee or cyberthief lurking about) your files might be the source of entertainment during someone’s lunch break or worse, of criminal hacking.

Software or services that operate with a zero-knowledge platform do so without being able to brandish the keys to your files. Your data remains secure and under your control only.

Why Don’t All Apps Use Zero Knowledge Cryptography?

Speed. It’s all about the speed. When data is in transit and encrypted some speed is sacrificed.

Why? Because encrypted data is filtered through a series of changes such as permutations, substitutions, and other operations as it moves along, slowing down the transmission processes to a degree. File speed is one factor to weigh when selecting a file transfer solution.

Related Reading: Which is Faster FTPS or SFTP?

Cloud-based File Transfer Risks

The biggest risk taken when relying on popular file sharing tools such as Dropbox is that they can retain the ultimate right to access your information as they store all the encryption keys. Now, are they popping into your files on the daily? No. Typically, this scenario is seen when a government entity requests data. But the fact remains, services can and do use your unique encryption key to unlock your data. Additional risks include:

Meta data access: With the encryption key in possession, even meta data in your files is accessible by the solution or service
User access: Depending on your level of service, there are limits on available permission settings. Error and misuse can potentially allow for access by non-authorized recipients.
File control: Again, how long file versions are saved is a matter of which version of a file sharing solution you purchased. Some store version histories for 30 days, while others may keep files for up to 180 days. In that time, data is vulnerable to a breach or leak.
Regulatory gaps: Here comes that tier issue again. Unless you’re careful about which tier of service you select, you may not be fully covered for regulatory compliance on PHI for HIPAA and HITECH, as there is not full insight or reporting on user history and movement of data.

Is Zero Knowledge Encryption Absolutely Necessary?

The encryption method you ultimately select depends on a number of key factors, including:

How sensitive is your data?
How you plan to transmit data in and out of your organization
File size: do your large files need to be compressed
Do you need files encrypted at rest before they are sent, as well as during transmission?
Do you need your connection or channel encrypted?
What encryption standards do your trading partners or others require? For regulated industries, encryption standards to meet compliance obligations can sometimes be very specific.

The above factors must be considered before choosing to send encrypted files. To do so safely, a managed file transfer solution is one popular option.

On-Demand Webinar: How to Choose the Right Encryption Method for Securely Exchanging Files

1:18:58

●●●●●●

Encryption with MFT is a Secure Choice

If you’ve got a need for file encryption, an MFT solution can protect your files while they are at rest or storage as well as while they are winging their way to their end destination. A robust MFT solution, like GoAnywhere MFT, can secure inbound and outbound file transfers via industry-standard network protocols and encryption.

Encryption for Data at Rest and in Transit

GoAnywhere MFT encrypts your data at rest with the following protocols:

While data is in transit GoAnywhere uses SFTP, FTPS, HTTPS, and AS2, AS3, and AS4 to carry the encryption load. In addition, the solution’s Secure Mail option allows users to quickly send confidential messages and files using the convenience of email and the security of HTTPS.

When an email is sent with Secure Mail, the message and attachments are automatically encrypted and stored on your server. GoAnywhere MFT then sends an email notification to the recipients with a link to the encrypted message and files. This link allows the user to download the message and files over a secure HTTPS connection directly from your server.

In addition to strong encryption and convenience, GoAnywhere MFT helps streamline and automate the file transfer process with:

Alerts: You can set up notifications for pre-determined events to get up-to-the-minute information on any file movement.
Automation: Workflows can be scheduled for both time and events to take on some of the manual, repetitive workload and make collaborating and moving files between users, internal systems and trading partners easier.
DMZ Secure Gateway: Keep incoming ports closed to your private/internal network, and keep your file servers, passwords, and user credentials safe.

GoAnywhere Delivers Encryption Solutions

GoAnywhere MFT is a centralized, easy-to-use solution for transferring sensitive data. If you’d like to see it in action, schedule a 15-, 30-, or 60-minute demonstration of encryption in action

Or give it a try today to start locking down your sensitive data immediately.

什么是零知识加密？

如果零知识意味着每条信息都是绝对机密的，并且所有数据只保留给软件或服务的用户，那么零知识如何应用于加密？

零知识加密基本上表明数据通过唯一的用户或加密密钥保持安全，即使应用程序开发人员也不知道。您，并且只有您，可以访问您的加密密钥。

但是等等，不是所有加密的文件或数据总是无法访问，除非授权用户获得适当的密钥吗？嗯……是的，不是的。一些基于云的应用程序，例如Dropbox、Google Drive 和 OneDrive 牺牲了真正的零知识加密，以保持文件交换以不太快的速度进行。结果：快速的文件传输，但伴随的事实是应用程序或服务在技术上掌握着您数据的关键。从理论上讲（或有坏蛋员工或网络窃贼潜伏）您的文件可能是某人午休期间的娱乐来源，或者更糟糕的是，犯罪黑客行为的来源。

使用零知识平台运行的软件或服务无法使用您的文件的密钥。您的数据保持安全且仅在您的控制之下。

为什么不是所有应用程序都使用零知识密码学？

速度。一切都与速度有关。当数据在传输和加密时，会牺牲一些速度。

为什么？因为加密数据在移动过程中会通过一系列变化（例如排列、替换和其他操作）进行过滤，从而在一定程度上减慢了传输过程。文件速度是选择文件传输解决方案时要权衡的一个因素。

相关阅读： FTPS 和 SFTP 哪个更快？

基于云的文件传输风险

依赖 Dropbox 等流行文件共享工具所面临的最大风险是，它们可以保留访问您信息的最终权利，因为它们存储了所有加密密钥。现在，他们每天都会出现在您的文件中吗？不会。通常情况下，当政府实体请求数据时会出现这种情况。但事实仍然存在，服务可以并且确实使用您唯一的加密密钥来解锁您的数据。其他风险包括：

元数据访问：

拥有加密密钥后，解决方案或服务甚至可以访问文件中的元数据
用户访问：

根据您的服务级别，可用权限设置存在限制。错误和误用可能允许未经授权的接收者访问。
文件控制：

同样，文件版本的保存时间取决于您购买的文件共享解决方案的版本。有些将版本历史记录保存 30 天，而另一些则可能将文件保存长达 180 天。在那个时候，数据很容易受到破坏或泄漏。
监管漏洞：

这层问题又来了。除非您对选择的服务层级非常谨慎，否则您可能无法完全满足 HIPAA 和 HITECH 的 PHI 法规遵从性，因为没有关于用户历史和数据移动的完整洞察或报告。

相关阅读： 如何有效使用云数据传输解决方案

零知识加密是绝对必要的吗？

您最终选择的加密方法取决于许多关键因素，包括：

您的数据有多敏感？
您计划如何在组织内外传输数据
文件大小：您的大文件

是否需要压缩
您是否需要在发送之前以及在传输过程中对文件进行静态加密？
您需要加密连接或通道吗？
您的贸易伙伴或其他人需要哪些加密标准？对于受监管的行业，满足合规

义务的加密标准有时可能非常具体。

在选择发送加密文件之前必须考虑以上因素。为了安全地做到这一点，托管文件传输解决方案是一种流行的选择。

点播网络研讨会： 如何选择正确的加密方法来安全地交换文件

1:18:58

●●●●●●

使用 MFT 加密是一种安全的选择

如果您需要文件加密，MFT 解决方案可以在您的文件处于静止或存储状态时保护您的文件，也可以在它们飞向最终目的地时保护它们。强大的 MFT 解决方案（如GoAnywhere MFT）可以通过行业标准的网络协议和加密保护入站和出站文件传输。

静态和传输中的数据加密

GoAnywhere MFT 使用以下协议加密您的静态数据：

在传输数据时，GoAnywhere 使用SFTP、FTPS、HTTPS和AS2、AS3 和 AS4来承载加密负载。此外，该解决方案的 Secure Mail 选项允许用户利用电子邮件的便利性和 HTTPS 的安全性快速发送机密消息和文件。

使用Secure Mail发送电子邮件时，邮件和附件会自动加密并存储在您的服务器上。GoAnywhere MFT 然后向收件人发送一封电子邮件通知，其中包含指向加密消息和文件的链接。此链接允许用户通过安全的 HTTPS 连接直接从您的服务器下载消息和文件。

除了强大的加密和便利性之外，GoAnywhere MFT 还通过以下方式帮助简化和自动化文件传输过程：

警报：

您可以为预先确定的事件设置通知，以获取有关任何文件移动的最新信息。
自动化：

可以为时间和事件安排工作流程，以承担一些手动、重复的工作量，并使用户、内部系统和贸易伙伴之间的协作和文件移动更加容易。
DMZ 安全网关：

保持传入端口对您的私有/内部网络关闭，并确保您的文件服务器、密码和用户凭据安全。

GoAnywhere 提供加密解决方案

GoAnywhere MFT 是一种用于传输敏感数据的集中式、易于使用的解决方案。如果您想亲眼目睹，请安排 15 分钟、30 分钟或 60 分钟演示加密操作

或者今天尝试一下，立即开始锁定您的敏感数据。