Encrypt Your Tax Documents BEFORE You Send Them

It’s that time. We all are doing our taxes online now. Some of us need some help and that usually ends up with digitally sending tax documents.

Do not ever, under any circumstance, email a document that has your SSN, home address, phone number, bank information, etc. unencrypted. That’s a good way to lose all of your money and even your identity.

I’m going to use two free services to send my encrypted documents out: AESCrypt and Dropbox.

Step 1: Install AESCrypt

Get AESCrypt installed on your computer. Go here and install for your platform.

Step 2: Zip up all of those files

You want to send one encrypted blob of data. Put all of your files into a single folder and zip that up. On the Mac, select the file and go to File >> Compress “Sensitive Docs”.


Step 3: Encrypt

Follow the directions for your platform to encrypt your zip file. On the Mac, drag the file onto the dock icon and enter a strong password when prompted.

I suggest using a secure password generator like the one over at GRC.com. You can also use Lastpass or whatever you use to manage your passwords. Make a note of that password though. You can keep a copy of the password in TextEdit or NVAlt – the documents are already on your computer.

Steve Gibson recommended, on the Security Now Podcast, to use a long string of numbers that can easily be read over the phone such as, “32 67 89 14 75 12 99”, etc.


Step 4: Drop it in Dropbox*

Using DropBox makes sharing files easy. Put the encrypted file into your dropbox folder and click Share Link.

You can send them the file directly through the DropBox website or get the link and send it separately.


Step 5: Send the Password via a Separate Method

If you send an email with a link to your encrypted document, it doesn’t make sense to put the password into that email. Additionally, you might not want to send the password from your account to that same account. Try to send the password over iMessage, Signal, or another instant messenger, or to a secondary email address the person has.


Step 6: The Takedown

Once the recipient has confirmed that they have the documents and have decrypted them on their own machine you will remove the encrypted documents from DropBox. Sure they are safe, but there is no reason to keep that online.


* You can use any temporary online storage solution you have access to in order to send the file, but sending via email attachment will ensure that your encrypted file is available permanently for offline attacks


miniLock – Fantastic encryption software that’s easy to use.

I have written about, and used, AESCrypt in the past as an easy encryption solution for non-pgp or non-gpg users. You encrypt your document and send it. Send the password along on another channel and you are good to go.

Here is an easier and better solution – miniLock.io.

miniLock is a chrome application that you install from the chrome store. You enter an email address and a secret pass phrase that you alone know. You can keep this in your secure notes vault in LastPass.

miniLock creates a public key that you can share with others. My public key is:


Use that to send me an encrypted document that only I can open. You can also encrypt files for many people to open – just like the pgp model.

Why not just use pgp/gpg? Well, this is much easier and can be used by “normal” people. I’ve used gpg for the past ten years and, even among tech savvy folks in IT, have only been able to use it a dozen times.

Install miniLock in your chrome browser today.

Screen Shot 2015-04-06 at 9.25.24 AMLooking for a more detailed explanation and videos? Go to github.