What is TENS? What is EW?

Trusted End Node Security (TENS) creates a secure computing environment from trusted read-only media on almost any Intel-based computer. It boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. Because the environment runs entirely without hard drives, nothing malicious already on a local drive can infect the running session, and nothing sensitive from the secure session can be left behind on a hard drive.

TENS was previously named Lightweight Portable Security, or LPS.

Encryption Wizard (EW) is a cross-platform file and folder encryption utility for the protection of sensitive information. It requires no installation or special privileges, offers 128- or 256-bit AES encryption, and operates on all file types. EW runs on any computer with standard Java, but does not require Java access from a web browser.

TENS-Public, TENS-Public Deluxe, EW-Public, and EW-Unified are free to download and operate.

Where can I download the software?

Both software projects are managed and produced by the Air Force Research Laboratory's Information Directorate, of the United States Air Force. The current official homepage and download center for each project are

Our previous address (https://spi.dod.mil/) works but is deprecated and will be removed at a future point.

"Those links are insecure / broken / cause security warnings!"
In fact, the links are okay, but keep reading.

If this isn't the official website, who are you and what is this page?

The TENS Program Office also maintains the site you're currently viewing, www.getTENS.online. We created this site as an easily-available resource outside of .mil domains due to policy changes in mid-2016 affecting how HTTP and HTTPS sites operate. Most of the details are no longer pertinent, but the major remaining issue is that HTTPS links won't work for a typical unmodified web browser.

The short version is that many web browsers are missing crucial pieces of information necessary to verify that www.tens.af.mil is in fact the website that it claims to be.

What are the "missing pieces" and how do I get them?

Your web browser needs public certificates for the Department of Defense's root Certificate Authority. Typical browsers like Firefox, Chrome, and IE/Edge have several dozens of these already included — but not the ones for the DoD. (There's nothing secret or sensitive about them, but it's a lot of bureacracy.) These root certificates are publically distributed by the Defense Information Systems Agency (DISA), available in two ways:

  • From the DISA's Public Key area, https://public.cyber.mil/pki-pke/, click the Tools sidebar category, then download the InstallRoot 5.5 NIPR installer that best fits your situation.
  • The excellent MilitaryCAC.com guidelines for using a DoD CAC on a personal computer include, as Step 3, InstallRoot download links and installation instructions. Screenshots of the install and setup process are provided, which is very useful if you've never needed to deal with root CA certificates before.

Running the InstallRoot*.msi file will install the DoD InstallRoot utility; running the utility in turn will offer to store the main DoD certificates into your web browser. It will also offer two other certificate collections called ECA and JITC; they are not required here, but you can install them if you want to.

Once installed, those certificates will allow your web browser to securely connect to the remaining HTTPS websites operating in .mil domains. You may or may not need to restart your web browser, but then viewing https://tens.af.mil/ should work like any other secure site.