What is TENS? What is EW?

Trusted End Node Security (TENS) creates a secure computing environment from trusted read-only media on almost any Intel-based computer. It boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. Because the environment runs entirely without hard drives, nothing malicious already on a local drive can infect the running session, and nothing sensitive from the secure session can be left behind on a hard drive.

TENS was previously named Lightweight Portable Security, or LPS.

Encryption Wizard (EW) is a cross-platform file and folder encryption utility for the protection of sensitive information. It requires no installation or special privileges, offers 128- or 256-bit AES encryption, and operates on all file types. EW runs on any computer with standard Java, but does not require Java access from a web browser.

TENS-Public, TENS-Public Deluxe, and EW-Public are free to download and operate.

Where can I download the software?

Both software projects are managed and produced by the Air Force Research Laboratory's Information Directorate, of the United States Air Force. The current official homepage and download center for each project are

Our previous address (https://spi.dod.mil/) will continue to work for now.

"Those links are insecure / broken / cause security warnings!"
In fact, the links are okay, but keep reading.

If this isn't the official website, who are you and what is this page?

The TENS Program Office also maintains the site you're currently viewing, http://www.getTENS.online/. We created this site as an easily-available resource outside of .mil domains due to a policy change in mid-2016, requiring nearly all AFRL websites to close their HTTP ports. Some sites were permitted to automatically redirect to secure HTTPS ports, but not all.

In fact, the secure website continues to operate under both addresses:

However... if you are using a typical unmodified web browser, following those HTTPS links won't work. The reasons are dry and technical, but a good explanation is given by the U.S. Army's Medical Research and Materiel Command on this page. The short version is that many web browsers are missing crucial pieces of information necessary to verify that spi.dod.mil and tens.af.mil are, in fact, the websites that they claim to be.

What are the "missing pieces" and how do I get them?

Your web browser needs public certificates for the Department of Defense's root Certificate Authority. These are distributed by the Defense Information Systems Agency (DISA). The easy way to install them is to visit http://iase.disa.mil/pki-pke/Pages/tools.aspx and scroll down to the "Trust Store" tab. In that list of utility software is one called "InstallRoot 5.x: NIPR Windows Installer". Download the appropriate executable for your computer: 32-bit, 64-bit, or nonprivileged user.

Running the .msi file will install the DoD InstallRoot utility; running the utility in turn will offer to store the main DoD certificates into your web browser, along with two other certificate collections called ECA and JITC. Only the main DoD certificates are required here, but you can install the others if you want to. Some screenshots of what the .msi installer and the final InstallRoot software look like have been helpfully provided by Michael Danberry's MilitaryCAC site at https://militarycac.com/dodcerts.htm, and the Medical Research and Materiel Command link above also has step-by-step instructions.

Once installed, those certificates will allow your web browser to securely connect to HTTPS websites operating in .mil domains. You may or may not need to restart your web browser, but then viewing https://tens.af.mil/ should work like any other secure site.