What is TENS? What is EW?

Trusted End Node Security (TENS) creates a secure computing environment from trusted read-only media on almost any Intel-based computer. It boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. Because the environment runs entirely without hard drives, nothing malicious already on a local drive can infect the running session, and nothing sensitive from the secure session can be left behind on a hard drive.

TENS was previously named Lightweight Portable Security, or LPS.

Encryption Wizard (EW) is a cross-platform file and folder encryption utility for the protection of sensitive information. It requires no installation or special privileges, offers 128- or 256-bit AES encryption, and operates on all file types. EW runs on any computer with standard Java, but does not require Java access from a web browser.

TENS-Public, TENS-Public Deluxe, and EW-Public are free to download and operate.

Where can I download the software?

Both software projects are managed and produced by the Air Force Research Laboratory's Information Directorate, of the United States Air Force. The current official homepage and download center for each project are

Our previous address (https://spi.dod.mil/) will continue to work for now.

"Those links are insecure / broken / cause security warnings!"
In fact, the links are okay, but keep reading.

If this isn't the official website, who are you and what is this page?

The TENS Program Office also maintains the site you're currently viewing, http://www.getTENS.online/. We created this site as an easily-available resource outside of .mil domains due to a policy change in mid-2016. With little time to prepare, nearly all AFRL websites were directed to close their HTTP ports as a security measure. Most were not permitted to automatically redirect to secure HTTPS ports, and those that were permitted found that permission changing unpredictably. This unfortunately meant that normal (insecure) websites would abruptly appear to be offline and nonresponsive. Visitors to our spi.dod.mil website were left wondering if the program had quietly vanished.

In fact, the secure website continues to operate under both addresses:

However... if you are using a typical unmodified web browser, following those HTTPS links won't work. The reasons are dry and technical, but a good explanation is given by the U.S. Army's Medical Research and Materiel Command on this page. The short version is that many web browsers are missing crucial pieces of information necessary to verify that spi.dod.mil and tens.af.mil are, in fact, the websites that they claim to be.

What are the "missing pieces" and how do I get them?

Your web browser needs public certificates for the Department of Defense's root Certificate Authority. These are distributed by the Defense Information Systems Agency (DISA). The easy way to install them is to visit http://iase.disa.mil/pki-pke/Pages/tools.aspx and click the "Trust Store" tab. In that list of utility software is one called "InstallRoot 5.0: NIPR Windows Installer". Download the appropriate executable for your computer: 32-bit, 64-bit, or nonprivileged user.

Running the .msi file will install the DoD InstallRoot utility; running the utility in turn will offer to store the main DoD certificates into your web browser, along with two other certificate collections called ECA and JITC. Only the main DoD certificates are required here, but you can install the others if you want to. Some screenshots of what the .msi installer and the final InstallRoot software look like have been helpfully provided by Michael Danberry's MilitaryCAC site at https://militarycac.com/dodcerts.htm.

Once installed, those certificates will allow your web browser to securely connect to HTTPS websites operating in .mil domains. You may or may not need to restart your web browser, but then viewing https://tens.af.mil/ should work like any other secure site.