Differences
This shows you the differences between the selected revisions of the page.
| file_encryption 2018-07-05 | file_encryption 2019-11-23 (current) | ||
| Line 1: | Line 1: | ||
| ====== File Encryption ====== | ====== File Encryption ====== | ||
| - | The next version of WinSCP will allow you to seamlessly encrypt your files on an SFTP server using AES-256 encryption. | + | WinSCP allows you to seamlessly encrypt your files on an SFTP server using AES-256 encryption. |
| - | As part of session settings, you can specify (or have WinSCP generate) an encryption key. WinSCP will then (by default) seamlessly encrypt all newly uploaded files and their names. | + | As part of session settings, you can [[ui_login_encryption|specify (or have WinSCP generate) an encryption key]]. WinSCP will then (by default) seamlessly encrypt all newly uploaded files and their names. |
| In WinSCP file panel, you will see the original file names and when you download files, you will get original contents. But anyone else, who does not know the key, including a server Administrator, will see only gibberish. | In WinSCP file panel, you will see the original file names and when you download files, you will get original contents. But anyone else, who does not know the key, including a server Administrator, will see only gibberish. | ||
| Line 13: | Line 13: | ||
| &screenshotpict(file_encryption) | &screenshotpict(file_encryption) | ||
| - | ===== Requirements on Server File System ===== | + | ===== [[files]] Encrypting Files ===== |
| - | Encryption of file names uses Base64 encoding. To preserve file names encoded in Base64 encoding, the target file system should be case-sensitive (Linux servers use case-sensitive file systems) or at least case-preserving (with a small risk of collision - Windows NTFS is case-preserving). | + | The following rules apply for encrypting files (assuming [[ui_login_encryption|file encryption is enabled in session settings]]): |
| + | |||
| + | * When overwriting an existing //unencrypted// remote file, the updated file is uploaded //unencrypted// too. | ||
| + | * When overwriting an existing //encrypted// remote file, the updated file is uploaded //encrypted// too. | ||
| + | * When uploading a new file, it is //encrypted// by default (can be changed in [[ui_transfer_custom|transfer settings]]). | ||
| + | * When creating a new folder, its //name// is //encrypted// by default (can be changed in default transfer settings). | ||
| + | |||
| + | You can identify encrypted files and folders using a [[ui_file_panel#special_files|lock overlay icon]]. | ||
| + | |||
| + | ===== [[requirements]] Requirements on Server File System ===== | ||
| + | |||
| + | Encryption of file names uses Base64 encoding. To preserve file names encoded in Base64 encoding, the target file system should be case-sensitive (Linux servers use case-sensitive file systems) or at least case-preserving (with a small risk of collision -- Windows NTFS is case-preserving). | ||
| The file system also needs to support reasonably long file names. Base64 encoding adds a 33% overhead to a filename length. Additionally, an encoded salt and the ''.aesctr.enc'' extension add another approximately 33 characters. | The file system also needs to support reasonably long file names. Base64 encoding adds a 33% overhead to a filename length. Additionally, an encoded salt and the ''.aesctr.enc'' extension add another approximately 33 characters. | ||
| Line 43: | Line 54: | ||
| File modification time is stored as is (not encrypted in any way). Encrypted files are 32 bytes larger than originals. Hence size of an original file can also be deduced. | File modification time is stored as is (not encrypted in any way). Encrypted files are 32 bytes larger than originals. Hence size of an original file can also be deduced. | ||
| - | We provide a [[file_encryption_decrypt_script|standalone PowerShell implementation of file decoding]]. | + | We provide a [[file_encryption_decrypt_script|standalone PowerShell implementation of file decrypting]]. |