Differences
This shows you the differences between the selected revisions of the page.
| 2018-07-01 | 2018-07-05 | ||
| Minor corrections (Petr) | details and limitations (martin) | ||
| Line 12: | Line 12: | ||
| &screenshotpict(file_encryption) | &screenshotpict(file_encryption) | ||
| + | |||
| + | ===== Requirements on Server File System ===== | ||
| + | |||
| + | Encryption of file names uses Base64 encoding. To preserve file names encoded in Base64 encoding, the target file system should be case-sensitive (Linux servers use case-sensitive file systems) or at least case-preserving (with a small risk of collision - Windows NTFS is case-preserving). | ||
| + | |||
| + | The file system also needs to support reasonably long file names. Base64 encoding adds a 33% overhead to a filename length. Additionally, an encoded salt and the ''.aesctr.enc'' extension add another approximately 33 characters. | ||
| + | |||
| + | With common 255-character limit of common NTFS and ext file systems, file names up to 167-characters long can be stored. | ||
| + | |||
| + | ===== Encryption Details ===== | ||
| + | |||
| + | To encrypt file names and file contents, WinSCP uses industry standard %%AES-256%% CTR encryption. Use of standards guarantees you, that even if WinSCP stops working or becomes unavailable for whatever reason, you will still be able to decrypt your files. | ||
| + | |||
| + | Process of encrypting file names: | ||
| + | |||
| + | * 16 bytes (128 bits) of salt is generated. | ||
| + | * File name is represented in bytes using UTF-8 encoding. | ||
| + | * Encoded file name is encrypted. | ||
| + | * Concatenated salt and encrypted file name are encoded using Base64 encoding. | ||
| + | * All slash characters (''/'') in a result of Base64 encoding are replaced with underscore (''_''). Trailing equal signs (''='') are removed. | ||
| + | * ''.aesctr.enc'' extension is added. | ||
| + | |||
| + | Process of encrypting file contents: | ||
| + | |||
| + | * Fixed file header ''%%aesctr..........%%'' is written to the output file. | ||
| + | * 16 bytes (128 bits) of salt is generated and written to the output file. | ||
| + | * File contents is encoded and written. | ||
| + | * Empty files are encoded as empty files (no header nor salt). | ||
| + | |||
| + | File modification time is stored as is (not encrypted in any way). Encrypted files are 32 bytes larger than originals. Hence size of an original file can also be deduced. | ||
| + | |||
| + | We provide a [[file_encryption_decrypt_script|standalone PowerShell implementation of file decoding]]. | ||