Differences
This shows you the differences between the selected revisions of the page.
file_encryption 2018-10-19 | file_encryption 2019-11-23 (current) | ||
Line 1: | Line 1: | ||
====== File Encryption ====== | ====== File Encryption ====== | ||
- | //The current beta version WinSCP// &beta allows you to seamlessly encrypt your files on an SFTP server using AES-256 encryption. | + | WinSCP allows you to seamlessly encrypt your files on an SFTP server using AES-256 encryption. |
- | As part of session settings, you can specify (or have WinSCP generate) an encryption key. WinSCP will then (by default) seamlessly encrypt all newly uploaded files and their names. | + | As part of session settings, you can [[ui_login_encryption|specify (or have WinSCP generate) an encryption key]]. WinSCP will then (by default) seamlessly encrypt all newly uploaded files and their names. |
In WinSCP file panel, you will see the original file names and when you download files, you will get original contents. But anyone else, who does not know the key, including a server Administrator, will see only gibberish. | In WinSCP file panel, you will see the original file names and when you download files, you will get original contents. But anyone else, who does not know the key, including a server Administrator, will see only gibberish. | ||
Line 13: | Line 13: | ||
&screenshotpict(file_encryption) | &screenshotpict(file_encryption) | ||
- | ===== Requirements on Server File System ===== | + | ===== [[files]] Encrypting Files ===== |
- | Encryption of file names uses Base64 encoding. To preserve file names encoded in Base64 encoding, the target file system should be case-sensitive (Linux servers use case-sensitive file systems) or at least case-preserving (with a small risk of collision - Windows NTFS is case-preserving). | + | The following rules apply for encrypting files (assuming [[ui_login_encryption|file encryption is enabled in session settings]]): |
+ | |||
+ | * When overwriting an existing //unencrypted// remote file, the updated file is uploaded //unencrypted// too. | ||
+ | * When overwriting an existing //encrypted// remote file, the updated file is uploaded //encrypted// too. | ||
+ | * When uploading a new file, it is //encrypted// by default (can be changed in [[ui_transfer_custom|transfer settings]]). | ||
+ | * When creating a new folder, its //name// is //encrypted// by default (can be changed in default transfer settings). | ||
+ | |||
+ | You can identify encrypted files and folders using a [[ui_file_panel#special_files|lock overlay icon]]. | ||
+ | |||
+ | ===== [[requirements]] Requirements on Server File System ===== | ||
+ | |||
+ | Encryption of file names uses Base64 encoding. To preserve file names encoded in Base64 encoding, the target file system should be case-sensitive (Linux servers use case-sensitive file systems) or at least case-preserving (with a small risk of collision -- Windows NTFS is case-preserving). | ||
The file system also needs to support reasonably long file names. Base64 encoding adds a 33% overhead to a filename length. Additionally, an encoded salt and the ''.aesctr.enc'' extension add another approximately 33 characters. | The file system also needs to support reasonably long file names. Base64 encoding adds a 33% overhead to a filename length. Additionally, an encoded salt and the ''.aesctr.enc'' extension add another approximately 33 characters. |