Differences

This shows you the differences between the selected revisions of the page.

file_encryption 2018-10-19 file_encryption 2019-11-23 (current)
Line 1: Line 1:
====== File Encryption ====== ====== File Encryption ======
-//The current beta version WinSCP// &beta allows you to seamlessly encrypt your files on an SFTP server using AES-256 encryption.+WinSCP allows you to seamlessly encrypt your files on an SFTP server using AES-256 encryption.
-As part of session settings, you can specify (or have WinSCP generate) an encryption key. WinSCP will then (by default) seamlessly encrypt all newly uploaded files and their names.+As part of session settings, you can [[ui_login_encryption|specify (or have WinSCP generate) an encryption key]]. WinSCP will then (by default) seamlessly encrypt all newly uploaded files and their names.
In WinSCP file panel, you will see the original file names and when you download files, you will get original contents. But anyone else, who does not know the key, including a server Administrator, will see only gibberish. In WinSCP file panel, you will see the original file names and when you download files, you will get original contents. But anyone else, who does not know the key, including a server Administrator, will see only gibberish.
Line 13: Line 13:
&screenshotpict(file_encryption) &screenshotpict(file_encryption)
-===== Requirements on Server File System =====+===== [[files]] Encrypting Files =====
-Encryption of file names uses Base64 encoding. To preserve file names encoded in Base64 encoding, the target file system should be case-sensitive (Linux servers use case-sensitive file systems) or at least case-preserving (with a small risk of collision - Windows NTFS is case-preserving).+The following rules apply for encrypting files (assuming [[ui_login_encryption|file encryption is enabled in session settings]]): 
 + 
 +  * When overwriting an existing //unencrypted// remote file, the updated file is uploaded //unencrypted// too. 
 +  * When overwriting an existing //encrypted// remote file, the updated file is uploaded //encrypted// too. 
 +  * When uploading a new file, it is //encrypted// by default (can be changed in [[ui_transfer_custom|transfer settings]]). 
 +  * When creating a new folder, its //name// is //encrypted// by default (can be changed in default transfer settings). 
 + 
 +You can identify encrypted files and folders using a [[ui_file_panel#special_files|lock overlay icon]]. 
 + 
 +===== [[requirements]] Requirements on Server File System ===== 
 + 
 +Encryption of file names uses Base64 encoding. To preserve file names encoded in Base64 encoding, the target file system should be case-sensitive (Linux servers use case-sensitive file systems) or at least case-preserving (with a small risk of collision -- Windows NTFS is case-preserving).
The file system also needs to support reasonably long file names. Base64 encoding adds a 33% overhead to a filename length. Additionally, an encoded salt and the ''.aesctr.enc'' extension add another approximately 33 characters. The file system also needs to support reasonably long file names. Base64 encoding adds a 33% overhead to a filename length. Additionally, an encoded salt and the ''.aesctr.enc'' extension add another approximately 33 characters.

Last modified: by martin