Client-side Encryption of files

WinSCP can protect data in transit by using encrypted transfer protocols.
What I'd like to propose is a client-side encryption feature to protect data at rest - by encrypting the file content before uploading it to a server.

I guess it is mandatory to re-use existing code for the encryption task. The cryptomator library might be an reliable option to store files in an encrypted cryptomator vault on a remote server. It looks like this is how Cyberduck implemented the encryption feature in their file transfer client.
But there might be other projects (PGP/VeraCrypt?) which provide similar functionality as a cryptomator vault.

What exactly are you trying to solve by this feature?

Well, on my local computer I have several convenient ways of protecting my files (e.g. file permissions, disk encryption, filesystem encryption, etc...)
But most of them can not protect my files after they have been uploaded to a remote server. So I'd like WinSCP to protect the files I'm about to upload by encrypting them automatically.

Until now I need to manually create an encrypted copy locally + upload the encrypted local copy + delete the encrypted local copy. I have to repeat this every time I upload files. The same usability nightmare happens when downloading encrypted files.
This is very inconvenient - especially when working with lots of files and limited local disk space. Its time consuming, prone to errors and mistakes and I guess it is also why people mostly don't even consider encrypting their remote files.

Now, the idea is to let WinSCP make all the necessary steps and encrypt the files 'on-the-fly' during upload. All a users needs to do is to provide an encryption password.
Ideally decryption should also happen 'on-the-fly' during the download of an encrypted file.
So all local files are unencrypted. The user does not have to change the way they work with the local files. And all remote files are encrypted. As long as a user knows the decryption password, he will be able to browse an download these files in WinSCP and also does not have to change the way they work with the remote files.

I hope this helps to get an idea of what I propose and why.

OK, understood. I thought that by "encrypting the file content before uploading it to a server" you mean encrypting the actual local files.
Encrypting on-the-fly makes sense. We are actually considering it.

This has been implemented already:
Issue 1653 – Allow encrypting files when storing them on server

Only in version 5.14 not yet released.

And only for SFTP (no FTP or WebDAV).

@don_: here could be an extension to the "Zip And Upload" command that would allow to zip (no compress) individual files within a folder and password protect them. As the Zip protocol is available freely, then decrypting the files can be done on the fly

@virgile: 5.14 beta has been released few months ago:
https://winscp.net/eng/downloads.php

@Fuana: OK, but that's effectively the same what the file encryption in 5.14 beta does already.

It is limited to SFTP...
Cyberduck offers a transparent encryption using cryptomator for any protocol. I wish WinSCP would go in that way.

@virgile: What protocol are you interested in?
See also A seamless encrypted backup copy of your files on an SFTP server : QUESTION

As for me S3 and WebDAV, but I think this should be for each supported.

@Guest: Sure, but each protocol requires some effort.
I have added FTP and WebDAV support to the tracker:
Issue 2150 – File encryption for FTP
Issue 2151 – File encryption for WebDAV
You can vote for it there.

See Issue 2230 – Support for Cryptomator file encryption