Monday, October 22, 2012

Client Encryption Support with CrossFTP

Client side encryption for Amazon S3, Amazon Glacier, FTP, or WebDav are one important security feature CrossFTP Pro provides to enhance the data transfer security. To further enhance the transfer security, CrossFTP Pro supports local encryption for for all FTP protocols it can handle, including FTP, SFTP, FTPS, WebDAV, Amazon S3, etc. After enable the local encryption, in the upload process, all files will be firstly encrypted before they are transferred to the remote site.  In the download process, the encrypted file will be decrypted after the file is downloaded from the remote site to the local drive. We will add ".aes" extension to the encrypted files to stand for the encryption.

We uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), for the encryption. 256-bit is the largest key size defined for AES.

To enable the local encryption, you can choose Site Manager -> Security -> Enable Local Encryption, and input the password for the encryption, as shown in the figure. The password is encrypted stored in the site bookmarks file to ensure the security.


TIP: On a default JRE/JDK installation, AES is limited to 128-bit key size. Hence you will see AES-256 encryption failed with empty files. This is a remnant of import/export laws on cryptographic algorithm. To unlock larger AES key sizes, you need to download and apply the "JCE Unlimited Strength Jurisdiction Policy Files" (for latest JRE/JDK see at the bottom of this page).
Attention: You must make sure you enter the password correctly and remember the password.  Otherwise, you cannot recover the encrypted files if you lost the configuration.

This feature is available for CrossFTP 1.86.2 or later.
CrossFTP is a FTP and Amazon S3 client for Windows, Mac, and Linux. 

No comments: