SFTP Server Encryption at Rest

Requirements: SFTP Server

Introduction

SFTP Server is an easy-to-use solution for managing the server-side of secure file transfer. Files that reside on the server may optionally be encrypted on disk. Encryption at rest provides additional security. File content is decrypted on demand as clients interact with the server, and no decrypted content is ever written to disk.

Contents

  1. Enabling Encryption
  2. Changing Passwords
  3. Disabling Encryption
  4. Encryption Format Notes

Enabling Encryption

To enable encryption at rest, specify and confirm the encryption password. The password itself is encrypted by the system and saved in the registry.

The first time encryption is enabled and Save Changes is pressed, all files present in the server root directory, a user-specific root directory, or a sub-directory therein will be encrypted. Depending on the number and size of files this may take some time.

After the initial encryption completes, it is expected that files will only be added to the server's filesystem using the SFTP protocol. Plain files created directly on disk alongside encrypted files will not automatically be encrypted and will not be available to users.

Changing Passwords

To change the password, visit the Encryption tab and use the Change ... button to change the password. When Save Changes is pressed, the operation will begin. This operation is faster than encrypting or decrypting files, but still may take some time depending on the number of files present.

Disabling Encryption

To disable encryption at rest, uncheck the Enable Encryption At Rest checkbox on the Encryption tab. When Save Changes is pressed the encrypted files will be decrypted. Depending on the number and size of files this may take some time.

Encryption Format Notes

Files are encrypted using standard disk encryption techniques leveraging the XTS-AES 256-bit block cipher algorithm. The encrypted files on disk will have an .aesd file extension. This file format is the same format as used by AES Drive. Please see The AES Drive documentation for details.

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.