ActiveTransfer Server 10.7 | webMethods ActiveTransfer Documentation | Administering ActiveTransfer Server | Managing Users, User Groups, and User Roles | Specifying Encryption and Decryption Options for a User
 
Specifying Encryption and Decryption Options for a User
You can define specific file-based encryption and decryption PGP keys for an individual user. These settings will override any encryption assignments set in the template associated with the user. When encrypted, files are stored on the user’s drive. Encrypted files are decrypted only if they are transferred back through ActiveTransfer using the same key that was used to encrypt them.
You can apply the same settings to user groups (User Management > Users > Group) and (User Management > Users > Role) roles.
When encryption and decryption keys are configured at multiple levels (user, server, and virtual folder), ActiveTransfer enforces the following order of preference:
1. User management
2. Virtual folder management
3. Server management
For example, if user A accesses port 10 and uploads a file in a VFS MN, then ActiveTransfer checks if the encryption or decryption key is available for user A. If no key is available at the user level, then ActiveTransfer checks for the virtual folder settings for a key. If no key is present at the VFS level, then ActiveTransfer checks the server level settings for the key.
*To specify encryption and decryption options for a user
1. In My webMethods: Administration > Integration > Managed File Transfer > User Management > Users.
2. Select the server instance. For details, see Selecting the Instance to Work With.
3. Select the user from the list of users.
4. Click the Encryption tab.
5. In the File-Based Encryption section, specify the path to the public PGP key in the Public PGP Key Location box (for example, “C:\keylocation\simple.key” on Windows and “/usr/keylocation/enterprise.key” on UNIX).
Note:
You can use the wm.mft.security.pgp:generatePGPKeyFiles service to generate an OpenPGP key pair. For details, see wm.mft.security.pgp:generatePGPKeyFiles.
6. In the File-Based Decryption section, do the following:
a. In the Private PGP Key Location box, specify the path to the private PGP key (for example, “C:\keylocation\simple.key” on Windows and “/usr/keylocation/enterprise.key” on UNIX).
b. In the Private PGP Key Password box, enter the password for the private PGP key.
7. Click Save.
You can deactivate file-based encryption or decryption at any time by clicking Deactivate.