Activating File-Based Encryption and Decryption
File-based encryption enables you to store files on your drive in a format that cannot be read outside of ActiveTransfer. Encrypted files are decrypted only if they are transferred back through ActiveTransfer using the same key that was used to encrypt them.
ActiveTransfer Server encrypts and decrypts files instream rather than after the file is fully transferred.
When encryption and decryption keys are configured at multiple levels (user, server, and virtual folder), ActiveTransfer enforces the following order of preference:
1. User management
2. Virtual folder management
3. Server management
For example, if user A accesses port 10 and uploads a file in a VFS MN, then ActiveTransfer checks if the encryption or decryption key is available for user A. If no key is available at the user level, then ActiveTransfer checks for the virtual folder settings for a key. If no key is present at the VFS level, then ActiveTransfer checks the server level settings for the key.
To activate file-based encryption and decryption
1. In My webMethods: Administration > Integration > Managed File Transfer > Server Management.
3. Click the Encryption tab.
4. In the File-Based Encryption section, do the following:
a. Click Activate.
b. In the Public PGP Key Location box, specify the file path to the public PGP key (for example, “C:\keylocation\simple.key” on Windows and “/usr/keylocation/enterprise.key” on UNIX).
Note:
You can use the wm.mft.security.pgp:generatePGPKeyFiles service to generate an OpenPGP key pair. For details, see .
5. In the File-Based Decryption section, do the following:
a. Click Activate.
b. In the Private PGP Key Location box, specify the file path to the private PGP key (for example, “C:\keylocation\simple.key” on Windows and “/usr/keylocation/enterprise.key” on UNIX).
c. In the Private PGP Key Password box, enter the password for the private PGP key.
6. Click Save.
You can deactivate file-based encryption or decryption at any time by clicking Deactivate.