Specifying Encryption and Decryption Options for a Virtual Folder
You can define specific file-based encryption and decryption PGP keys for a virtual folder. When files are uploaded or downloaded to the virtual folder through the ActiveTransfer Server, ActiveTransfer encrypts or decrypts the files in stream. Encrypted files are decrypted only if they are transferred back through ActiveTransfer using the same key that was used to encrypt them.
The encryption and decryption settings are applicable only when a user connects to ActiveTransfer Server and performs an upload or download operation. ActiveTransfer does not use these keys when the virtual folder is used in an event. If you want to use the encryption and decryption keys in an event, create an encryption or decryption action in the event.
When encryption and decryption keys are configured at multiple levels (user, server, and virtual folder), ActiveTransfer enforces the following order of preference:
1. User management
2. Virtual folder management
3. Server management
For example, if user A accesses port 10 and uploads a file in a VFS MN, then ActiveTransfer checks if the encryption or decryption key is available for user A. If no key is available at the user level, then ActiveTransfer checks for the virtual folder settings for a key. If no key is present at the VFS level, then ActiveTransfer checks the server level settings for the key.
To specify file-based encryption and decryption options for a virtual folder
1. In My webMethods: Administration > Integration > Managed File Transfer > Virtual Folder Management.
3. Select the required virtual folder in the VFS tree.
The folder details appear on the right side of the page.
4. Click the arrow to the left of Encryption.
5. In the File-Based Encryption section, do the following:
a. Click Activate.
b. In the Public PGP Key Location box, specify the file path to the public PGP key (for example, “C:\keylocation\simple.key” on Windows and “/usr/keylocation/enterprise.key” on UNIX).
Note: You can use the wm.mft.security.pgp:generatePGPKeyFiles service to generate an OpenPGP key pair. For details, see webMethods ActiveTransfer Built-In Services Reference.
6. In the File-Based Decryption section, do the following:
a. Click Activate.
b. In the Private PGP Key Location box, specify the file path to the public PGP key (for example, “C:\keylocation\simple.key” on Windows and “/usr/keylocation/enterprise.key” on UNIX).
c. In the Private PGP Key Password box, enter the password for the private PGP key.
Note: You can use the wm.mft.security.pgp:generatePGPKeyFiles service to generate an OpenPGP key pair. For details, see webMethods ActiveTransfer Built-In Services Reference.
7. Click Save.
You can deactivate file-based encryption or decryption at any time by clicking Deactivate.