WinSCP allows you to seamlessly encrypt your files on an SFTP server using AES-256 encryption.
As of Windows 10 version 1511, bitlocker uses AES-XTS 128 or 256, which is a strong algorithm. Then I use cipher to encrypt folders with confidential information. Inside of that folder, I use PGP to encrypt the files I deem 'top secret', while other files may not be encrypted with PGP since they arent 'secret enough' to warrant it. The first of these is the PGP encryption package Gpg4win, which is an installation for Windows that comes with the Gnu Privacy Guard (GPG) and some additional components. On top of Gpg4win, we will also be using an email client from Mozilla called Thunderbird, and Enigmail, which is a Thunderbird addon that brings everything together.
PGP Tool has following features: - Open PGP Files - Encrypt any file as PGP file - Create new PGP keys - Import and export PGP keys. Usage is very easy and a manual also included in application. GoAnywhere Open PGP Studio is free PGP encryption software that simplifies and secures your data before, during, and after your file transfers. It uses modern encryption methods, like the use of dual-keys for authentication, to ensure the safety of your files no matter where they reside, and can verify documents via embedded digital signatures.
As part of session settings, you can specify (or have WinSCP generate) an encryption key. WinSCP will then (by default) seamlessly encrypt all newly uploaded files and their names.
In WinSCP file panel, you will see the original file names and when you download files, you will get original contents. But anyone else, who does not know the key, including a server Administrator, will see only gibberish.
Advertisement
This, combined with WinSCP powerful synchronization features, allows you to use your server quota as a safe backup storage for your private data.
The following images show how an encrypted folder and files show to a user who knows the encryption key and to a user who does not know the encryption key:
The following rules apply for encrypting files (assuming file encryption is enabled in session settings):
- When overwriting an existing unencrypted remote file, the updated file is uploaded unencrypted too.
- When overwriting an existing encrypted remote file, the updated file is uploaded encrypted too.
- When uploading a new file, it is encrypted by default (can be changed in transfer settings).
- When creating a new folder, its name is encrypted by default (can be changed in default transfer settings).
You can identify encrypted files and folders using a lock overlay icon.
Encryption of file names uses Base64 encoding. To preserve file names encoded in Base64 encoding, the target file system should be case-sensitive (Linux servers use case-sensitive file systems) or at least case-preserving (with a small risk of collision – Windows NTFS is case-preserving).
The file system also needs to support reasonably long file names. Base64 encoding adds a 33% overhead to a filename length. Additionally, an encoded salt and the .aesctr.enc extension add another approximately 33 characters.
With common 255-character limit of common NTFS and ext file systems, file names up to 167-characters long can be stored.
To encrypt file names and file contents, WinSCP uses industry standard AES-256 CTR encryption. Use of standards guarantees you, that even if WinSCP stops working or becomes unavailable for whatever reason, you will still be able to decrypt your files.
Process of encrypting file names:
- 16 bytes (128 bits) of salt is generated.
- File name is represented in bytes using UTF-8 encoding.
- Encoded file name is encrypted.
- Concatenated salt and encrypted file name are encoded using Base64 encoding.
- All slash characters (
/) in a result of Base64 encoding are replaced with underscore (_). Trailing equal signs (=) are removed. .aesctr.encextension is added.
Process of encrypting file contents:
- Fixed file header
aesctr..........is written to the output file. - 16 bytes (128 bits) of salt is generated and written to the output file.
- File contents is encoded and written.
- Empty files are encoded as empty files (no header nor salt).
File modification time is stored as is (not encrypted in any way). Encrypted files are 32 bytes larger than originals. Hence size of an original file can also be deduced.
Pgp Encryption Software Windows 10 Free
We provide a standalone PowerShell implementation of file decrypting.
Comments are closed.