Repository encryption certificate

Repository encryption increases SecureTransport security by avoiding storing unencrypted files. When you enable repository encryption, SecureTransport encrypts each file that it pulls from a partner site or that a client pushes to it. When SecureTransport pushes a file to a partner site or a client pulls a file from it, SecureTransport decrypts the file. SecureTransport encrypts and decrypts each file dynamically in memory as it receives and sends it, so the files never exist unencrypted in the storage of the host system.

  1. Generate a self-issued local certificate or import a PKCS#12 file. See Generate a self-issued server certificate and Import a local certificate.
  2. Set the value of the Stfs.Encryption.CertAlias server configuration parameter to the alias of the certificate. SecureTransport uses this certificate to encrypt and decrypt files. See View and change server configuration parameters.
  3. SecureTransport prevents you from deleting the certificate referenced by Stfs.Encryption.CertAlias.
  4. To choose the encryption algorithm, set the value of the Stfs.Encryption.Algorithm server configuration parameter to one of the following values:
    • AES128 (default)
    • AES256
    • 3DES
  5. See View and change server configuration parameters.
  6. To configure SecureTransport to compute the MD5 checksum for an uploaded file dynamically as the file is uploaded, set the value of the Stfs.Hash.HashOnUpload server configuration parameter to true. When the value is false, the default value, SecureTransport computes the MD5 checksum after the file transfer is complete.
  7. Create a user class named EncryptClass. Files transferred by users in this class are encrypted. See Add a user class.
  8. Note For server-initiated transfers, the user class is defined by the UID and GID only. If you define the EncryptClass using user name or other attributes, there are limitation on server-initiated transfers. See Encryption and server-initiated transfers.

  9. Restart the TM Server. See Start and stop servers.
Note If you enable repository encryption, the following SecureTransport functions are not supported: resume PeSIT transfers and pause and resume transfers when SecureTransport is the server.

Related topics:

Related Links