The Encryption tab provides an optional way to encrypt files at rest. When the Enable Encryption at Rest checkbox is checked, the files on the server will remain encrypted on disk and will be transparently encrypted and decrypted as necessary. Users who authenticate to SFTP Server and download a file will obtain decrypted data but all file data will remain encrypted on the server.
To enable encryption at rest, specify and confirm the encryption password. The password itself is encrypted by the system and saved in the registry (see Registry Keys for details).
The first time encryption is enabled and Save Changes is pressed, all files present in the server root directory, a user-specific root directory, or a sub-directory therein will be encrypted. Depending on the number and size of files this may take some time.
After the initial encryption completes, it is expected that files will only be added to the server's filesystem using the SFTP protocol. Plain files created directly on disk alongside encrypted files will not automatically be encrypted and will not be available to users.
Changing The Password
To change the password, visit the Encryption tab and use the Change ... button to change the password. When Save Changes is pressed, the operation will begin. This operation is faster than encrypting or decrypting files, but still may take some time depending on the number of files present.
To disable encryption at rest, uncheck the Enable Encryption At Rest checkbox on the Encryption tab. When Save Changes is pressed the encrypted files will be decrypted. Depending on the number and size of files this may take some time.
Encryption Format Notes
Files are encrypted using standard disk encryption techniques leveraging the XTS-AES 256-bit block cipher algorithm. The encrypted files on disk will have an .aesd file extension. This file format is the same format as used by AES Drive. Please see The AES Drive documentation for details.