As mentioned in the Overview section of the main page of this administrative guide, file encryption works by having an input folder where you move files to be encrypted and an output folder where you move the files after encryption. This process requires monitoring the Input folder for new file uploads. We support the following folder monitoring methods: KMES-monitored folders and Agent-monitored folders. In both scenarios, encryption occurs on the KMES.Documentation Index
Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
Use this file to discover all available pages before exploring further.
KMES-monitored folders
With KMES-monitored folders, the KMES mounts to a folder share by using SFTP or CIFS. Then, you create a File Encryption Profile on the KMES that defines what folder to monitor, the parameters of what to encrypt, and where to save the file after encryption (either locally in a data partition on the KMES or on a folder share). Perform the following steps to configure a KMES-monitored folder:In the Info tab of the File Encryption Profile window, notice that in the Key mode drop-down list, you can select Version 1 or Version 2.
- If you select Version 1, when you select [ Choose ] in the Key field, you can see and select only File Encryption v1 keys.
- If you select Version 2, when you select [ Choose ] in the Key field, you can see and select only File Encryption v2 keys.
Refer to the File Encryption Techniques section of this guide to understand the differences between File Encryption v1 and File Encryption v2 keys.
In the Input tab, select a file share in the Source drop-down list.When you select a file share as the Source, the following fields display:
For instructions on configuring a file share, refer to the KMES Series 3 user guide.
| Field | Description |
|---|---|
| Extension | The KMES determines which files to encrypt within a directory based on the file extension. In this field, specify a valid file extension (such as .txt, .pdf). |
| Directory | Select [ Browse ], and in the file browser, select the input directory you want the KMES to monitor. |
| Subfolders | Select this checkbox if you want the KMES to also monitor subfolders in the main input directory. |
| Delete original | Select this checkbox if you want the KMES to delete the original unencrypted file after the encrypted version of the file is moved to the configured output directory. |
| Exclude | Add the names of all files and folders in the input directory that you want the KMES to exclude from encryption. |
| Note | Asterisks represent a wildcard character. For example, an exclude pattern could be entered as somedir/someotherdir/*.txt. The path is relative to the input directory. |
In the Output tab, the following fields display if you select a file share as the input source in the previous step:
| Field | Description |
|---|---|
| Destination | In this drop-down list, you can select either Local or a configured file share. If you select Local, encrypted files are stored in a data partition on the KMES itself, and you can export them by right-clicking the File Encryption Profile and selecting Export. |
| Extension | Specify the file extension you want to use for encrypted files (such as .enc). |
| Directory | The [ Browse ] button is active only if you selected a file share as the Destination. In this case, select [ Browse ], and in the file browser, select the output directory where you want the KMES to save encrypted files. |
| Overwrite | In this drop-down list, you can select either Disabled, Overwrite, or Version. If you select Disabled and a file exists in the output directory under the same name, the KMES does not overwrite the existing file. If you select Overwrite, the KMES overwrites the existing file. If you select Version, the KMES saves versions of files under different names. |
| Include Path | If you select this checkbox, file headers include the full file path rather than the original file name only. |
Agent-monitored folders
With Agent-monitored folders, you can deploy an agent (a lightweight application running on a Windows or Linux system) on servers or individual workstations. Then, administrators can configure them on an individual basis by using a GUI-based application or for batch deployment by using a configuration text file. Just as with KMES-monitored folders, you must create a File Encryption Profile on the KMES that defines what folder to monitor, the parameters of what to encrypt, and where to save the file after it is encrypted. The difference is that the input and output folder locations for Agent-monitored folders are both on the server or workstation that is running the agent. Perform the following steps to configure an Agent-monitored folder:In the Info tab of the File Encryption Profile window, notice that in the Key mode drop-down list, you can select Version 1 or Version 2.
- If you select Version 1, when you select [ Choose ] in the Key field, you can see and select only File Encryption v1 keys.
- If you select Version 2, when you select [ Choose ] in the Key field, you can see and select only File Encryption v2 keys.
Refer to the File Encryption Techniques section of this administrative guide to understand the differences between File Encryption v1 and File Encryption v2 keys.
In the Input tab, select Agent in the Source drop-down list. When you select Agent as the Source, the following fields display:
| Field | Description |
|---|---|
| Extension | The agent determines which files to encrypt within a directory based on the file extension. In this field, specify a valid file extension (such as .txt, .pdf). |
| Directory | Enter the full path to the input directory you want the agent to monitor. |
| Subfolders | Select this checkbox if you want the agent to also monitor subfolders within the main input directory. |
| Delete original | Select this checkbox if you want the agent to delete the original unencrypted file after moving the encrypted version of the file to the configured output directory. |
| Requires authorization | Select this checkbox if you want to require the agent to authenticate to the KMES with an identity that has been granted File Encryption permissions |
| Exclude | Add the names of all files and folders in the input directory that you want the agent to exclude from being encrypted. |
| Note | Asterisks represent a wildcard character. For example, you can enter an exclude pattern as somedir/someotherdir/*.txt. The path is relative to the input directory. |
| Hostname Whitelist | Add the hostnames of all computers and servers running the File Encryption Agent. |
In the Output tab, the following fields display if you selected Agent as the input source in the previous step:
| Field | Description |
|---|---|
| Destination | This field is grayed out because the only supported Destination for agent-based monitoring is on the computer/server running the agent. |
| Extension | Specify the file extension you want to use for encrypted files (such as .enc). |
| Directory | Enter the full path to the output directory where you want the agent to save encrypted files. |
| Overwrite | In this drop-down list, you can select either Disabled, Overwrite, or Version.
|
| Include Path | If you select this checkbox, file headers include the full file path rather than the original file name only. |