Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

We designed the configuration text file to allow the creation of a static version of the File Encryption Agent that you can package and install onto multiple servers. This works well in enterprise environments where many endpoints or servers require file encryption functionality. The first step is to create and test a configuration file that works for your organizational needs. After a successful test, you typically conduct a phased deployment.

Summary of File Encryption Agent configuration

The following list shows the setting types in the File Encryption Agent:
  • Servers: Settings that define connection details for the remote KMES Series 3 servers that handle cryptographic key management.
  • TLS: Settings and files related to mutual authentication with the remote KMES Series 3 servers that handle cryptographic key mangement.
  • Auth: Settings for authentication credentials with the remote KMES Series 3 servers.
  • Logging: Settings related to the logs generated by the File Encryption Agent, including the verbosity, file size, location, and more.
Administrators can also configure the agent through the File Encryption Agent GUI. Find more information in the File Encryption Agent GUI Reference section of this administrative guide.
The following descriptions of the configuration items for each of the agent configuration sections apply to both GUI-based configuration and text file-based configuration. To generate an example configuration file as a template, open the File Encryption Agent GUI, apply settings, and save the file.
You must include the section header labels defined in the following sections in the configuration text file. The labels are not case-sensitive, but the individual configuration parameters are.
The following table includes recommended default settings, marked by an asterisk (*). These recommended settings might not be right for all environments, but they apply to typical installations.

Log: Configuration File Label: [LOG]

The following table describes the configuration items for the [LOG] section:
ConfigurationDescriptionValues or example
levelHow verbose the debugging logs should be.none, error, info*, debug, traffic
fileLocation to write debugging logs.C:\Program Files\Futurex\fenca\fenca_log.txt
consoleWhether or not to print messages to the console (true) or log it to the defined log file (false).true, false*
time-formatThe time format to use for the logs.
Local is based on the system time of the server, utc is the UTC system time of the server, and offset uses ISO 8601 structure for time.		utc, local*, offset
max-file-sizeMaximum log file size, in kilobytes.
The File Encryption Agent supports encrypting files up to 9999 MB, or 10238976 KB.		102400
threadsWhen enabled (true), adds thread identifiers to log messages. This is useful for debugging multithreaded environments.
If threading is not wanted, this configuration setting should be omitted altogether		true*

TLS: Configuration File Label: [TLS]

The TLS configuration of the File Encryption Agent is flexible to meet your organizational security requirements. You can mutually authenticate or KMES-authenticate the TLS connection, which ensures the file encryption server does not communicate with any untrusted device. The trusted CA certificates for the TLS authentication can be read from a file on the file encryption server hard drive or from a network share. The following table describes the configuration items for the [TLS] section:
ConfigurationDescriptionValues or example
verifyWhether all certificates in the peer chain must be validated.true*, fase
keyThe PKCS #12 key used for mutually authenticating with the KMES Series 3.C:\Program Files\Futurex\fenca\KeyManager\PKI.p12
passwordClear-text password to use to decode the key.Variable
certificateFile on the hard drive or network share containing the TLS certificate.C:\Program Files\Futurex\fenca\KeyManager\client_certificate.pem
caFile on the hard drive or network share containing TLS CA certificates (can be listed multiple times).C:\Program Files\Futurex\fenca\KeyManager\intermediate_ca.pem
crlFile on the hard drive or network share containing the Certificate Revocation List (CRL).C:\Program Files\Futurex\fenca\KeyManager\crl.pem

Servers: Configuration File Label: [KMES]

The following table describes the configuration items for the [KMES] section:
ConfigurationDescriptionValues or example
nameThe name associated with the KMES Series 3.Test Server
addressThe IP address and port of the KMES Series 3.192.168.1.34:2001
If adding multiple KMES Series 3 devices to the configuration text file, you can submit multiple instances of these parameters. The agent associates each IP address with the name listed immediately following it in the configuration file.

Auth (User): Configuration File Label: [USERLOGIN]

The following table describes the configuration items for the [USERLOGIN] xection:
ConfigurationDescriptionValues or example
usernameThe username of the first KMES Series 3 identity with file encryption and decryption permissions enabled.variable
passwordThe cleartext password of the first identity.variable
usernameThe username of the second KMES Series 3 identity with file encryption and/or decryption permissions enabled.variable
passwordThe cleartext password of the second identity.variable
If you need multiple identities to authenticate, you can include the username and password fields multiple times in the configuration file. The agent associates each username with the password listed immediately following it in the configuration file.

Auth (PKI): Configuration File Label: [PKILOGIN]

The following table describes the configuration items for the [PKILOGIN] section:
We recommend PKI-based application authentication for authenticating with the KMES Series 3. Find more information about setting up PKI-based authentication in the Configure KMES Series 3 section of this administrative guide.
ConfigurationDescriptionValues or example
keyThe key associated with the KMES Series 3 identity.C:\Program Files\Futurex\fenca\KeyManager\client_key.p12
certThe certificate that authenticates with the KMES Series 3.C:\Program Files\Futurex\fenca\KeyManager\clientauthcert.pem
passwordThe cleartext password used to decode the PKI login key.Variable

Example configuration file

The following sample configuration file includes both PKI-based login and credential-based login examples. In a production configuration file, use one or the other but not both simultaneously.
None
[Log]
file: C:\Program Files\Futurex\fenca\fenca_log.txt
level: debug
console: true
max-file-size: 102400
threads: false
time-format: local

[TLS]
key: C:\Program Files\Futurex\fenca\KeyManager\PKI.p12
password: safest
verify: true
cert: C:\Program Files\Futurex\fenca\KeyManager\client_certificate.pem
ca: C:\Program Files\Futurex\fenca\KeyManager\intermediate_ca.pem
ca: C:\Program Files\Futurex\fenca\KeyManager\root.pem
crl: C:\Program Files\Futurex\fenca\KeyManager\crl.pem

[KMES]
name: Test Server 1
address: 192.168.1.35:2001

[KMES]
name: Test Server 2
address: 192.168.1.36:2001

[KMES]
name: Test Server 3
address: 192.168.1.37:2001

[UserLogin]
username: Admin1
password: safest

[UserLogin]
username: Admin2
password: safest

[PKILogin]
key: C:\Program Files\Futurex\fenca\KeyManager\client_key.p12
cert: C:\Program Files\Futurex\fenca\KeyManager\client_auth_cert.pem
password: safest