Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

We support the following methods for decrypting files:
  • File Encryption Agent GUI
  • Futurex Command Line Interface (FXCLI)
In addition to having the required File Encryption permissions, you must grant identities the Use permission on the File Encryption Profile that performs decryption operations.
If you configured the File Encryption Profile for decryption with a File Encryption v1 key, you must authenticate with a hardened identity with Use permissions on the key. You can use the default Admin1 and Admin2 identities.
Select one of the following methods and perform the instructions:

File Encryption Agent GUI

To decrypt files by using the File Encryption Agent GUI, perform the following steps.
1
Locate and run fenca-gui.exe, which is contained in the main fenca directory. The installation process defines this location.
2
In the Futurex File Encryption GUI, select [ Open File ] at the bottom of the window.
3
In the File Details window, select [ Browse ] to locate and select the file to decrypt.
4
After all the fields are pulled automatically from the file header, verify the check digits of the File Encryption Key used to decrypt the file and select [ Decrypt ]. Then, choose a location to save the decrypted file and select [ Save ].
5
When a message confirms that the file has been successfully decrypted, select [ OK ].

Futurex Command Line Interface (FXCLI)

To decrypt files using the FXCLI, perform the following steps:
1
Locate and run fxcli-kmes.exe, which is inside the bin directory in the main fxcl directory. This location is defined during the installation process.
2
In FXCLI, run the following tls commands to configure the same TLS certificates configured in the File Encryption GUI:
FXCLI
  $ tls pki --file C:\FENCA\TLS\file_encryption_agent.p12 --password file_password

  $ tls ca --file C:\FENCA\TLS\root_ca_cert.pem
3
Connect to the KMES Series 3.
FXCLI
  $ connect --connect 10.0.5.40:2001
4
Log in to the KMES Series 3 with the same identity used for the File Encryption Agent in the previous section.
FXCLI
  $ login user --username FileEncryptionAgent --password identity_password
You must configure the Password authentication mechanism for the FileEncryptionAgent identity to log in with a password by using the preceding command.
5
List the name and uuid of all File Encryption Profiles that the FileEncryptionAgent identity can access.
FXCLI
  $ file-protect list
  Found 1 file encryption profiles.
  result:
      status: success
      statusCode: 0
  profiles:
      -
          name: "File Encryption Agent"
          uuid: "{0157AD66-9C66-0001-001A-35FA039C55EE}"
6
Decrypt an encrypted file.
FXCLI
  $ file-protect decrypt --file C:\FENCA\test.enc --out C:\FENCA\test.txt --local --profile "{0157AD66-9C66-0001-001A-35FA039C55EE}"
The —local flag is optional for File Encryption v1 keys but required for File Encryption v2 keys.The —local flag makes FXCLI pull keys and encrypt locally instead of sending the file to the KMES to be encrypted.
FXCLI determines which File Encryption Profile to use for decryption by referencing the uuid you provide in the —profile flag.