Generic
File encryption
File Encryption Agent configuration reference
11min
we designed the configuration text file to allow the creation of a static version of the file encryption agent that you can package and install onto multiple servers this works well in enterprise environments where many endpoints or servers require file encryption functionality the first step is to create and test a configuration file that works for your organizational needs after a successful test, you typically conduct a phased deployment summary of file encryption agent configuration the following elements play a role in the file encryption agent servers settings that define connection details for the remote {{k3}} servers that handle cryptographic key management tls settings and files related to mutual authentication with the remote {{k3}} servers that handle cryptographic key mangement auth settings for authentication credentials with the remote {{k3}} servers logging settings related to the logs generated by the file encryption agent, including the verbosity, file size, location, and more administrators can also configure the agent through the file encryption agent gui find more information in the file encryption agent gui reference section of this administrative guide the following descriptions of the configuration items for each of the agent configuration sections apply to both gui based configuration and text file based configuration to generate an example configuration file as a template, open the file encryption agent gui, apply settings, and save the file you must include the section header labels defined in the following sections in the configuration text file the labels are not case sensitive, but the individual configuration parameters are the following table includes recommended default settings, marked by an asterisk ( ) these recommended settings might not be right for all environments but apply to typical installations log configuration file label \[log] configuration description values or example level how verbose the debugging logs should be none, error, info , debug, traffic file location to write debugging logs c \program files\futurex\fenca\fenca log txt console whether or not to print messages to the console (true) or log it to the defined log file (false) true, false time format the time format to use for the logs local is based on the system time of the server, utc is the utc system time of the server, and offset uses iso 8601 structure for time utc, local , offset max file size maximum log file size, in kilobytes the file encryption agent supports encrypting files up to 9999 mb, or 10238976 kb 102400 threads when enabled (true), adds thread identifiers to log messages this is useful for debugging multithreaded environments if threading is not wanted, this configuration setting should be omitted altogether true tls configuration file label \[tls] the tls configuration of the file encryption agent is flexible to meet your organizational security requirements you can mutually authenticate or {{k}} authenticate the tls connection, which ensures the file encryption server does not communicate with any untrusted device the trusted ca certificates for the tls authentication can be read from a file on the file encryption server's hard drive or from a network share configuration description values or example verify whether all certificates in the peer chain must be validated true , fase key the pkcs #12 key used for mutually authenticating with the {{k3}} c \program files\futurex\fenca\keymanager\pki p12 password clear text password to use to decode the key variable certificate file on the hard drive or network share containing the tls certificate c \program files\futurex\fenca\keymanager\client certificate pem ca file on the hard drive or network share containing tls ca certificates (can be listed multiple times) c \program files\futurex\fenca\keymanager\intermediate ca pem crl file on the hard drive or network share containing the certificate revocation list (crl) c \program files\futurex\fenca\keymanager\crl pem servers configuration file label \[kmes] the following table shows the components of the configuration file label \[kmes] configuration description values or example name the name associated with the {{k3}} test server address the ip address and port of the {{k3}} 192 168 1 34 2001 if adding multiple {{k3}} devices to the configuration text file, you can submit multiple instances of these parameters the agent associates each ip address with the name listed immediately following it in the configuration file auth (user) configuration file label \[userlogin] the following table shows the components of the configuration file label \[userlogin] configuration description values or example username the username of the first {{k3}} identity with file encryption and decryption permissions enabled variable password the cleartext password of the first identity variable username the username of the second {{k3}} identity with file encryption and/or decryption permissions enabled variable password the cleartext password of the second identity variable if you need multiple identities to authenticate, you can include the username and password fields multiple times in the configuration file the agent associates each username with the password listed immediately following it in the configuration file auth (pki) configuration file label \[pkilogin] the following table shows the components of the configuration file label \[pkilogin] we recommend pki based application authentication for authenticating with the {{k3}} find more information about setting up pki based authentication in the configure kmes series 3 section of this administrative guide configuration description values or example key the key associated with the {{k3}} identity c \program files\futurex\fenca\keymanager\client key p12 cert the certificate that authenticates with the {{k3}} c \program files\futurex\fenca\keymanager\client auth cert pem password the cleartext password used to decode the pki login key variable example configuration file the following sample configuration file includes both pki based login and credential based login examples in a production configuration file, use one or the other but not both simultaneously \[log] file c \program files\futurex\fenca\fenca log txt level debug console true max file size 102400 threads false time format local \[tls] key c \program files\futurex\fenca\keymanager\pki p12 password safest verify true cert c \program files\futurex\fenca\keymanager\client certificate pem ca c \program files\futurex\fenca\keymanager\intermediate ca pem ca c \program files\futurex\fenca\keymanager\root pem crl c \program files\futurex\fenca\keymanager\crl pem \[kmes] name test server 1 address 192 168 1 35 2001 \[kmes] name test server 2 address 192 168 1 36 2001 \[kmes] name test server 3 address 192 168 1 37 2001 \[userlogin] username admin1 password safest \[userlogin] username admin2 password safest \[pkilogin] key c \program files\futurex\fenca\keymanager\client key p12 cert c \program files\futurex\fenca\keymanager\client auth cert pem password safest