Set up file encryption

2 min

this section covers creating keys on the {{k}} for encrypting the files it also describes creating an encryption profile that defines the criteria the {{k}} uses to determine which files to encrypt on the sftp or cifs share and where to store the files perform these tasks after logging in locally to the excrypt touch with the print1 and print2 identities created in the previous section create the necessary keys perform the following steps to create the necessary keys from the excrypt touch dashboard, bring online the connection profile you created for connecting to the {{k3}} after the device comes online, access the application manager for that device by selecting \[ go ] in the right column log in to the {{k}} by using the print1 and print2 identities go to the keys menu and select \[ add key group ] in the key group editor window, configure the following settings setting required configuration name file printing algorithm none owner group select the printers role created in a previous section ownership select do not apply to child key groups in the drop down list owner name leave blank owner address leave blank select \[ ok ] to finish creating the key group right click the newly created key group and select add > random in the generate key window, configure the following settings setting required configuration name version1 key type file encryption key encrypting key pmk algorithm aes key length aes 256 key usage wrap/unwrap exportability leave unchecked select \[ next ] twice then on the summary page, select \[ finish ] the new key now displays under the file printing key group right click on the file printing key group, and select add > random in the generate key window, configure the following settings setting required configuration name version2 key type file encryption key v2 encrypting key pmk algorithm aes key length aes 256 key usage encrypt/decrypt exportability leave unchecked select \[ next ] twice then on the summary page, select \[ finish ] the new key now displays under the file printing key group create an encryption profile perform the following steps to create an encryption profile from the excrypt touch dashboard , bring online the connection profile that you created for connecting to the {{k3}} after the device comes online, access the application manager for that device by selecting \[ go ] in the right column log in to the {{k}} using the print1 and print2 identities go to the file encryption menu and select \[ add ] on the info tab of the file encryption profile window, enter protected in the name field and change the key mode to hsm protected in the key field, select \[ choose ] and select the version2 key, which is in the file printing key group go to the input tab and enter the following required information option description source select the type of file share that the {{k}} mounts to for this file encryption profile ( sftp or cifs ) you can also set this field to disabled if you want to set the mount point at a later time extension specify the file extension which the {{k}} should monitor on the mount point and then encrypt directory when you select \[ browse ], a file browser opens on either the sftp or cifs share (depending on which type of share you set in the source field) in the file browser, navigate to and select the folder that contains the files that you want to be encrypted subfolders if this box is checked, the {{k}} looks for files that are contained within subfolders of the folder configured in the directory field delete original if this box is checked, the {{k}} deletes the original unencrypted file after it stores the encrypted version of the file exclude specify file paths to exclude from file encryption (for example, exampledirectory/examplesubdirectory/ txt ) the exclude path that you specify is relative to the file encryption profile input directory also, note that the asterisk symbol is the only regular expression that you can use go to the output tab and enter the following required information option description destination select the location where you want to store the encrypted files (such as sftp , cifs , or kmes ) the {{k}} option stores the encrypted files on a data partition on the {{k}} device you can set this field to disabled if you want to set the location at a later time extension in this field, specify the extension that you want encrypted files to have directory if the destination is set to either sftp or cifs , select \[ browse ] , which opens a file browser on whichever file share you configured in the file browser, go to and select the directory where you want to store the encrypted files if you selected kmes as the destination, you don't need to configure this field overwrite in the drop down menu, select either overwrite or version include path if this box remains unchecked, the file header uses only the original file name if this box is checked, the file header uses the entire path and original file name select \[ ok ] to finish creating the file encryption profile

Configure Excrypt Touch

Test file encryption