Configuring Stormshield Data File

File encryption in Stormshield Data File makes it possible to guarantee the confidentiality of the data that your users process every day. With this feature, encryption and decryption tasks on user-defined event triggers can also be automated.

For more information, refer to Securing files in the SDS Enterprise advanced user guide.

Configuring file encryption

  • Go to Policies > Features > File, and enable the settings of your choice.

Properties

The default encryption format is .sdsx.

In this format, the user can edit an encrypted file transparently without the need to decrypt and subsequently re-encrypt it, as was the case with the previous sbox format.

Converting .sbox files to .sdsx format

These options work with the .sdsx encryption format.

If you want your users' files in the old .sbox format to be replaced by files in .sdsx format, activate the Force conversion of .sbox files to .sdsx format option. When a user opens an encrypted file with the .sbox extension, it is automatically converted to .sdsx format and the user does not need to re-encrypt it after opening. The new file is protected for the same recipients as the original file.

You can specify a path to move old .sbox files to after conversion. Otherwise, they remain in their original location.

Conversion only works on one .sbox file at a time.

If this option is disabled, two context menus allow you to Open or Unprotect a .sbox file. If this option is enabled, a single menu is used to Open the file.

If the user selects several files including at least one .sbox file, only the Open menu is visible.

Encryption and decryption

Select the items for which you wish to authorize encryption and decryption.

Multiple encryption
  • If the user frequently needs to encrypt a large volume of files, unselect Confirm encryption for each file.

  • You can choose whether to encrypt hidden files.

Special encryption
  • When you enable file encryption for a recipient, you will use the recipient's public key for encryption and they will use their private key for decryption.

  • Self-decrypting files can be shared with recipients who do not have either Stormshield Data File or Security BOX SmartFILE.

  • SmartFILEs can be shared with recipients who only have Security BOX SmartFILE. For more information, see Generating a Security BOX SmartFILE filein the SDS Enterprise Advanced User Guide.

Encryption of read-only files There are several options available for the encryption of read-only files.
Manual encryption and decryption of lists See the section below on how to use lists.
Windows encryption of the decryption temporary directory

By default, Windows encryption of the temporary directory for decrypting .sdsx files (directory C:\Users\[user]\AppData\LocalLow\Stormshield\Stormshield Data Security\Decrypted) is enabled.

You can disable it.

For more information on the advanced use of the File feature on the SDS Enterprise agent, refer to the section Stormshield Data File.

Using lists

Encryption and decryption lists can be used to automate file encryption and decryption for error-free ease of use. A file list can also be created to prevent selected files from being encrypted.