Stormshield Data File

Stormshield Data File can be configured in the filePolicy section of the .json file. The table below describes its parameters. In the SDMC administration console, the equivalent parameters are found in Policies > Features > File.

For more information on configuring this feature, refer to the section Configuring Stormshield Data Filein the Administration guide.

Parameter Description Possible values SDMC
fileFormat Format of the encrypted file.

sdsx,

sbox

Encryption format
forceTranscipheringToSdsx

Optional.

Only when .sdsx format is chosen for the “fileFormat” parameter: automatically converts .sbox files to .sdsx format when the user opens them.

By default, the value is “false”.

true,

false

Force conversion of .sbox files to .sdsx format
moveTranscipheredSbox Technical parameter required to operate the moveTranscipheredSboxTo parameter below. Its value is not taken into account by the SDS Enterprise agent.

true,

false

 
moveTranscipheredSboxTo Specifies where to move .sbox files upon conversion if the "forceTranscipheringToSdsx" parameter is enabled. If this setting is empty or missing from the policy, or if the designated path is inaccessible during conversion, the .sbox file remains in its original location, next to the new .sdsx file. String After conversion, move the .sbox files to
allowFileEncryption Indicates whether the user is allowed to encrypt files.

true,

false

Enable file encryption
allowNetworkEncryption Indicates whether the user is allowed to encrypt network files.

true,

false

Enable network file encryption
allowNetworkDecryption Indicates whether the user is allowed to decrypt network files.

true,

false

Enable network file decryption
allowFileDecryption Indicates whether the user is allowed to decrypt files.

true,

false

Enable file decryption
allowFolderEncryption Indicates whether the user is allowed to encrypt folders.

true,

false

Enable folder encryption
allowFolderDecryption Indicates whether the user is allowed to decrypt folders.

true,

false

Enable folder decryption
confirmForEachFile If several files are being encrypted, indicates whether a confirmation is required for each file.

true,

false

Confirm encryption for each file
allowEncryptionForRecipient Indicates whether the user is allowed to encrypt files for themself or for a recipient.

true,

false

Enable file encryption for a recipient
allowSelfDecryptableFilesCreation Indicates whether the user is allowed to create self-decryptable files.

true,

false

Enable creation of self-decryptable files
allowEncryptSmartFile Indicates whether the user is allowed to create smartFILE files.

true,

false

Allow creation of smartFILE files
readOnlyFilesEncryption

Indicates how to process read-only files.

treatAsUsual,

 

askConfirmation,

 

doNotEncryptBut
Notify, neitherEncrypt
NorNotify

Process normally like standard files,

Request confirmation,

Notify but do not encrypt,

Neither notify nor encrypt

autoEncryptDecryptedFolder Enables or disables automatic Windows encryption on the temporary directory for decrypting .sdsx files (directory C:\Users\[user]\AppData\LocalLow\Stormshield\Stormshield Data Security\Decrypted).

true,

false

Windows encryption of the decryption temporary directory
exclusionList Specifies the parameters of the exclusion list. To use this list, refer to exclusionList section. Exclude list exclusionList
decryptionList Specifies the parameters of the automatic file decryption list. To use this list, refer to decryptionList section.

 

Decryption list decryptionList
encryptionList Specifies the parameters of the automatic file encryption list. To use this list, refer to encryptionList section.

 

Encryption list encryptionList
allowTranscipheringWithDelegationKeys

Optional. Specifies whether decryption with delegation keys is allowed.

By default, the value is “false”.

true,

false

N/A
encryptHiddenFiles Indicates whether hidden files must be encrypted.

true,

false

Encrypt hidden files
blockedExtensionsOnOpening Types of files that must first be decrypted before opening. List of extensions in .ext format N/A

decryptionList section

Files included in decryption lists are automatically decrypted at a predetermined time or when a predetermined event takes place. The following parameters are specified in the filePolicy.decryptionList section of the .json file.

Parameter Description Possible values SDMC
askConfirmation

Indicates whether a confirmation is required before automatic decryption.

true,

false

Ask confirmation before performing automatic decryption
displayReport Indicates whether to display a report after automatic decryption.

true,

false

Display report after performing automatic decryption
files List of files to decrypt automatically.

 

Files decrypted automatically
 

path: File path. To indicate several files, the “files” list must contain several objects, each with a different “path” property. For example:

"files": [
{
"path": "path1"
},
{
"path": "path2"
}
]
String File path
folders List of folders to decrypt automatically.

 

 
 

path: Folder path. To indicate several folders, this parameter must be used several times. See the "files" parameter.

String Folder path or mask
  recursive: Indicates whether sub-folders are included in the decryption list.

true,

false

Include sub-folders
masks List of masks to decrypt automatically. To indicate several masks, this parameter must be used several times. See the "files" parameter.

 

 
 

path: Mask path. To indicate several masks, this parameter must be used several times. See the "files" parameter.

String Folder path or mask
  recursive: Indicates whether sub-folders are included in the decryption list.

true,

false

Include sub-folders
onConnection Decrypts the list of files upon connection to SDS Enterprise.

true,

false

Decrypts automatically upon connection to the SDS Enterprise account
onScreenSaverOver Decrypts the list of files when screensaver stops.

true,

false

Decrypt automatically when screensaver stops
onSessionUnlock Decrypt the list of files when unlocking session.

true,

false

Decrypt automatically when unlocking session

encryptionList section

Files included in encryption lists are automatically encrypted at a predetermined time or when a predetermined event takes place. The following parameters are specified in the filePolicy.encryptionList section of the .json file.

Parameter Description Possible values SDMC
askConfirmation

Indicates whether a confirmation is required before automatic encryption.

true,

false

Ask confirmation before performing automatic encryption
displayReport Indicates whether to display a report after automatic encryption.

true,

false

Display report after performing automatic encryption
files List of files to encrypt automatically.

 

Files encrypted automatically
 

path: File path. To indicate several files, the “files” list must contain several objects, each with a different “path” property. For example:

"files": [
{
"path": "path1"
},
{
"path": "path2"
}
]
String File path
fixedTimesInSeconds List of times at which files are automatically encrypted. Expressed in number of seconds from 00:00. For example, 1:30 a.m. is represented by a value of 5400. List of positive whole integers N/A
folders List of folders to encrypt automatically.  
 

path: Folder path. To indicate several folders, this parameter must be used several times. See the "files" parameter.

String Folder path
  recursive: Indicates whether sub-folders are included in the encryption list.

true,

false

Include sub-folders
intervalMinutes Frequency with which files are automatically encrypted. Expressed in minutes. Positive integer. Automatic encryption frequency
masks List of masks to encrypt automatically.

 

 
 

path: Mask path. To indicate several masks, this parameter must be used several times. See the "files" parameter.

String Folder path or mask
  recursive: Indicates whether sub-folders are included in the encryption list.

true,

false

Include sub-folders
onDisconnection Enables list when disconnecting from SDS Enterprise.

true,

false

Encrypt automatically when disconnecting from the SDS Enterprise account
onScreenSaverStarted Enables the list when screensaver starts.

true,

false

Encrypt automatically when screensaver starts
onSessionLock Enables the list when locking the SDS Enterprise session.

true,

false

Decrypt automatically when locking session

exclusionList section

Using an exclusion list, you can exclude some files to prevent them from being encrypted by mistake. The following parameters are specified in the filePolicy.exclusionList section of the .json file.

Parameter Description Possible values SDMC
displayWarning Indicates whether a warning window must be displayed if an operation could not be completed because of the exclusion list.

true,

false

Display warning when encryption is rejected
files List of files to be excluded from encryption.

 

Files excluded from encryption
  askForConfirmation: Indicates whether confirmation must be requested for the encryption of excluded files.

true,

false

N/A
 

path: File path. To indicate several files, the “files” list must contain several objects, each with a different “path” property. For example:

"files": [
{
"path": "path1"
},
{
"path": "path2"
}
]
String File path
folders List of folders to be excluded from encryption.

 

Folders or masks excluded from encryption
  askForConfirmation: Indicates whether confirmation must be requested for the encryption of excluded folders.

true,

false

N/A
  path: Folder path. To indicate several folders, this parameter must be used several times. See the "files" parameter. String File path
  recursive: Indicates whether sub-folders are included in the exclusion list.

true,

false

Include sub-folders
masks List of masks to be excluded from encryption.

 

Folders or masks excluded from encryption
  askForConfirmation: Indicates whether confirmation must be requested for the encryption of excluded files.

true,

false

N/A
  path: Path of the mask with the "*.ext" extension to apply the mask. To indicate several masks, this parameter must be used several times. See the "files" parameter. String File path
  recursive: Indicates whether sub-folders are included in the exclusion list.

true,

false

Include sub-folders