Stormshield Data File

Stormshield Data File can be configured in the filePolicy section of the .json file. The table below describes its parameters. In the SDMC administration console, the equivalent parameters are found in Policies > Features > File.

For more information on configuring this feature, refer to the section Configuring Stormshield Data Filein the Administration guide.

Parameter	Description	Possible values	SDMC
fileFormat	Format of the encrypted file.	sdsx, sbox	Encryption format
forceTranscipheringToSdsx	Optional. Only when .sdsx format is chosen for the “fileFormat” parameter: automatically converts .sbox files to .sdsx format when the user opens them. By default, the value is “false”.	true, false	Force conversion of .sbox files to .sdsx format
moveTranscipheredSbox	Technical parameter required to operate the moveTranscipheredSboxTo parameter below. Its value is not taken into account by the SDS Enterprise agent.	true, false
moveTranscipheredSboxTo	Specifies where to move .sbox files upon conversion if the "forceTranscipheringToSdsx" parameter is enabled. If this setting is empty or missing from the policy, or if the designated path is inaccessible during conversion, the .sbox file remains in its original location, next to the new .sdsx file.	String	After conversion, move the .sbox files to
allowFileEncryption	Indicates whether the user is allowed to encrypt files.	true, false	Enable file encryption
allowNetworkEncryption	Indicates whether the user is allowed to encrypt network files.	true, false	Enable network file encryption
allowNetworkDecryption	Indicates whether the user is allowed to decrypt network files.	true, false	Enable network file decryption
allowFileDecryption	Indicates whether the user is allowed to decrypt files.	true, false	Enable file decryption
allowFolderEncryption	Indicates whether the user is allowed to encrypt folders.	true, false	Enable folder encryption
allowFolderDecryption	Indicates whether the user is allowed to decrypt folders.	true, false	Enable folder decryption
confirmForEachFile	If several files are being encrypted, indicates whether a confirmation is required for each file.	true, false	Confirm encryption for each file
allowEncryptionForRecipient	Indicates whether the user is allowed to encrypt files for themself or for a recipient.	true, false	Enable file encryption for a recipient
allowSelfDecryptableFilesCreation	Indicates whether the user is allowed to create self-decryptable files.	true, false	Enable creation of self-decryptable files
allowEncryptSmartFile	Indicates whether the user is allowed to create smartFILE files.	true, false	Allow creation of smartFILE files
readOnlyFilesEncryption	Indicates how to process read-only files.	treatAsUsual, askConfirmation, doNotEncryptBut Notify, neitherEncrypt NorNotify	Process normally like standard files, Request confirmation, Notify but do not encrypt, Neither notify nor encrypt
autoEncryptDecryptedFolder	Enables or disables automatic Windows encryption on the temporary directory for decrypting .sdsx files (directory C:\Users\[user]\AppData\LocalLow\Stormshield\Stormshield Data Security\Decrypted).	true, false	Windows encryption of the decryption temporary directory
exclusionList	Specifies the parameters of the exclusion list. To use this list, refer to exclusionList section.	Exclude list	exclusionList
decryptionList	Specifies the parameters of the automatic file decryption list. To use this list, refer to decryptionList section.	Decryption list	decryptionList
encryptionList	Specifies the parameters of the automatic file encryption list. To use this list, refer to encryptionList section.	Encryption list	encryptionList
allowTranscipheringWithDelegationKeys	Optional. Specifies whether decryption with delegation keys is allowed. By default, the value is “false”.	true, false	N/A
encryptHiddenFiles	Indicates whether hidden files must be encrypted.	true, false	Encrypt hidden files
blockedExtensionsOnOpening	Types of files that must first be decrypted before opening.	List of extensions in .ext format	N/A

decryptionList section

Files included in decryption lists are automatically decrypted at a predetermined time or when a predetermined event takes place. The following parameters are specified in the filePolicy.decryptionList section of the .json file.

Parameter	Description	Possible values	SDMC
askConfirmation	Indicates whether a confirmation is required before automatic decryption.	true, false	Ask confirmation before performing automatic decryption
displayReport	Indicates whether to display a report after automatic decryption.	true, false	Display report after performing automatic decryption
files	List of files to decrypt automatically.		Files decrypted automatically
	path: File path. To indicate several files, the “files” list must contain several objects, each with a different “path” property. For example: "files": [ { "path": "path1" }, { "path": "path2" } ]	String	File path
folders	List of folders to decrypt automatically.
	path: Folder path. To indicate several folders, this parameter must be used several times. See the "files" parameter.	String	Folder path or mask
	recursive: Indicates whether sub-folders are included in the decryption list.	true, false	Include sub-folders
masks	List of masks to decrypt automatically. To indicate several masks, this parameter must be used several times. See the "files" parameter.
	path: Mask path. To indicate several masks, this parameter must be used several times. See the "files" parameter.	String	Folder path or mask
	recursive: Indicates whether sub-folders are included in the decryption list.	true, false	Include sub-folders
onConnection	Decrypts the list of files upon connection to SDS Enterprise.	true, false	Decrypts automatically upon connection to the SDS Enterprise account
onScreenSaverOver	Decrypts the list of files when screensaver stops.	true, false	Decrypt automatically when screensaver stops
onSessionUnlock	Decrypt the list of files when unlocking session.	true, false	Decrypt automatically when unlocking session

encryptionList section

Files included in encryption lists are automatically encrypted at a predetermined time or when a predetermined event takes place. The following parameters are specified in the filePolicy.encryptionList section of the .json file.

Parameter	Description	Possible values	SDMC
askConfirmation	Indicates whether a confirmation is required before automatic encryption.	true, false	Ask confirmation before performing automatic encryption
displayReport	Indicates whether to display a report after automatic encryption.	true, false	Display report after performing automatic encryption
files	List of files to encrypt automatically.		Files encrypted automatically
	path: File path. To indicate several files, the “files” list must contain several objects, each with a different “path” property. For example: "files": [ { "path": "path1" }, { "path": "path2" } ]	String	File path
fixedTimesInSeconds	List of times at which files are automatically encrypted. Expressed in number of seconds from 00:00. For example, 1:30 a.m. is represented by a value of 5400.	List of positive whole integers	N/A
folders	List of folders to encrypt automatically.
	path: Folder path. To indicate several folders, this parameter must be used several times. See the "files" parameter.	String	Folder path
	recursive: Indicates whether sub-folders are included in the encryption list.	true, false	Include sub-folders
intervalMinutes	Frequency with which files are automatically encrypted. Expressed in minutes.	Positive integer.	Automatic encryption frequency
masks	List of masks to encrypt automatically.
	path: Mask path. To indicate several masks, this parameter must be used several times. See the "files" parameter.	String	Folder path or mask
	recursive: Indicates whether sub-folders are included in the encryption list.	true, false	Include sub-folders
onDisconnection	Enables list when disconnecting from SDS Enterprise.	true, false	Encrypt automatically when disconnecting from the SDS Enterprise account
onScreenSaverStarted	Enables the list when screensaver starts.	true, false	Encrypt automatically when screensaver starts
onSessionLock	Enables the list when locking the SDS Enterprise session.	true, false	Decrypt automatically when locking session

exclusionList section

Using an exclusion list, you can exclude some files to prevent them from being encrypted by mistake. The following parameters are specified in the filePolicy.exclusionList section of the .json file.

Parameter	Description	Possible values	SDMC
displayWarning	Indicates whether a warning window must be displayed if an operation could not be completed because of the exclusion list.	true, false	Display warning when encryption is rejected
files	List of files to be excluded from encryption.		Files excluded from encryption
	askForConfirmation: Indicates whether confirmation must be requested for the encryption of excluded files.	true, false	N/A
	path: File path. To indicate several files, the “files” list must contain several objects, each with a different “path” property. For example: "files": [ { "path": "path1" }, { "path": "path2" } ]	String	File path
folders	List of folders to be excluded from encryption.		Folders or masks excluded from encryption
	askForConfirmation: Indicates whether confirmation must be requested for the encryption of excluded folders.	true, false	N/A
	path: Folder path. To indicate several folders, this parameter must be used several times. See the "files" parameter.	String	File path
	recursive: Indicates whether sub-folders are included in the exclusion list.	true, false	Include sub-folders
masks	List of masks to be excluded from encryption.		Folders or masks excluded from encryption
	askForConfirmation: Indicates whether confirmation must be requested for the encryption of excluded files.	true, false	N/A
	path: Path of the mask with the "*.ext" extension to apply the mask. To indicate several masks, this parameter must be used several times. See the "files" parameter.	String	File path
	recursive: Indicates whether sub-folders are included in the exclusion list.	true, false	Include sub-folders