Cross-encrypting files

SDS Enterprise allows you to update the list of users authorized to access files encrypted with Stormshield Data File. You can add or remove users. When updating the list of authorized users, Stormshield Data File re-encrypts the file(s) using a new encryption key. This operation is referred to as file “cross-encryption”.

Encrypted files are cross-encrypted to their original formats: if they are in .sdsx, they will remain in .sdsx after cross-encryption.

Before you start, make sure you have the certificates for each new user to be added (.cer or .crt file). This certificate can be sent to you, obtained from your trusted address book or from an LDAP directory (refer to the SDS Enterprise Administration guide).

To launch the file cross-encryption wizard:

  1. From the Windows Start menu, select Programs > Stormshield Data Security.
  2. Select Stormshield Data File – Cross-encrypt your files. A welcome page appears.
  3. Select the folder containing the files to cross-encrypt. To include files located in sub-folders, select the Apply to sub-folders checkbox. Click on Next. The displayed list is from the trusted address book and suggests only certificates valid for the operation (currently valid certificate with which encryption is allowed).
  4. Select the certificates of users that you want to add to files in Stormshield Data File.

    If some users are missing from the list, click on to update the trusted address book by importing new user certificates directly from files or from an LDAP directory.

    Click on Next.

  5. Click on Yes, I remain a user of these files to continue being able to access the files you are about to cross-encrypt.

    Otherwise, click on No, I am no longer a user of these files. The option you choose has no effect if you cross-encrypt a file:

    • With a decryption key (you will not be added to the users allowed to decrypt the file, but will be able to access the file as long as you can use the decryption key).
    • With a private key for your personal use. You will be automatically added to the list of users allowed to decrypt the file.

    Click on Next.

  6. Check the information displayed and click on Finish. The wizard looks for the files in the specified folder and cross-encrypts them. When the task has completed, a report displays all the processed files in a tree view. It provides statistics by indicating:
    • the number of files to process
    • the number of files processed
    • the number of files for which the operation failed

For each file/folder, an icon indicates the result of the operation:

  • : The folder has been successfully cross-encrypted.
  • : The folder has been successfully processed, but it contains files that could not be cross-encrypted for the following reasons:
    • The key was not found – you are not authorized to access the file;
    • The file has been encrypted using a decryption key.
  • : The folder does not contain any encrypted file.
  • : The folder contains a file containing errors.
  • : The file has been successfully cross-encrypted.
  • : The file was not cross-encrypted for the following reasons:
    • The key was not found – you are not authorized to access the file.
    • The file has been encrypted using a decryption key.
  • : The file contains errors.