File Encryption

Connect provides a means to protect files with Aspera encryption when the files are uploaded to a content-protected server, and to decrypt those files when downloaded.

Whenever you upload files to a server configured as a content-protected host, Connect prompts you to create a passphrase to protect the files with Aspera encryption. When you download those files, access to the files' contents requires that you provide the passphrase to decrypt them. Files can be decrypted during the download transfer, or decrypted after the download is complete. Files can be decrypted from within Connect, or by using the utility IBM Aspera Crypt, which is included in the Connect installation.

Encrypting Files

Servers to which you want to upload encrypted files must be enabled for content protection. For more information, see the Content Protection section of Security Config.

When uploading files to a content-protected server, you are prompted for a passphrase to encrypt the files. You can either enter the passphrase in the text field, or check Keep files unencrypted to proceed without using this feature (if allowed by the server). To start the transfer, click OK.

Once Aspera-encrypted files have been uploaded to your server, they can be identified by an additional file extension, .aspera-env (Aspera Security Envelope).

Decrypting Files During Download

When you use Connect to download a content-protected file, a window opens prompting you for a decryption passphrase:

You have two options:

  • Enter the passphrase. In this case, Connect decrypts the files during the download. When the files arrive at their destination, they are no longer encrypted, and no further steps are necessary.
  • Check the Keep files encrypted box. In this case, Connect transfers the files to the destination in the encrypted state. You don't need to enter a passphrase (if you do, it is ignored). With this option, the files retain the .aspera-env extension on your disk. You can decrypt the files any time after the download has completed.

To proceed with the download, click OK. The Connect Activity window appears and shows the progress of the transfer. When finished, the progress bar disappears, indicating the files are now at their destination.

Decrypting Files after Download

To decrypt downloaded files you have chosen to keep encrypted, run the IBM Aspera Crypt utility. You can launch Crypt using any of the following methods:
  • From the Connect Activity window: Once the transfer is complete, the Connect Activity window displays the link Unlock encrypted files:
    To launch Crypt, click Unlock encrypted files. This is the most convenient method for unlocking protected files once they've been transferred. Depending on your preferences settings, you can also decrypt your files from here later, as the transfer records remain in the Connect Activity window until you remove them by clicking Clear List. However, the files remain only if under the Preferences > General you chose to remove transfer list items Manually instead of automatically after transfer.
  • By opening an Aspera-encrypted file: You can launch Crypt by opening an .aspera-env file from the context menu or by double-clicking the file.
  • From the Connect application menu: To open the application menu, click the Connect icon in the menu bar. To launch Crypt, select Unlock encrypted files.
  • You can launch Crypt directly from the macOS Applications menu.

When you launch Crypt, the following window opens:

If you launched Crypt from the Connect Activity window or by opening an aspera-env file, Crypt decrypts the files that were selected. From the Crypt window, you can also select Open Files or Open Folder and browse for files or folders to decrypt. When your encrypted contents are loaded into Crypt, a status message appears at the bottom of the application, displaying the number of items ready for decryption.

To unlock protected content, fill in the encryption passphrase and click Decrypt. The files are unlocked and the results displayed in the window:

The decrypted files are placed in the same directory as the original encrypted files:

If you choose to decrypt a file and there is already an unencrypted file of the same name in that folder, the newly decrypted version appears in the Crypt window and the folder listing with "(decrypted)" added to the filename, as in the above example. However, note that if you decrypt the file yet again, the "(decrypted)" file is overwritten without notice.