File encryption

Connect provides a means to protect files with Aspera encryption when the files are uploaded to a content-protected server, and to decrypt those files when downloaded.

Whenever you upload files to a server configured as a content-protected host, Connect prompts you to create a passphrase to protect the files with Aspera encryption. When you download those files, access to the files' contents requires that you provide the passphrase to decrypt them. Files can be decrypted during the download transfer, or decrypted after the download is complete. Files can be decrypted from within Connect, or by using the utility IBM Aspera Crypt, which is included in the Connect installation.

Encrypting files

Servers to which you want to upload encrypted files must be enabled for content protection. For more information, see the Content Protection section of Security Config.

When uploading files to a content-protected server, you are prompted for a passphrase to encrypt the files. You can either enter the passphrase in the text field, or check Keep files unencrypted to proceed without using this feature (if allowed by the server). To start the transfer, click OK.

Protect Content - IBM Aspera Connect

Once Aspera-encrypted files are uploaded to your server, you can identify them by an extra file extension, .aspera-env (Aspera Security Envelope).

Aspera Security Envelope

Decrypting Files During Download

When you use Connect to download a content-protected file, a dialog opens prompting you for a decryption passphrase:

Protected Content - IBM Aspera Connect

You have two options:

  • Enter the passphrase. In this case, Connect decrypts the files during the download. When the files arrive at their destination, they are no longer encrypted, and no further steps are necessary.
  • Check the Keep files encrypted box. In this case, Connect transfers the files to the destination in the encrypted state. You don't need to enter a passphrase (if you do, it is ignored). With this option, the files retain the .aspera-env extension on your disk. You can decrypt the files anytime after the download is completed.
Note: If you choose to decrypt encrypted files during download, the transfer might fail if the password you supply doesn't apply to all the encrypted files. In this case, retry downloading and check the box for Keep files encrypted. You can then decrypt them after they are downloaded. See Decrypting Files after download in the following section.

To proceed with the download, click OK. The Connect Activity window appears and shows the progress of the transfer. When finished, the progress bar disappears, indicating the files are now at their destination.

Decrypting Files after download

To decrypt downloaded files that you have chosen to keep encrypted, run the IBM Aspera Crypt utility. You can start Crypt by using any of the following methods:
  • From the Connect Activity window: Once the transfer is complete, the Connect Activity window displays the link Unlock encrypted files:
    Activity - IBM Aspera Connect
    To start Crypt, click Unlock encrypted files. This is the most convenient method for unlocking protected files once they've been transferred. Depending on your preferences settings, you can also decrypt your files from here later, as the transfer records remain in the Connect Activity window until you remove them by clicking Clear List. However, the files remain only if under the Preferences > General you chose to remove transfer list items Manually instead of automatically after transfer.
  • By opening an Aspera-encrypted file: You can start Crypt by opening an .aspera-env file from the menu or by double-clicking the file.
  • From the Connect application menu: To open the application menu, click the Connect icon in the menu bar. To start Crypt, select Unlock encrypted files.

When you start Crypt, the following window opens:


IBM Aspera Crypt - Passphrase

If you started Crypt from the Connect Activity window or by opening an aspera-env file, Crypt decrypts the files that were selected. From the Crypt window, you can also select Open Files or Open Folder and browse for files or folders to decrypt. When your encrypted contents are loaded into Crypt, a status message is displayed within the application's interface, displaying the number of items ready for decryption.

To unlock protected content, type the encryption passphrase and click Decrypt. The files are unlocked and the results that are displayed in the window:

IBM ASpera Crypt - Decrypt

The decrypted files are placed in the same directory as the original encrypted files:

Windows downloads after decrypting data

If you choose to decrypt a file and there is already an unencrypted file of the same name in that folder, the newly decrypted version appears in the Crypt window and the folder listing with "(decrypted)" added to the file name, as in the previous example. However, if you decrypt the file yet again, the "(decrypted)" file is overwritten without notice.