At-Rest Encryption in SynaMan

At-Rest Encryption encrypts files that are uploaded using SynaMan's web interface. These files are automatically decrypted right before they are downloaded from the web interface. It is important that you read this page in its entirety before using this feature.

What happens in the background

  • SynaMan creates a random key when this feature is first used. This key is saved in $INSTALL_DIR\config\encryption.key file. SynaMan will send an email notification to the administrator when a new key is created.
  • Uploaded files are automatically encrypted using this key. Similarly, SynaMan will decrypt the file when a user is asked to download it

Very Important

You must backup $INSTALL_DIR\config\encryption.key and keep it in a safe place. You will NOT be able to decrypt files if this encryption.key file gets corrupted or is deleted. Our support department will not be able help you if you don't have this file backed up.

Note that the last modified date (LMD) of this file should never change after creation. A newer LMD indicates somehow the file was modified and you may have to restore it.

Risks Involved

Needless to say, you will lose your data if the encryption key is either corrupted or missing. If the file is deleted by mistake, SynaMan will end up creating a new key. Since the new key will be different from the older one, you will not be able to decrypt files encrypted with the older key.

Additionally, uploads and downloads will be a slower since both operations will require additional processing.

Using At-Rest Encryption

This feature is off by default. Use the following steps to enable it.

  1. Login as admin
  2. Click Configuration and select the Security tab
  3. Check At-Rest Encryption

Encrypting User's Home Folders

  • When adding new users, check Encrypt Home Folder
  • You could also add encryption to existing users by clicking Modify under Manage Users.
  • Encrypting user's home folder only affects a single user. Therefore, you could selectively pick the user whose data is encrypted

Encrypting Virtual Folders

  • Check Encrypt when adding a new virtual folder
  • Encrypting will affect every user who is granted permission to this folder.

Mapped Drives

At-rest encryption does not work with mapped drives. Therefore, do not use encryption if you plan to use mapped drives.

Frequently Asked Questions

Can I switch the home folder of an existing user to use encryption?

Yes. You will have an option of encrypting existing files that were in clear earlier after you save the configuration.

Note that the opposite is not possible - meaning for security reasons, you cannot decrypt files belonging to a user. In order to decrypt, you must login as the user and download files using the web interface.

Can I enable encryption of an existing shared folder?

Yes. Try adding the same shared folder again, which will modify its properties. Since the existing files in the folder are not encrypted, use the following steps to encrypt them:

  • Log in as admin
  • Click Manage Folders
  • You will see a lock icon ( ) next to the folder that are encryption.
  • Click the icon to encrypt files

How can I validate encryption status for files?

You can validate encrypted files for both user's home folders as well as shared folders. To do that, click the lock icon ( ) either under Manage Folders or Manage Users. This process does following:

  • Ensures every file is encrypted using the expected key. If a file is found in clear, it will be encrypted.
  • Generates a report via email contain a list of files that were modified.

How important is the encryption.key file?

You will definitely lose important files if the encryption key, which is saved in $INSTALL_DIR\config\encryption.key is either deleted or gets corrupted. To avoid such problems and to prevent data loss, SynaMan will send emails to the administrator when:

  • A new encryption key is created.
  • A file is found encrypted with a different key.
It is recommended that you restore the encryption key from a backup as soon as you get an alert via email.
The encryption key should never be modified once it is created. Therefore, the last modified date of the encryption.key file should never change.


Social Media

Powered by