Are files encrypted in MetaDefender Managed File Transfer and, if so, how?

Yes, MetaDefender Managed File Transfer encrypts files after they have been successfully processed:

• The algorithm used for encryption is the Advanced Encryption Standard (AES) with Cipher Block Chaining mode enabled, and PKCS #7 padding:

  • The cipher block size is 128 bits.
  • The cryptographic key is 256 bits.
  • The algorithm also uses an initialization vector (IV) of 128 bits.
  • The cryptographic key is derived from a randomly generated 256 bit passphrase and 64 bit salt, conforming to the RFC 2898 standard.

• Users have the option to generate new cryptographic keys to facilitate key rotation as an extra security measure:

  • Bear in mind that only new files will be encrypted with your newly generated cryptographic keys.
  • Files that were uploaded prior to key generation will remain encrypted with the original cryptographic key.
  • For instructions on how to generate a new cryptographic key, please Read This.

• The MetaDefender Managed File Transfer system stores all encryption keys in the database as UTF-8 encoded hexadecimal characters:

  • Following successful key generation, the system will return the newly created cryptographic key as a UTF-8 encoded hexadecimal sequence of characters.
  • It is possible to use a trusted platform module (TPM) or hardware security module (HSM) to store the key, but these cannot be directly queried by the MetaDefender Managed File Transfer application.