|General Configuration Reference|
When files are uploaded from an Aspera client to the server, server-side encryption-at-rest (EAR) saves files on disk in an encrypted state. When downloaded from the server, server-side EAR first decrypts files automatically, and then the transferred files are written to the client's disk in an unencrypted state. Server-side EAR provides the following advantages:
Server-side EAR is not designed for cases where files need to move in an encrypted state between multiple computers. For that purpose, client-side EAR is more suitable: files are encrypted when they first leave the client, then stay encrypted as they move between other computers, and are decrypted when they reach the final destination and the passphrase is available.
Do not mix server-side EAR and non-EAR transfers. Doing so can cause problems for clients by overwriting files when downloading or uploading.
Server-side EAR does not work with multi-session transfers (using ascp -C or node API multi_session set to greater than 1).
Set the docroot by modifying aspera.conf, found in the following location:
<user> <name>asp1</name> ... <file_system> <access> <paths> <path> <absolute>file:////Users/testing/Public</absolute> </path> </paths> </access> </file_system> ... </user>
The docroot can also be set for all users (globally, in the <default> section) or for groups.
In the server's aspera.conf file, enter the following for the default (global) encryption settings:
<default> <transfer> <encryption> <content_protection_secret>passphrase</content_protection_secret> </encryption> </transfer> ... </default>
Encryption settings can be similarly configured per group and per user. The following example shows the settings for user asp1:
<user> <name>asp1</name> <transfer> <encryption> <content_protection_secret>passphrase</content_protection_secret> </encryption> </transfer> ... </user>
For all users:
$ asconfigurator -x "set_node_data;transfer_encryption_content_protection_secret,passphrase"
For user asp1:
$ asconfigurator -x "set_user_data;user_name,asp1;transfer_encryption_content_protection_secret, \ passphrase"
You can also set <content_protection_strong_pass_required> and <content_protection_required> to true in the above. Both are optional and set to false by default. The <content_protection_required> option causes server-side EAR to fail if the passphrase is not present. The <content_protection_strong_pass_required> option causes server-side EAR to fail if the passphrase is not sufficiently strong (at least six characters, with at least one letter, number, and special character). For example, the following asconfigurator command adds both these options for all users (global):
$ asconfigurator -x "set_node_data;transfer_encryption_content_protection_required,true; \ transfer_encryption_content_protection_strong_pass_required,true"
From the Server Configuration dialog, open the Users tab and select a user, or open the Global tab. Click the Authorization tab and locate the setting for Content Protection Secret. Select the override box and enter the password.
If desired, you can set Strong Password Required for Content Encryption and Content Protection Required to true.