File Encryption Options

Use Faspex and IBM Aspera High-Speed Transfer Server together to encrypt files before they are transferred, encrypt files at the destination, and encrypt data transferred over the network.

Encryption Options

Option Description Use Case Instructions

Client-Side Encryption-at-Rest (CSEAR)

Option	Description	Use Case	Instructions
Client-Side Encryption-at-Rest (CSEAR)	CSEAR provides end-to-end encryption on uploaded packages. When enabled, Faspex requires users to set an encryption password when uploading packages using IBM Aspera Connect. Connect encrypts the files with that password and transfers the packages to Faspex. Encrypted files are given the `.aspera-env` extension. When a package recipient downloads these `.aspera-env` files, they must use the password to decrypt the files and access their contents. The sender must give the recipient the password.	Give the sender complete control over who has access to the data.	Enable CSEAR by going to Server > Configuration > Security and set Use encryption-at-rest to Always. Note: Do not use CSEAR if you are validating files with IBM Aspera Validator.
Server-Side Encryption-at-Rest (SSEAR)	SSEAR is not a Faspex feature, but an HSTS. When a user sends a package, the HSTS encrypts the transferred files at the destination using a password defined in the aspera.conf configuration file.	Protect data on untrusted storage (for example, cloud storage connected to HSTS).	To enable SSEAR, see IBM Aspera High-Speed Transfer Server Admin Guide: Server-Side Encryption-at-rest (EAR).
Encryption-in-Transit	Encrypt transfers using the AES-128 encryption standard.	Protect data transfer through an untrusted or insecure network.	Enable encryption-in-transit by going to Server > Configuration > Security and select Encrypt transfer.

CSEAR provides end-to-end encryption on uploaded packages. When enabled, Faspex requires users to set an encryption password when uploading packages using IBM Aspera Connect. Connect encrypts the files with that password and transfers the packages to Faspex.

Encrypted files are given the .aspera-env extension. When a package recipient downloads these .aspera-env files, they must use the password to decrypt the files and access their contents.

The sender must give the recipient the password.

Give the sender complete control over who has access to the data.

Enable CSEAR by going to Server > Configuration > Security and set Use encryption-at-rest to Always.

Note: Do not use CSEAR if you are validating files with IBM Aspera Validator.

Server-Side Encryption-at-Rest (SSEAR)

SSEAR is not a Faspex feature, but an HSTS.

When a user sends a package, the HSTS encrypts the transferred files at the destination using a password defined in the aspera.conf configuration file.

Protect data on untrusted storage (for example, cloud storage connected to HSTS).

To enable SSEAR, see IBM Aspera High-Speed Transfer Server Admin Guide: Server-Side Encryption-at-rest (EAR).

Encryption-in-Transit Encrypt transfers using the AES-128 encryption standard. Protect data transfer through an untrusted or insecure network. Enable encryption-in-transit by going to Server > Configuration > Security and select Encrypt transfer.