Search Contact Us  | Language  | Cart
Skip Navigation Links
Products
Downloads
Store
Support
Resellers
Company
Skip Navigation LinksHome > Products > CuteFTP Professional > Feature Tour > File Transfer Security
CuteFTP Professional
What's New
Feature Tour
Compare Home to Pro
Awards and Reviews
System Requirements
Support
Download
Upgrade
Purchase

 CuteFTP Professional Feature Tour: File Transfer Security

File Transfer Security
Secure Socket Layer (SSL) Sessions
SSL Session Choices
SSL Certificates
HTTPS Sessions
Secure Shell (SSH2) Sessions
SFTP Configuration Options
SFTP Identity Files
OpenPGP Encryption and Decryption
Secure Login Using OTP
Password Manager

Secure Socket Layer (SSL) Sessions
CuteFTP Professional secures sessions with 128-bit SSL, the same secure technology used by Internet browsers and servers for authentication, message integrity, and data confidentiality.

Secure Connection



SSL Session Choices
When setting up your SSL connection, CuteFTP lets you choose between three common SSL implementations, including TLS (AUTH TLS)*, SSL Implicit** (direct connect over port 990) and SSL Explicit** (AUTH SSL) mode. Most FTP servers support at least one, while some (such as GlobalSCAPE's Secure FTP Server) support all three.

SSL Settings Page

You can also choose whether to encrypt the entire session or leave the control or data channels in "the clear , i.e. unprotected.

* TLS is currently being submitted to the IESG (Internet Engineering Steering Group) for consideration as a proposed standard for SSL connections.
** SSL Implicit (direct connect via port 990, as defined by the IANA) and SSL Explicit (AUTH SSL) modes were deprecated in draft-murray-auth-ftp-ssl-12.txt. However they are still widely used.
SSL Certificates
SSL relies on certificates to confirm the identity of the server, and in some cases, the identity of the client as well.

CuteFTP includes a full certificate management system, giving you the ability to accept or reject a server's certificate, store accepted certificates in a local database, import and export certificates in the local store, use Window's trusted certificate store for certificate approval, and the ability to create your own "strong" (4096-bit) self-signed certificate set, including a certificate request file (for signing by a Certificate Authority (CA) such as Verisign or Thawte).

Certificate Accept Prompt



HTTPS Sessions
Connect, browse directories and transfer to/from HTTPS sites using the same strong security (SSL) that Internet Explorer/Netscape uses for secure e-commerce transactions. HTTPS sites also rely on certificates to verify that the client is, in fact, communicating with the desired HTTPS server.

HTTPS Session


Secure Shell (SSH2) Sessions
Secure sessions in CuteFTP are not limited to SSL. CuteFTP also supports the increasingly popular SSH2 protocol, specifically, SFTP*.

Selecting SSH2

* CuteFTP Professional supports SFTP, which is a secure service provided by the SSH2 host, in which the server both encrypts the data and handles the file transfer. This should not be confused with FTP over SSH2, in which the SSH2 uses its port forwarding capabilities to forward standard FTP transactions over an encrypted tunnel, with the actual file transfer being handled by a separate (and non-secure) FTP server.
SFTP Configuration Options
CuteFTP gives you vast control over you SFTP session, including choice of encryption ciphers, MAC (Message Authentication Code) types, compression, and authentication* mechanisms to use.

SFTP Configuration Options

*CuteFTP Professional supports both password and public-key authentication, the latter of which is REQUIRED by draft-ietf-secsh-userauth-18.txt. WS_FTP v8 does NOT support public-key authentication.


SFTP Identity Files
Use an identity file supplied by your host or create your own key-pair for authentication. When creating your own identity file, you can choose between RSA and DSS public key formats, key length (up to 4096 bits), and key storage location.

Store trusted server identity files (certificates) in a local database. You can also import or export identity files from your local trusted store.

Creating an Identify Key Pair

 

OpenPGP Encryption and Decryption
CuteFTP Professional uses an open-source encryption (OpenPGP) technology to encrypt data before it is sent to a server or to decrypt data retrieved from a server. OpenPGP uses public keys and private keys. This allows you to give some one your public key, which they can use to encrypt a file. Only you can decrypt the file with your private key. The OpenPGP functionality in CuteFTP Professional lets you:

  • Encrypt files before uploading or decrypt files after downloading.
  • Create OpenPGP keys, key sizes, and select RSA or DSS cryptosystems
  • Import and export OpenPGP keys.


Encrypting and decrypting is handled in the right-click menu.

 


CuteFTP Professional allows you to create OpenPGP keys.

 

 

Secure Login Using OTP
Some situations call for a secure login sequence, but not the securing of subsequent data and control channel transactions. For this case, CuteFTP offers One Time Password (OTP) authentication, a protocol based on Bell Lab's S/Key technology. OTP authentication is accepted by many UNIX and some Window's FTP hosts, including GlobalSCAPE's Secure FTP Server.

OTP Settings



Password Manager
Encrypt your Site Manager (address book) contents using the powerful Blowfish cipher or completely disallow password saving, including URL and Quick Connect history, in-between application sessions. You can also change the default Site Manager and session log storage locations. These policies and features help mitigate the risks of running on a shared or physically unrestricted machine.

Password & Storage Settings Page
Home | Support | Resellers | Jobs | Privacy Policy | Subscribe to our news feeds ©2008 GlobalSCAPE - All Rights Reserved