Security and reliability are the foundation stones on which FastTackFTP is based. The software supports the wide range of security features offered by the SFTP/SSH, SSL/TLS and PGP transfer protocols. To enable this, please specify/configure encryption algorithms/settings, digital certificates and other options on the SSH, SSL and PGP tab. More detailed info on the secure data transfer options follow.
Sometimes users do not know the software installed on their machines well enough to be sure that their system is secure or if their data is protected.
Encryption is performed using cryptographic algorithms. Such algorithms are well known and extensively analyzed by cryptography experts and mathematicians. The strength of such algorithms is time-tested and time-proved. The only secret part of encryption is the key used to encrypt/decrypt data.
The level of protection is determined not only by the encryption algorithm itself, but also by the way the algorithm is used. Internet security protocols, for example, pay special attention to how keys are created and used.
SSL FTPS (File Transfer Protocol using SSL)
Development and growth of the Internet made secure data transfer methods absolutely essential. One of the first technical solutions was the SSL (Secure Socket Layer) protocol. It is wide spread and most Web browsers, FTP-clients, Web servers and hardware systems support it. SSL protocol provides session-level identification and encryption, establishes the client-server channel and ensures data transfer security and privacy by means of encryption.
A simplified work scheme of the SSL protocol can be represented in the following way:
A client sends a greeting message to a server. The message contains the following info: protocol version and encryption methods supported by the client, a random number and a session ID. The server responds with its own greeting message or an error message. A server greeting message is similar to a client message, and "tells" the client which encryption algorithm to use.
After sending a greeting message, a server can send its certificate or a certificate chain (a group of certificates, where all certificates but one are signed by a previous certificate) for identification. Identification is required for key exchange, except when the anonymous Diffie-Hellman algorithm is used. Key exchange can be performed by means of certificates (which
determine the encryption algorithm) when establishing a connection. Usually, X.509.3 format certificates are used. A client receives a public server key, which can be used as a current session key. After a server certificate is sent to the client, the server can request a client certificate.
Then, a successful connection notification message is sent and both sides can start encrypted data transfer.
FastTrackFTP supports SSL 2, SSL 3, TLS 1, and TLS 1.1
FTPS supports two channel protection modes: Explicit and Implicit.
Explicit and Implicit Security
Explicit security mode implies an explicit switch to a secure data transfer mode: the server switches to a secure data transfer mode after a corresponding command is received from the client.
In Implicit security mode, a secure channel is established immediately when connected to an FTP server.
Secure FTP (SFTP), SSH (Secure Shell)
Secure FTP (SFTP) provides safe authorization, integrity and privacy of data transfer using SSH protocols
SSH (Secure Shell) - a data transfer protocol quite similar to SSL, however there are some differences. SSH was originally intended to exchange messages between Unix-based servers and requires identification on both sides. Moreover, SSH supports logical channels over already established sessions and uses so-called "key pairs" (instead of certificates) for identification.
Unlike certificates, key pairs are generated by a client, not by a Certificate Authority. To verify the identity of a key pair, trusted storages are used. Such storages house client/server public keys, and more. Which storages can be trusted and which cannot are determined by a client.