Documentation
Encrypt files before upload
Introduction
Uploading a file on Rapid4Cloud is safe and secure. However, if you want to add another layer of security, you can encrypt the files before the upload.
You will need to have at least OpenSSL 1.1.1 (version 3 recommended) on you computer to be able to run the below commands.
IMPORTANT Only RAPIDUpgrade supports this feature.
Access to the public key
You can access the public key assigned to your company directly from your profile.
Click on Download to download the public key.
Encrypt a file
The file that you want to upload can be very large. You will need to use a random string to encrypt the file(s) and then encrypt this string with the public key.
- Generate a random string (single line), you are free to change the algorythm, and save it into a file (ex: KEY.bin).
openssl rand -base64 32 > KEY.bin
- Encrypt the file (ex: ARCHIVE.zip) into a new file (ex: ARCHIVE_ENCRYPTED.zip) using the previous file (ex: KEY.bin).
openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -salt -in ARCHIVE.zip -out ARCHIVE_ENCRYPTED.zip -pass file:./KEY.bin
- Finally, encrypt the random string file (ex: KEY.bin) with the public key downloaded previously (PUBLIC_KEY.pem).
openssl pkeyutl -encrypt -inkey PUBLIC_KEY.pem -pubin -in KEY.bin -out KEY_ENCRYPTED.bin -pkeyopt rsa_padding_mode:oaep
Now, you can upload the encrypted file(s) with the encrypted random string (ex: ARCHIVE_ENCRYPTED.zip and KEY_ENCRYPTED.bin).
Request a new key pair
By default, only 1 key pair can be used per company.
If you need to use a new public key, please contact our support. Once a new public key has been generated, any encrypted files submitted using the previous public key will not be able to be decrypted by our processes, and the jobs may fail. Therefore, it is recommended to wait for all jobs to be completed before to request a new public key.