Robo-FTP User's Guide > Appendix > Security > Connecting to Secure Sites

Common data transfer methods emphasize speed at the expense of security. When you use regular FTP or HTTP over the Internet, you are using an insecure file transfer protocol over an insecure network. Files transferred in this environment are subject to unauthorized access, modification and disclosure.

Imagine that you need to make an important payment to a company in another city. Sending paper currency through the standard postal service mail would be a poor choice because your money might be lost, delivered to the wrong recipient or stolen by a thief. A clever thief might take only a portion of the money, leaving the remainder to be delivered as an underpayment. A particularly shrewd thief might even modify the envelope or attached payment form thereby causing the recipient company to credit his account instead of yours.

Just as a mailed letter passes through many hands prior to delivery, messages sent from your computer pass through many other computers before reaching the intended destination. You should not send important data over unsecured connections for the same reason you don't send cash through the mail: it requires trusting the honesty and competency of multiple strangers.

Secure connections sacrifice speed for security. A secure connection guarantees that your message is received by the intended site, that it can only be read by the intended site, and that it has not been altered in transit. Some secure connections also provide a method for the recipient site to verify that a message was actually sent by you rather than someone pretending to be you.

Cryptography

Cryptography is an essential element of secure network connections. Traditional encryption techniques rely on a shared secret used first by the sender to scramble a message and then reversed by the recipient to unscramble it. Since the same secret "key" is used to scramble and unscramble messages, anyone who knows the secret can use it to send or read any encoded message. This creates a sort of chick-or-egg problem: you don't want to communicate the secret key to the intended recipient across an unsecured network but if you had an acceptable method of communicating the secret key, couldn't you simply use that method to transfer your other data?

Modern encryption techniques use asynchronous encryption keys to avoid the problem of communicating a secret key across an unsecured network. A complex mathematical relationship exists between a pair of asynchronous keys such that data scrambled with one key can only be unscrambled by the other and vice versa. Public key encryption calls for one key in an asynchronous pair to be made public and the other to be held private. This technique offers significant improvements in the areas of confidentiality and authentication.

Anyone wishing to send a confidential message can use the recipient's public key to encrypt it and be confident that, even if it falls into the wrong hands, only the intended recipient will have the private key able to decrypt it. Conversely, a private key may be used for digital signatures because messages encrypted with a private key can only be decrypted with the associated public key, thereby authenticating the sender as the true source of the message.

Secure Connections

Transport Layer Security (TLS) and Secure Shell (SSH) are two standard types of secure connections that use public key encryption. Robo-FTP supports FTPS and HTTPS data transfers over TLS connections and SFTP transfers over SSH. Comparable encryption is provided by both standards but TLS goes further by encapsulating the public key along with other identifying information into special files known as certificates. TLS also suggests policies and procedures to create, manage, distribute, use, store, and revoke the certificates. The specific security method is dictated by the remote site so Robo-FTP supports both TLS and SSH to be compatible with as many servers as possible.

When negotiating a secure connection, Robo-FTP automatically downloads the necessary encryption details from the remote server. In the case of TLS it downloads the remote host's certificate, in the case of SSH it downloads the host's public key. The first time you connect to any particular secure site you must decide if you trust the server's certificate or key. If you trust the server's credentials, Robo-FTP stores a copy of them for future use. On subsequent connection attempts, Robo-FTP compares the site's current credentials to the trusted copies and automatically connects if the credentials match.

Every type of secure connection supported by Robo-FTP requires that you trust the remote server but some sites require more than a simple username and password before they trust you. In these situations you can configure Robo-FTP to upload your personal client certificate or public key. You can use the Robo-FTP Configurator to define default credentials to use with all secure sites or set specific personal credentials for each managed site. The Configurator also contains tools which allow you to generate your own client certificates or SSH keys.