How to access content export SFTP with RSA encryption configured via FileZilla and WinSCP

Accessing SFTP with RSA reduces the risk of unauthorized access to the data in your content export (CE) file. The process below allows a user to configure an RSA public key that can be used to encrypt the CE output file in order to store the files more securely until they're reviewed by a Compliance Officer.

Content export file encryption/decryption

Before this can be done, complete the steps in the Knowledge Article found here on how to configure file encryption/decryption. 


1. From FileZilla, navigate to Site Manager from the File menu (Figure 1):


Figure 1 Site Manager...

Note: Selecting ctrl + s will also take you to this menu.

2. Select New Site and enter a name of your choice. This example uses the name MyPod-Content-Export (Figure 2):


Figure 2 Site name

3. Configure the SFTP details to the right of the Site Name on the General tab. The recommended configuration is below (Table 1):

FileZilla Field Name FileZilla Field Value Comments
Protocol.  SFTP - SSH File Transfer Protocol.  

 SFTP Domain in Figure 3.

Port.  22.

 SFTP Domain in Figure 3.

Logon Type.  Key file.  Select the Key file from
 the drop down menu.

 For example 12345.

 Public Key Info in Figure
Key file.

 For example C:\content-keys\privatekey.pem


 Choose the private key
 that was saved at the
 creation of the RSA 
 encryption. It will
 automatically load the
 path to it.

Table 1 SFTP details


Figure 3 SFTP Information

4. Once completed, select OK to save the configuration. An example is displayed in Figure 4:


Figure 4 Completed SFTP details

5. From Site Manager, select your saved site and select Connect (Figure 5):


Figure 5 Connect

6. The connection to the SFTP server will now be established, allowing the user to download the CE files.


Note: For WinSCP connection, the private key must be in PuTTY format.

Note: The PEM file it will automatically convert to PPK format.

1. From WinSCP, navigate to New Session from the Session menu (Figure 6):


Figure 6 New Session...

Note: Selecting ctrl + n will also take you to this menu.

2. A login details page will be displayed. If no existing session is stored, this will default to a new site. However, if there are other existing sessions stored, the user will need to select New Site and set up the configuration. The user must now configure the SFTP details. The recommended configuration is below (Table 2):

WinSCP Field Name WinSCP Field Value Comments
File Protocol.  SFTP.  SSH File Transfer
Host.  SFTP Domain in Figure 7.
Port.  22.

 SFTP Port in Figure 7.


 For example 12345.

 Public Key Info in Figure
Password.  -  Leave this empty.

Table 2 SFTP details


Figure 7 SFTP Information

3. Once completed, select Save to save the configuration. An example is displayed in Figure 8:


Figure 8 Completed SFTP details

4. Select Advanced... and in the following window, select Authentication from the SSH menu, then select the three dot menu in the Private key file section (Figure 9):


Figure 9 Authentication

5. If the user generated their own RSA key pair, choose the PPK file. If not, add the PEM file as this will be converted automatically.

If the PEM file is selected, the user will see a popup window asking whether to convert the OpenSSH private key to PuTTy format. Select OK to continue to save the newly formatted file.

In doing so, the process will ask the user to save the converted PuTTy format file in the same folder location. Name the file putty_privatekey.ppk so the user can identify which key this belongs to and then save it (Figure 10):


Figure 10 PPK file

Note: If the PEM file was selected, confirmation will be displayed stating the key was converted and saved to the file name specified in the directory (Figure 11):


Figure 11 Confirmation

6. Once the key has been added/generated, select OK (Figure 12):


Figure 12 Private key file

7. Select Save, set the Site name to be MyPod-Content-Export and select OK (Figure 13):


Figure 13 Save session as site

8. Confirmation that the configuration has been saved and is ready for use will be displayed (Figure 14):


Figure 14 Final configuration

9. When the user wishes to connect to the SFTP server to download the CE files in future, select the saved configuration, in this example, MyPod-Content-Export, and select Login.

For further assistance with CE and SFTP/RSA encryption, please contact Symphony Support at