FTP Commander Deluxe


FTP (File Transfer Protocol) was first used in Unix systems a long time ago to copy and move shared files. With the development of the Internet, FTP became widely used to upload and download online data, especially to post websites on ISP servers.


After installing FTP Commander Deluxe, the icon with the program name appears on the desktop. When you run the program, you will see the list of local disks (on the left) and the list of FTP-servers to which you can connect (on the right). Above the lists, there is the main toolbar. Working with FTP Commander Deluxe is as easy as working with common disk windows. To add a new server connection profile, please click on the "New Server" button. You can click "Properties" to edit existing FTP server profiles.

After you download the program two split window panels will appear on your screen. These two main panels can be described as follows:

  • On the right hand panel- "Remote FTP Servers", which contains a list of pre-configured FTP servers;
  • On the left hand panel - "Local Computer", which contains a list of files and folders in the local computer. Each of these panels contains a context-sensitive menu which performs a number of system-related tasks and functions. The menu can be called up by right-clicking the mouse. The upper part of the window displays the main program menu and three keys: "Connect", "Disconnect" and "Abort".
  • FTP Commander Deluxe allows you to create as many connections as desired. To connect to an FTP-server, just click the "Connect" button.

    After clicking "Connect" the program will attempt to connect your computer with a computer which is on a web-based FTP server. After the command is executed and the connection is established a list of files and folder will be displayed on the remote FTP server. The keys "Disconnect" and "Abort Transfer" allow you to log off the server, break off the connection or interrupt data transfer.
    Now you will see that the screen is divided into three parts: the bottom window displays all the actions, on the left you will see the current FTP-server content, and on the right, you will see your local hard drive. By sight, an FTP-server looks exactly like your local hard drive looks in windows explorer. Generally, working with an FTP-server is just like working with a network drive.

    At the bottom of the screen, the status bar includes status information, such as successful connection to an FTP-server, file transfer progress and sessions established.

    To transfer files use the following menu items: 
    • Upload the files you have selected onto the FTP server; 
    • Download the files you have selected to the local computer; 
    or click on program button with arrows.
    Your access to network drives can often be limited or restricted.

    To create a new directory, please click MakeDir.

    After files are uploaded to a web server, your visitors can access them using a web browser. If a file was uploaded to the server and it is not visible in a browser, please try clicking on the browser's "Refresh" or "Reload" buttons. If this didn't help, try clearing the browser cache.

    If FTP is unavailable for some reasons, please check your firewall settings. Perhaps your firewall is configured in such a way that you can only use your web browser.

    FTP server connection and program setting
    When you call up "Connection" the main program menu will appear on your screen:
    The first three items are used to connect with or disconnect from FTP servers. The same commands can be performed using the 3 buttons: "Connect" "Disconnect" or "Stop Transfer". After the connection is established, the "Connection" button will switch off and "Disconnect" will light up. If for some reason the connection is broken off, "Stop Transfer" will light up after which the program will give up trying to establish a connection. The menu item " Create new window " allows you to run a second copy of the program in another window. This will be very useful if you need to interact simultaneously with several ftp servers (transferring, deleting files, etc.).

    Another session/window of FTP Commander Deluxe will be started when you select this menu item.

    Data transfer display. Stop transfers.

    The lower panel contains several tabs. The first tab shows all messages transmitted from a server to the application, and from the application to a server. If writing to the log file is enabled, you will also find those messages (as well as the list of opened sessions) recorded in the text file.

    The "Progress" panel displays all file transfer processes.

    The columns also display the following:

    - File name
    - File size
    - Transfer direction
    - Progress bar
    - Connection speed
    - Download start time

    The last lower tab displays the list of all executed tasks and their status.

    Read the section Preferences on how to configure the program.

    Performing file operations on local computers
    When you call up the menu item "Local Computer" the local menu will appear on your screen. The menu shows you how to perform file operations on your local computer. This section contains the following menu items.
    You can also select menu items by clicking the right mouse key. Find the files you need from the list of directories shown in the window "Local Computer", then click on the appropriate menu items.

    To select files use the following keys (which should be pressed simultaneously, not separately):

    Let's now return to our description of the local menu items.

    Upload selected files to an FTP server

    The option "Upload selected files to FTP server" allows you to transfer files to a remote FTP server. To do this, select the files in a local computer you would like to copy. First of all you need to make a connection with an FTP server. Then highlight the folder in the FTP server you would like to upload.
    The transfer interface window shows what percentage of files has already been uploaded or downloaded.
    New Directory
    This command allows you to create a folder in a local computer. After you enter the name the new folder will appear on the right-hand panel of your local computer.
    Remove Directory
    The Remove command helps you to remove folders from local computers. To do this, select the folders you want to delete, then select this option. You will be prompted as to whether or not you're sure you want to delete. If you answer yes, the folders are removed from the server. Deletions can be performed using the "Select" menu item or standard command sequences (shift, ctrl, etc.).
    Rename File
    The rename command allows you to change the name of a file or folder in local computers. It works as follows:
        1. Go into the folder and find the file you need;
        2. Select the file you want to rename using the left mouse key;
        3. Select the menu item "Rename";
        4. Enter the new file name in the "Rename" window.
    One file at a time can be renamed this way.

    Sort Files

    You can sort files by name, size or date. Selecting "by name" will display a list of files in alphabetic order. "By size" displays files in increasing or decreasing order. Sorting files "By date" gives you a chronological listing. You can also perform sorting operations by clicking on the mouse in the appropriate column of the table, which will display file properties (see item "View file as table").
    Select Files
      The "Select" option allows you to highlight the files located in one or more directories for deletion, dowloading to an FTP server, etc.). The following options are available: "Select all", "Unselect", "Select using filter mask" and "Invert selection". The following files can also be used to highlight files:
    The Change case option lets you modify the file register in the window of a local computer. By selecting "Upper case" file names will appear in capital letters and small letters, if you opt for "Lower case". If you select "As in sentence" file names will be written the way they normally appear in a sentence. In order to change the way files look in directories you should click on "Select all".
    When you select the "Filter" option the filter window appears on your screen, in which you can perform a filter operation through any mask to display the files you have assigned to the local computer directory.
    For example, enter *.htm in the mask and only htm designated files will be called up.
    View in text format
    The file you select will be viewed in simple text editor.
    Run program
    Select this command on the left hand panel to launch this application (usually used for *.exe files).
    Carriage Return
    FTP Commander Deluxe allows you to change "Carriage Return" for desired files so that the binary transfer mode could be used instead of ASCII when sending the files. To do this, please select files on the local computer and click "Carriage Return" in the main menu.

    Thus, you can set a desired carriage return (in scripts) before uploading data to a server. The point is that if your scripts contain text of various encodings or special characters, you won't be able to use the ASCII transfer mode. In this case, it is recommended that you use the Binary transfer mode and the "Carriage Return" editor.

    The last local menu item, " Font," is used to modify the size, color and properties of character types shown in a local computer window. When you choose this option the "Select font" window appear on your screen. There you can substitute one font with another, choose a different color or font properties (bond or underline) and check corrections in the "Sample" Field.
    Performing operations on remote FTP servers
    This section of the program contains the following menu items:
      It should be noted that this menu is intended for operations performed in the window "Remote FTP servers", which means that many items in this menu will only be available after connecting to a remote server. File operations performed on the remote server are the same as those in local computers.
    We will describe in details only those items which are not discussed in the section on file operations performed in local computers.
    Connection properties

    Create new FTP server

    This item allows you to set up and save connection configurations every time you select a new remote server profile.

    To create a profile, please fill out the fields described below.

    After you select this option "New ftp properties" will appear on your screen with empty fields which should then be filled in.

    Profile Name: enter a desired profile name, "My Web Site", for example. Using profiles, you won't need to enter the same server settings each time you'd like to connect to the server.

    Host Name/Address: enter a remote computer address, ftp.microsoft.com, for example. Usually it will be your domain name.

    Give the server's FTP port here.

    The default settings are: FTP, port 21. In some cases you might need to choose a corresponding FTP-server response type.

    Response Type: for most servers you can use "Default". If file size, date and file names are displayed incorrectly, please try another type, say, Microsoft FTP v.5.0.

    Different servers have a different response structure for lists of folders and the files located inside them.

    While the program is preconfigured for the vast majority of servers, there may be cases where a remote server is structured differently. You can look at these file structures by selecting "Text format". Then you need to configure the response format in "Custom" mode. The word number is given in the response.

    For example, let's assume that a word with number 9 is assigned the value "File name". Microsoft FTP ver. 4.0 is a special configuration for Microsoft version 4.0 ftp servers. In "Text format" you can only see the format of files on the server download files from a local computer but you will not have any local menu options for the FTP server. For virtually all servers we recommend using the "Default" response type.

    User ID: a login name for this server. "anonymous", for example.

    Password: a password, which is used with the login name specified in the "User ID" field. For the "anonymous" username, this should be text which contains "@".

    Account Comment: these fields are usually blank. This field does not have to be filled in for most servers. Skip it unless you have relevant data.

    Other connection profile settings
    List Options:
    - Show Hidden Files
    - Force Long Format
    - Recursive
    - Resolve Links
    - Complete Time
    - Use "|" as the Option Delimiter
    - Use Relative Names
    Initial folders

    Here you can set a starting directory which will be automatically opened when connected to a local or remote computer server.

    This field should be filled in for anonymous connections. In this case you should highlight "Anonymous connection".

    Allows you to make notes.

    Hide password
    In this case someone next to you computer will not be able to see your password. This is a handy option in Internet cafes or classrooms.

    Passive mode
    Click on this option if you need to run in passive mode to access your server. This is usually necessary when you work through a proxy server. When selecting this option enter a check mark ?, and remove in when you exit passive mode.

    Initial directory
    When you connect to a server the program will immediately display the initial directories available on the local and remote computer. This allows you to avoid clicking on the mouse every time you want to move to a different file.

    After filling in the requested window fields and entering the data required on the new server and user, make sure you save all this information.

    Time Zone

    To make file comparison easier, you can set up a time zone (since your FTP-server can be located in other country or on other continent).

    Secure Channels

    By default, the FTP-protocol is used, however FTP Commander Deluxe also supports other protocols. Please contact your system administrator to check which other protocols are supported by your server: FTP, TLS/SSL Implicit or Explicit, SFTP/SSH2 and a connection port.

    After everything is configured, click "Save".
    If FTP Commander Deluxe failed to connect to a server (nothing is displayed in the right window), you can try to connect to one of the test-servers, which are initially present in the program. If FTP Commander Deluxe failed to connect to a test FTP-server, please check if the program has not been blocked by a built-in firewall. Please check if you have Zone Alarm, Internet Security, anti-virus

    utilities (etc.) running. If one or more of the these are running, you need to configure them. By default, such applications block FTP-ports and do not allow any applications to connect to the Internet until added to their white list.

    Please also check the "Properties", "Preferences/General" and "Preferences/Proxy" tabs.

    Please set up the following:

    1. Remote Port: specify a remote server port. By default, it is port 21. If a server uses some other port, this is usually mentioned in the server's info. For example, if you need to connect to ftp.yoursite.com:22, please specify "22" in the "Remote Port" field.

    2. Passive Transfers: please try both options. Usually, if you are behind a firewall, the passive mode is required.

    3. Connection Retry: the number of tries to connect to an FTP-server.

    4. Default Time out: the time FTP Commander Deluxe waits for a reply from an FTP-server.

    If you use a proxy-server, please specify the corresponding proxy-server settings. If you do not use a proxy-server, please select "Direct Connection" on the "Firewall" tab. If a connection to the FTP-server has not been established, please check your Internet connection or contact your system administrator.

    OK, FTP Commander Deluxe is now connected to the FTP-server. In the right window, the contents of the remote computer should be displayed. You can open directories by clicking on them. Generally, the toolbar on the left relates to the local computer, the toolbar on the right, to the remote computer (FTP-server). To transfer a file from an FTP-server to the local computer, please select it with the mouse cursor and click the corresponding arrow (Shift and Ctrl can be used to select multiple files). You can use the "View" and "Run" buttons to view the selected file in a text editor or launch it if it is an .exe or .com file. Use the "Delete", "Refresh" or "Disconnect" buttons to delete selected files, refresh the file list or disconnect from the server.

    NOTE: files and HTML-documents should be transferred in the binary mode.

    Server properties
    In this menu item you should fill in or edit the same fields that were requested when you added on a new server. Using this key, for example, you can view or change your password, or edit other fields described in the previous item.
    The program is error-sensitive and automatically corrects mistakes made by users. Other programs tend to use different input and setting formats to access the FTP server. FTP Commander Pro was designed to be smart and sensible software. It will enter the right address even if you attempt to connect using any one of the following formats.
    [email protected]/folder
    ftp://[email protected]:port/folder
    ftp://[email protected]:port/folder
    ftp://[email protected]
    ftp://[email protected]:port
    For example, if you make a mistake and enter a blank space in the address, the program will automatically remove it from the address, as well as any other inadmissible symbols, and will correct the address while the connection is in progress.
    Remote server operations
    Download selected files to a local server
    This option makes it possible for you to download the files you have selected from the remote FTP server to your own PC. Once you have established a connection with the server you can download as many directories, including subdirectories, as you wish.
    New directory
    This option allows you to create new folders in FTP servers.
    Change directory
    Sometimes directories in a server can be hidden by the internet service provider or not displayed on the right had panels of the program. For this reason the Change directory option can be a useful item.
    This item helps you delete any unnecessary files, folders or servers. To execute this operation go into "Remote FTP Servers" and select the files, folders or servers you wish to eliminate, then press "Delete" in the local menu of the FTP server.
    The Rename function allows you to rename any file or folder on an FTP server.
    Files attributes on a server /the CHMODE command
    Select a group of files on a server and open the "File Attributes" menu. There you can specify a code or configure permission options. It is also possible to edit file attributes manually. To do this, please manually enter "SITE CHMOD 755 filename.htm", where filename.htm is your file name, 755 - the chmod code.

    This option lets you view the properties of the server files you're interested in. For example, to execute CGI or other scripts (cgi-script) you'll have to reconfigure the access attributes to files or folders.

    You can sort files in three modes: "By name", "By size" and "By date".
    The "Select" option allows you to highlight all the files that are in a certain folder.

               This menu item allows you to view a list of files. It consists of "Large icons", "List" and "Itemized table".

    Change Case

    This item lets you change the case of files displayed in the window of a remote FTP server.
    When you select "Filter" a window appears on your screen where you can filter any file through the folder you have assigned to the remote FTP server. For example, you can enter *.htm.
    Here you can rearrange the size, color and properties of font in the FTP server.
    Custom commands
    All program operations basically involve performing various commands on a remote server. The same commands can be given manually on the FTP server. These commands can be saved on a list of custom commands. Such a list will come in handy if your server supports custom commands not available in the program.
    FTP Commander Deluxe features a flexible custom commands editor. Please note that different servers might support different commands. Therefore, please contact your server administrator to check the supported commands list for your particular server.

    You can add new commands and customize variable as necessary.

    You can find the list of variables, examples of commands and their syntax in the editor window on the right.

    After selecting this menu "Commands" and "Do it (Execute)" will appear in the lower part of the Remote FTP Servers" window. By pressing the "Commands" key, the "Custom Commands" will appear in the upper left part of the window. A few basic commands are already in place. You can then add or delete as many custom commands as you like.

    To add and save on commands you should first click on the "Select" button with the mouse. The command you have selected will then be displayed in the field next to the "Do it (Execute)" button. Click it to execute the operation you have selected.
    After you have finished the custom command task, select the same "Custom command" menu item to remove "Commands" and "Execute" from the window panel.
    Compare directories
    This item allows you to compare directories to highlight modified and new files.
    Directories synchronization
    Here you can set a local directory and a path on the server to synchronize directories and subdirectories.

    Synchronization type:

  • Create a mirror of a local disk
  • Create a mirror of a remote disk
  • In both directions (leave the most recent files)
  • Then please configure the following settings:
  • Include subdirectories
  • Ignore links (they are not files)
  • Delete files which do not exist in the source-directory
  • Always confirm deletion.
  • If a file already exists:
  • Skip
  • Rewrite
  • Resume
  • Rename
  • Ask user
  • Please also set exceptions, i.e. enter the file names which should be excluded when synchronizing.
    You can save your new settings and use them later.
    File compression/decompression
    Please use the special main menu items to compress/decompress files or transfer files with automatic compression/decompression. FTP Commander Deluxe can create gzip-compatible files.
    In the main menu there are options which allow you to encrypt and sign files using PGP.
    To run the scheduler, please select the "Scheduler" menu item. You can configure the scheduler so that the program will perform all desired actions immediately, or put them in a queue and execute them later, when you specify all desired actions. After a file upload/download is complete, FTP Commander Deluxe can automatically disconnect from a server, go offline, shut itself down, shut down the computer or end the current user session.

    If you often update files on your server, you might find the content compare feature useful. This allows you to compare remote and local directories.

    Using the scheduler, you can set the order of file processing (uploading/downloading) and specify days of the week on which the program should perform specified actions.

    The built-in scheduler can do all the night work while you are sleeping.

    Preferences allows you to assign the general settings that are to be used in running the program.

    Before starting to work with FTP Commander Deluxe, please have a look at the wide range of preferences offered.

    After clicking on "Preferences", you can access the following sections: "Connection", "Transfer", "Security" and "Display".

    On the "Connection" page you can enter the default Email address you would like to use for anonymous connections, and also use the upper and lower arrows to select "Time out" (in seconds), which limits the time duration each connection to the server will be attempted as well as the number of retries you would like to configure.
    In the "General" section, please configure the general settings: "Time Out", "Multi-Session", and "Port modes".
    FTP Commander Deluxe supports the multi-session mode. You can set the number of sessions so that the program uses multiple connections when simultaneously transferring multiple files. It is also possible to browse the site when downloading/uploading files.
    Proxy / Firewall
    If you connect to the Internet using a proxy-server, please configure the following options: Proxy, Firewall, Sockets 4/4A/5.
    If you have to work on large corporate networks these configurations may be required. To set them up fill in the fields to the left of the type you have selected: then enter the description of the server ("Server"), the port you will be using ("Port") and the "Password" you will be using. To enter the password in hidden format, click "Masked Password".
    By selecting "Direct" you will get a direct connection and no other fields will have to be filled in, as default values are applied.
    Keep Alive (Keep connection)
    This feature allows you to trick an FTP-server and keep the connection alive while you are not working with the program.
    Servers usually break off a connection automatically when the user is inactive for more than a specified period of time. The program includes a command that allows you to "keep connection," which means that retention prompts are periodically generated to maintain the connection.
    Click on the option "Activate keep connection" and then you can assign the time (in seconds) between commands. The menu option "Interval between commands" will light up. On the right is a list of commands which can be used to keep the server connection up and running. You can add or delete any command on your list.
    Check the "Enable Log" checkbox to ensure that all actions performed by the application will be recorded to the .log text file.
    The log is an option that can record all the FTP commands you perform. To activate the log, click on the check mark in the field "Enable log", then enter the name of the file where you would like to save the log.
    There are four sections: "ASCII/Binary", "Smart Transfer", "Rename Rules" and "Events".


    The next page "Ascii / Binary" established the file transfer type: "Auto - detect", "Ascii", "Binary" and a list of file extensions for which Ascii transfer will be used. You can change the list using the following keys: "Add", "Modify" and "Delete", which are also located in the right part of the window. You can choose either the ASCII or Binary transfer mode depending on the files extension.
    Smart Transfer
    Using this feature you can set "smart" rules for files re-writing. For example, the program can check for the following file info:
    - Creation time
    - Size
    - The ability to ignore files which have zero size
    - Transfer Direction
    Rule execution algorithm:
    - Skip
    - Re-write
    - Resume
    - Rename
    - Ask user
    Files size and checksum verification can be performed after file transfer to make sure that the data has been successfully transferred.
    File renaming rules
    This feature allows you to set a file names/extensions change order when transferring files to/from a server.
    Please add a new rule and set a mask, for example: *.htm -> *.html.
    You can also set a case change order by checking the "Case Sensitive" option.
    Events & Actions
    Here, you can choose actions which should be executed after uploading/downloading data to/from a server.
    Actions available:
  • Disconnect from site
  • Disconnect from site and close the application
  • Shut down computer
  • If an error occurs, FTP Commander Deluxe can:
  • Try again
  • Disconnect from site and try again
  • Disconnect from site
  • Security
    There are 3 sections: "SSH", "SSL", "PGP".
    Secure FTP (SFTP) provides safe authorization, integrity and privacy of data transfer using SSH protocols

    SSH (Secure Shell) - a data transfer protocol quite similar to SSL, however there are some differences. SSH was originally intended to exchange messages between Unix-based servers and requires identification on both sides. Moreover, SSH supports logical channels over already established sessions and uses so-called "key pairs" (instead of certificates) for identification.

    Unlike certificates, key pairs are generated by a client, not by a Certificate Authority. To verify the identity of a key pair, trusted storages are used. Such storages house client/server public keys, and more. Which storages can be trusted and which cannot are determined by a client.

    Development and growth of the Internet made secure data transfer methods absolutely essential. One of the first technical solutions was the SSL (Secure Socket Layer) protocol. It is wide spread and most Web browsers, FTP-clients, Web servers and hardware systems support it. SSL protocol provides session-level identification and encryption, establishes the client-server channel and ensures data transfer security and privacy by means of encryption.

    FTP Commander Deluxe supports SSL 2, SSL 3, TLS 1, and TLS 1.1

    FTPS supports two channel protection modes: Explicit and Implicit.

    Explicit and Implicit Security

    Explicit security mode implies an explicit switch to a secure data transfer mode: the server switches to a secure data transfer mode after a corresponding command is received from the client.

    In Implicit security mode, a secure channel is established immediately when connected to an FTP server.

    PGP was originally created as a program to encrypt mail and files. Later it evolved into an open standard, which utilizes flexible decentralized key management and advanced encryption, signing and encryption functionality.
    In the main menu there are options which allow you to encrypt and sign files using PGP.
    This item allows you to configure the "Initial directory" when you download the program, and chose the "Font" you want to use in the program. Default confirmation: this is useful when you're interacting with a server on which you upload or download information.
    For example, if you check the box "Overwrite confirmation - Download", every time you perform a download operation you will be queried about whether you wish to proceed or not.
    "Overwrite confirmation - Upload" also asks you to confirm uploads from your server to the server. If you don't want to give confirmation every time, then all you have to do is make a default confirmation setting. The program will execute by default any command selected in the fields "Skip", "Overwrite" or "Resume".
    After you have entered all the appropriate properties and filled in all the requisite fields, you can either save these configurations by pressing the "Save" button or discard them by pressing "Cancel".
    General interface settings
    Set a start directory which will be opened on program startup, an interface font, and the special option which determines the program's main window position, size and column width. Save layout: saves current columns width and file list display settings (file name, date, size, accessed date and time, etc.)

    Please specify if the program should display icons associated with a file.. You can configure the file list settings as desired: enable multicolored icons or just show plain folders.

    Prompt Sounds Date format setup
    Different countries use different date format, therefore FTP Commander Deluxe offers you a choice between the European (DD/MM/YYYY) and American (MM/DD/YYYY) date format.
    Error correcting
    The software automatically recognizes formats and corrects user errors when he/she enters an address.
    Here, you can configure file list settings/formats.
    Language Settings
    The program allows you to change the program's interface language. To translate the interface to a desired language, please copy the contents of the language.lan file to the yourlanguage.lan file and translate the text inside to a desired language.
    HTML Editor
    FTP Commander Deluxe features a built-in simple text editor.    There are two buttons: "Run" and "Edit". Click on Run to launch the default application associated with the current file type. By default, clicking on Edit launches the built-in text editor, however the program also allows you to set any other text editor as the default. You can edit files directly on a server using the simple built-in text editor.

    Security and reliability are the foundation stones on which FTP Commander Deluxe is based. The software supports the wide range of security features offered by the SFTP/SSH, SSL/TLS and PGP transfer protocols. To enable this, please specify/configure encryption algorithms/settings, digital certificates and other options on the SSH, SSL and PGP tab. More detailed info on the secure data transfer options follow.

    Sometimes users do not know the software installed on their machines well enough to be sure that their system is secure or if their data is protected.

    Encryption is performed using cryptographic algorithms. Such algorithms are well known and extensively analyzed by cryptography experts and mathematicians. The strength of such algorithms is time-tested and time-proved. The only secret part of encryption is the key used to encrypt/decrypt data.

    The level of protection is determined not only by the encryption algorithm itself, but also by the way the algorithm is used. Internet security protocols, for example, pay special attention to how keys are created and used.

    SSL. FTPS (File Transfer Protocol using SSL)
    Development and growth of the Internet made secure data transfer methods absolutely essential. One of the first technical solutions was the SSL (Secure Socket Layer) protocol. It is wide spread and most Web browsers, FTP-clients, Web servers and hardware systems support it. SSL protocol provides session-level identification and encryption, establishes the client-server channel and ensures data transfer security and privacy by means of encryption.

    A simplified work scheme of the SSL protocol can be represented in the following way:

    A client sends a greeting message to a server. The message contains the following info: protocol version and encryption methods supported by the client, a random number and a session ID. The server responds with its own greeting message or an error message. A server greeting message is similar to a client message, and "tells" the client which encryption algorithm to use.

    After sending a greeting message, a server can send its certificate or a certificate chain (a group of certificates, where all certificates but one are signed by a previous certificate) for identification. Identification is required for key exchange, except when the anonymous Diffie-Hellman algorithm is used. Key exchange can be performed by means of certificates (which

    determine the encryption algorithm) when establishing a connection. Usually, X.509.3 format certificates are used. A client receives a public server key, which can be used as a current session key. After a server certificate is sent to the client, the server can request a client certificate.

    Then, a successful connection notification message is sent and both sides can start encrypted data transfer.

    FTP Commander Deluxe supports SSL 2, SSL 3, TLS 1, and TLS 1.1

    FTPS supports two channel protection modes: Explicit and Implicit.

    Explicit and Implicit Security
    Explicit security mode implies an explicit switch to a secure data transfer mode: the server switches to a secure data transfer mode after a corresponding command is received from the client.

    In Implicit security mode, a secure channel is established immediately when connected to an FTP server.

    Secure FTP (SFTP), SSH (Secure Shell)
    Secure FTP (SFTP) provides safe authorization, integrity and privacy of data transfer using SSH protocols

    SSH (Secure Shell) - a data transfer protocol quite similar to SSL, however there are some differences. SSH was originally intended to exchange messages between Unix-based servers and requires identification on both sides. Moreover, SSH supports logical channels over already established sessions and uses so-called "key pairs" (instead of certificates) for identification.

    Unlike certificates, key pairs are generated by a client, not by a Certificate Authority. To verify the identity of a key pair, trusted storages are used. Such storages house client/server public keys, and more. Which storages can be trusted and which cannot are determined by a client.

    Symmetric encryption algorithms
    In symmetric encryption, the same algorithm and key are used when encrypting and decrypting data. That's why it's called "symmetric". Another name of the method is "secret key cryptography".

    Let's assume you'd like to protect some sensitive data from unauthorized access. You could use special software and encrypt your data with a popular encryption algorithm and get an encrypted file and a byte chain (key). As a rule, a key is rather small and can be represented as plain text. You should simply keep the key in a safe place. Now, even if an unwanted person gets access to your data, that person won't be able to decrypt it without the key. To decrypt the data, you need the encryption utility itself and the encrypted file and key.

    The advantage of symmetric encryption is that you need to keep secure only a key, but not the whole data. The key size does not depend on the size of the data encrypted. Despite its advantages, the method becomes useless if the data is sent over insecure (open) channels. The recipient needs the key to decrypt the data. However if you send the key over the same insecure

    channels as you send the data, everyone who can intercept the data can intercept the key as well, thus, encrypting of the data becomes useless. If you have a secure channel to send the key, you might as well use it to send the unencrypted data, thus, again, there is no need for data encryption. That is why special key exchange algorithms were invented. We will get back to this later.

    Key generation
    Since almost any byte chain can be used as a key (the length of the chain must meet the requirements of the algorithm used), random-number generators are used to generate keys. The main goal of a random-number generator is to create a unique key, since security depends greatly on key uniqueness. The best key generator is a generator for which it is difficult (almost impossible) to guess what number (key) will be generated next. Special statistic random sequence tests are used to check the security level of random-number generators.
    Pseudo-random-number generator
    There are two stages in a pseudo-random numbers generation process. In the first stage, a generator obtains some variable which changes with time, say, system time, a mouse cursor position, etc. In the second stage, a generator performs a digital function and a hash function. As a result, a byte chain is created (on the basis of original variables).. If the same variables are used twice, we will get the same two hash function results. However, if at least one bit in the input variables is different, we get two completely different results.

    However, such variables as system time or a mouse cursor position can be easily calculated or guessed. Such data cannot be considered random without further processing.. That is why the second stage is necessary.

    Not every hash algorithm is suitable for cryptography. Nowadays, there are several popular hash algorithms. Some of them are described below.

    After several unsuccessful tries (MD3 and MD4) to improve the MD2 algorithm, Ronald Rivest developed the MD5 algorithm which became very popular. It is faster and more secure than MD2 and generates a 128-bit random sequence.
    The SHA-1 algorithm is similar to MD5, but has improved internal structure and generates a longer (160-bit) random sequence. It has been approved by cryptology experts and is recommended for use. FTP Commander Deluxe supports SHA1_96, MD5 and MD5_96.

    Block encryption and stream encryption in symmetric algorithms. Now you already know how keys are generated and how your data is prepared for encryption. When data is encrypted using symmetric algorithms, the following encryption methods are used: block encryption and stream encryption.

    Block encryption
    In the case of block encryption, data is divided into blocks of equal length and every block is separately encrypted using the same key. If the data cannot be divided into equal blocks, the last block will be enlarged to the required size. In thte case of block encryption, if the same data is encrypted with the same key several times, the encryption results are identical.
    Stream encryption
    Unlike block encryption, in the case of stream encryption, every byte is encrypted separately. Pseudo-random numbers which are generated on the basis of the key are used for encryption. The encryption result for each byte depends on the encryption result of a previous byte. This method features high performance and is used to encrypt data sent over communication channels.
    Popular symmetric algorithms


    RC5 uses stream encryption. RC5 is used in the SSL protocol.
    DES (Digital Encryption Standard)
    DES uses block encryption and a 56-bit key. It was developed by IBM and the NSA (National Security Agency) of the USA in the late seventies. Electronic Frontier Foundation cracked the key and decrypted the text encrypted with DES in less than 24 hours in 1999.
    Triple DES
    Triple DES has replaced DES. It uses block encryption. The basic algorithmic principles have not changed, however in Triple DES data blocks are encrypted with three different keys. Thus, Triple DES uses a 168-bit key. Later, a vulnerability lessened the time required to crack a 168-bit key to the time required to crack a 108-bit key. Basically, a 108-bit key is sufficient for quite reliable encryption today. However, in the future, it will be insufficient. One more disadvantage of this algorithm is its low processing speed.
    AES (Advanced Encryption Standard)
    When NIST (National Institute of Standards and Technology) announced the developers contest for a new encryption algorithm, one of the main terms was that developers must relinquish any intellectual property. This has allowed the new standard to be free. All "candidates" (algorithms) were extensively examined by the world community and on October 2nd, 2000, NIST announced the winners. They were two Belgian cryptographers: Joan Daemen and Vincent Rijmen. Since that time AES has become a world cryptographic standard and is now supported by almost all security applications.
    Blowfish uses block encryption with a 64-bit key of variable length. The algorithm has two stages: key expansion and data encryption itself. Key expansion transforms a key into a 448-bit key. Data encryption is based on a sixteen iteration Feistel network. One of the main benefits of this algorithm is speed: most of the time is spent on key expansion which is performed only once.

    FTP Commander Deluxe supports DES, TripleDES, Blowfish, Twofish256, Twofish192, Twofish128, AES256, AES192, AES128, Serpent256, Serpent192, Serpent128, ARCFOUR, IDEA, and CAST128.

    Asymmetric encryption algorithms, public key cryptography
    Asymmetric algorithms can encrypt data, however, they shouldn't be used if you need to send encrypted data to another person, since in this case you will also need to send a corresponding key. Sending the key over an insecure channel is equal to sending un-encrypted data over the same channel. Asymmetric key cryptography (public key cryptography) solves the problem.

    Public key cryptography uses a pair of cryptographic keys, designated as public key and private key. The private key is generally kept secret, while the public key may be widely distributed (everyone may use your pubic key). For example, you'd like to encrypt data and send it to another person. All you have to do is encrypt the data using the person's public key. After this, no one but the owner of this public key will be able to decrypt the data. Even you won't be able to decrypt the data (say, in case you have deleted the original un-encrypted data). Thus, should you wish to receive sensitive data, so that no one can access it, you need to create a public and a private key. You should keep the secret key in a safe place, while the public key may be widely distributed. You can even place your public key on your web site so that everyone can send you secured data encrypted by your public key. You can decrypt such data using your private key known only to you.

    The disadvantage of asymmetric algorithms is that they are slower than symmetric algorithms. Therefore, if one needd to send large amounts of secret data, it is usually encrypted with a symmetric algorithm, and the key used is encrypted by means of an asymmetric algorithm (with a public key). Thus, the data is encrypted rather quickly, since a symmetric algorithm is used, and

    there is no danger in sending the key over insecure channels, since the key itself is encrypted. Generally, a symmetric key is used only once, a new key is generated each time a new document is encrypted. That is why a symmetric key is often called a "session key". In fact, a user might have no idea which session key was used, since he (or she) has provided only the public key, everything else was done by software.

    Asymmetric encryption algorithms are based on the use of one-sided functions. This means that even if you know the result, you won't be able to get the original data. To illustrate, if you know the sum of two numbers, you do not know exactly which numbers were added up to get that sum.

    Popular asymmetric algorithms


    When Whitfield Diffie and Martin Hellman published their article, in 1976, Ron Rivest along with Adi Shamir and Len Adleman had also shown interest in this matter and developed (in 1978) the RSA algorithm. The letters RSA are the initials of their surnames. RSA uses a 1024-bit or 2048-bit key and is now widely used.
    After two programs have interchanged the keys, they can encrypt data sent to each other. However, a violator can substitute the real server with a false one and send its own key while interchanging keys. To make sure that the application sends data to the correct recipient only, digital signatures are used.

    Digital signatures are used to verify the identity of the sender. As you already know, the recipient's public key is required to encrypt a message so that only the recipient can read it. Such messages can only be decrypted with a recipient's secret key. However, what if you encrypt a message with your secret key? Such messages can be read by people who have your public key and thus the message it not secure. Nobody but you (the owner of a secret key) can encrypt data so that other people can decrypt it with your public key. Thus, when you create/encrypt a message with your secret key, you verify your identity, so anyone who decrypts the message with your public key can be sure that you are the author of the message. Since asymmetric algorithms are

    rather slow, there is no sense in encrypting the whole message; only the message size is encrypted. This procedure consists of two stages: first you calculate the message size and then encrypt it with your secret key. When the message is sent, the encrypted size is included. The recipient calculates the message size, decrypts the attached size using the same algorithm and

    compares the results. If the sizes are equal, this means that this is the original message and it has not been modified during transfer.

    Sounds good, but how can we be sure that a public key received actually does belong to a specified person? After all, someone could have substituted a false key for the original key.

    To verify that a public key belongs to an individual, digital certificates are used. A certificate contains identity information (the name of a person, its personal ID data, and so forth) and cryptographic info (a public key and a Certificate Authority's (CA) digital signature). A Certificate Authority's (CA) digital signature verifies that a certificate belongs to the individual specified in it.

    Thus, though the scheme has become more complicated, it has also become more secure. For example, if you'd like to obtain a digital certificate, depending on the certificate's security level, you will need to send a request to a Certificate Authority or go there in person, so that the CA could make sure that you are the one who has applied for the certificate. Thus, a CA binds together your identity info and your public key in a certificate and signs it using its secret key.

    To make sure that a message was sent by you, a recipient does the following:

    1. Obtain a CA's public key
    2. Verify a certificate's signature using this key
    If the signature does belong to a CA, then the certificate information is authentic. In case of problems, this CA is responsible for information specified in the certificate.

    To prove that a signature does belong to a CA, the CA should have its own certificate that would verify its public key. In this case, a self-signed certificate is used. A self-signed certificate is an identity certificate signed by its own creator. That is, a CA that created the certificate also signed off on its legitimacy. You can create a self-signed certificate yourself too, but this does not mean that people will trust your certificate. For security reasons, it is not recommended that you trust self-signed certificates unless they belong to a root certification authority.

    If you create a self-signed certificate for your company, you can use it to sign all your company employees' certificates (but only for your company employees). This allows you to not only create as many certificates as needed, thus, saving time and money, but also to increase your company security level. Certificates can also be used by applications. This can be extremely useful in cases where applications exchange data over open (insecure) channels.

    Trying keys
    No matter what algorithm is used, it is always possible to decrypt data by trying all possible keys. The only problem is the time this would take. The longer the key, the more secure is the encrypted data. To illustrate, trying possible values of a 128-bit key would take several thousand trillion years. With development and growth of computer power, the time required to try all values of a 128-bit key will decrease, however in the near future a 128-bit key will be enough to provide reliable and secure data encryption.

    Trying an asymmetric key is an even more difficult task, since asymmetric keys are much longer than symmetric keys. Guessing such a key will take even greater amounts of time, since this method involves a factorial expansion of a big number. Nowadays, there are no effective algorithms which would allow you to perform such calculations in a reasonable amount of time. Thus, public key cryptography is considered to be secure.

    Copyright, InternetSoft Corporation, 2008