Skip to main content

Encrypt File

Encrypts an entire file using symmetric encryption algorithms (AES or 3DES), protecting file contents from unauthorized access. The node creates a new encrypted file with a modified filename.

Common Properties

  • Name - The custom name of the node.
  • Color - The custom color of the node.
  • Delay Before (sec) - Waits in seconds before executing the node.
  • Delay After (sec) - Waits in seconds after executing node.
  • Continue On Error - Automation will continue regardless of any error. The default value is false.
info

If the ContinueOnError property is true, no error is caught when the project is executed, even if a Catch node is used.

Inputs

  • File Path - The path to the file to encrypt. Can be absolute or relative path.
  • Key - The encryption key in hexadecimal format.
    • AES: 16, 24, or 32 bytes (128, 192, or 256 bits)
    • 3DES: 24 bytes (192 bits)

Options

  • Encryption Algorithm - The encryption algorithm to use:
    • aes - Advanced Encryption Standard (recommended)
    • 3Des - Triple Data Encryption Standard (legacy)

Output

  • enc_file_path - The path to the encrypted output file.
    • For AES: Original filename with "encrypted" inserted (e.g., "document.encrypted.pdf")
    • For 3DES: Hexadecimal string representation of encrypted data

How It Works

The Encrypt File node securely encrypts file contents using stream encryption:

  1. Opens the input file for reading
  2. Decodes the hexadecimal encryption key
  3. Creates a cipher based on the selected algorithm
  4. For AES encryption:
    • Creates a zero initialization vector (IV) for file encryption
    • Uses OFB (Output Feedback) mode for stream encryption
    • Creates output file with "encrypted" in the filename
    • Streams and encrypts the file content block by block
  5. For 3DES encryption:
    • Reads the entire file into memory
    • Applies PKCS7 padding to match block size
    • Encrypts the data
    • Returns hexadecimal encoded cipher text
  6. Returns the path to the encrypted file or encrypted data

Example Usage

Encrypt Sensitive Documents

// Encrypt a confidential PDF file
const filePath = "C:/Documents/financial_report_2024.pdf";
const encryptionKey = "{{vault.file_encryption_key}}";

// Use Encrypt File node with AES algorithm
// Output: enc_file_path = "C:/Documents/financial_report_2024.encrypted.pdf"

Encrypt Database Backup

// Protect database backup file
const backupFile = "/home/user/backups/database_backup.sql";
const key = "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2";

// Use Encrypt File node
// Store encrypted backup securely

Batch File Encryption

// Encrypt multiple files in a folder
const files = [
  "/data/customer_data.csv",
  "/data/transactions.xlsx",
  "/data/reports.pdf"
];

// Use ForEach node to iterate
// Encrypt each file with Encrypt File node
// Store encrypted file paths in array

Encrypt Before Upload

// Encrypt file before uploading to cloud storage
const localFile = "{{msg.file_path}}";
const masterKey = "{{vault.master_key}}";

// 1. Use Encrypt File node
// 2. Use Amazon S3 Upload node with encrypted file
// 3. Delete original unencrypted file if needed

Temporary File Encryption

// Encrypt temporary files for processing
const tempFile = "/tmp/processing_data_" + Date.now() + ".txt";

// 1. Write data to temp file
// 2. Use Encrypt File node
// 3. Process encrypted file
// 4. Clean up both original and encrypted files

Requirements

  • Valid file path that exists and is readable
  • Sufficient disk space for encrypted output file
  • Write permissions in the output directory
  • Valid hexadecimal encryption key of appropriate length
  • For large files, ensure adequate system memory

Error Handling

The node will return errors in the following cases:

  • File not found - Input file doesn't exist at specified path
  • Access denied - No read permission for input file or write permission for output
  • Invalid key format - Key is not valid hexadecimal
  • Invalid key length - Key length doesn't match algorithm requirements
  • Disk space - Insufficient disk space for encrypted file
  • Encryption failure - Internal encryption error occurred
  • File locked - Input file is locked by another process

Security Best Practices

  • Use AES encryption - Preferred over 3DES for better security and performance
  • Use strong keys - Generate 256-bit keys for maximum security
  • Protect keys - Store encryption keys in Robomotion Vault
  • Secure file storage - Store encrypted files in protected locations
  • Delete originals - Consider deleting unencrypted files after successful encryption
  • Verify encryption - Check that encrypted file was created successfully
  • Set file permissions - Restrict access to encrypted files
  • Use unique keys - Consider using different keys for different files or categories

Performance Considerations

  • Large files - AES OFB mode streams data, efficient for large files
  • Memory usage - AES streams data (low memory), 3DES loads entire file (high memory)
  • Processing time - Encryption time scales with file size
  • Disk I/O - Encryption is I/O bound for large files
  • Parallel processing - Can encrypt multiple files in parallel for better throughput

Common Use Cases

  • Document Protection - Encrypt confidential documents and reports
  • Data Export - Encrypt data before exporting from systems
  • Backup Security - Encrypt backup files before storage
  • Compliance - Meet encryption requirements for GDPR, HIPAA, SOC2
  • Secure Transfer - Encrypt files before FTP/SFTP transfer
  • Archive Protection - Encrypt archived files for long-term storage
  • Email Attachments - Encrypt files before sending via email

Tips for Effective Use

  • Test encryption with sample files before production use
  • Keep track of which key was used for each file
  • Consider including encryption metadata (algorithm, date) in filename or database
  • For 3DES, be aware that output is hexadecimal string, not a file
  • Use File Hash node to verify file integrity before encryption
  • Implement error handling for file access and disk space issues
  • Monitor disk space when encrypting large files
  • Consider compression before encryption for better storage efficiency

File Naming

The encrypted file naming depends on the algorithm:

  • AES: Inserts "encrypted" before file extension

    • document.pdfdocument.encrypted.pdf
    • data.csvdata.encrypted.csv
    • report.xlsxreport.encrypted.xlsx

  • 3DES: Returns hexadecimal string (save to file manually)

  • Decrypt File - Decrypt files encrypted by this node
  • Encrypt Text - Encrypt text content instead of files
  • Generate Key - Generate secure encryption keys
  • File Hash - Calculate hash of file before/after encryption
  • HMAC Signature - Create authentication code for encrypted files