Using Encryption in SOS

A collection of information about SourceOffSite, including solutions to common problems.

Moderator: SourceGear

Post Reply
Posts: 9736
Joined: Tue Dec 16, 2003 1:25 pm
Location: SourceGear

Using Encryption in SOS

Post by lbauer » Wed Apr 28, 2004 4:34 pm

These instructions are for SOS Professional Edition. SOS Standard Edition does not have encryption.

Creating User Keys in the SOS Server Manager

Each user must have a user key to access the secure port of the Server. The User Keys tab in the Server Manager is used to generate those user keys and to maintain the Server Keys file (sossvr.kys). The Server Keys file contains all user keys authorized to access the Server.

Although the SOS 4.0 Server can negotiate different levels of cryptography, all new encryption keys generated will be 128-bit keys.

User keys are not needed for SOS with no cryptography or for the unsecure port of SOS with cryptography.

Add Key

To create a key, click the Add Key button. In the Add User Key dialog, enter a SourceSafe User Name and a SourceOffSite Server name. Please note that no verification is done on this user name when it is entered in the Server Manager. To log in successfully, the user name must be known to SourceSafe.

The server name should be the DNS name or IP address of the machine on which the SourceOffSite Server will be running. Additionally, the server name entered here must correspond to the server name specified in the Client Connect dialog. Some examples of server names are:


By default, the user key will expire 90 days from the day that it is made. The expiration date may be changed in the Expiration section of the Add User Key dialog. If the Key Never Expires option is selected, the user key will never expire.

After a user key is created, an encryption key file entitled <username>.iky will be generated and placed in the Server directory. This key file should be delivered to the user in a secure fashion. The user must import this key into the SourceOffSite Client in order to communicate with the SourceOffSite Server through the secure port.

All encryption keys are maintained locally on the Server in the Server Keys file. When a SourceOffSite Client tries to connect to the Server, it sends the encryption key to the Server. The Server verifies that the key matches the key stored in the Server Keys file.

Delete Key

A user key may be removed by selecting the entry and pressing the Delete Key button. This removes the key from the Server Keys file.

Importing the Encryption Key into the SOS Client

If the Server has been configured to listen on a secure port, the Client must be initialized with an encryption key to connect to the secure port. The encryption key is generated in the Users Keys section of the Server Manager. An import key file should be obtained for the SourceOffSite Server to which the Client will be connecting.

To initialize the Client with the encryption key, start the SourceOffSite Client. Under the Tools menu, select the Import Encryption Key command and enter the location and name of the import key file. The file name will be <username>.iky. Connections can then be made on the secure port.

If the Server has been configured to listen on an unsecure port, the Client does not need an encryption key to access this port.
Linda Bauer
Technical Support Manager

Post Reply