Encrypted and Secured Volumes

Note: This page is provided as a historical resource for a deprecated application-level feature called "Laserfiche Volume Encryption" or "Encrypted Volumes." To properly encrypt your at-rest Laserfiche repository volume data, Laserfiche recommends using modern disk and file system encryption options (for example, Microsoft BitLocker and Encrypting File System). Laserfiche does not recommend or endorse specific disk and file system encryption solutions.

Encrypting a volume protects the files in that volume in the Windows file system, using an encryption password to determine what users and applications should be able to access those files. You can choose to encrypt your volumes using an AES-128, AES-192, or AES-256 encryption algorithm. Each of the files in the volume (image pages, text pages, and so on) will be encrypted; if they are opened from Windows, their contents will be unreadable or unavailable.

In most cases, we recommend using encryption only for volumes that are not attached to a Laserfiche repository: either detached or exported volumes. You can encrypt volumes at the same time you perform the detach or export operation. The contents will remain encrypted until you attach the volume to a Laserfiche repository and provide the password, at which point you should decrypt them.

It is also possible to encrypt a volume that is attached to  Laserfiche repository. However, we strongly recommend against encrypting volumes that are attached to a repository and that may be modified. If you want to encrypt your data that will be actively modified through Laserfiche, we recommend using a third-party hard drive encryption application. Volumes that are encrypted while attached to a repository will enter a secured state whenever the Laserfiche Server restarts, and must be unlocked using an encryption password.

Be aware that when a volume is secured, its contents are not accessible to anyone until it is made accessible again. Users opening a document stored in that volume will not be able to see the document's pages, text or electronic files; instead, they will receive a message indicating that the document's volume is secured and therefore unavailable. Securing a volume is most useful for archival volumes that do not need to be available for routine repository access.

A volume can be secured in two ways. When the Laserfiche Server is started, all volumes that were encrypted at the time the Server stopped will be loaded in a secured state. You will need to unlock these secured volumes to make them accessible. You can also secure a volume manually in the Web Administration Console.

Warning: There is no way to retrieve a lost volume encryption password. It is strongly recommended that volumes not be encrypted with Laserfiche volume encryption when they are attached to a repository and may be modified; Laserfiche volume encryption is recommended for detached or exported volumes only. We recommend the use of alternative full-featured encryption systems to secure your Laserfiche data on disk.

Encrypted volumes

To encrypt a volume during export or detach

To export a volume

  1. Start the Laserfiche Administration Console.
  2. In the console tree, expand the desired Laserfiche Server item.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on the selected repository, log in as any user who has been granted the Manage Volumes privilege for the specified repository.
  5. Select the Volumes item.
  6. Select the volume to export.
  7. From the Action menu, select Export. The Export Volume dialog box will appear.
  8. Under Destination folder, determine where to export the volume. You can provide a path local to the Laserfiche Server computer or a UNC path. The destination folder cannot be on a mapped drive.
  9. Under Format, determine which version of Laserfiche you want your exported volume to be compatible with.
  10. Under Encryption, perform one of the following:
    • If you do not want to encrypt the exported volume, do not select the Encrypt volume with a password option. The volume will be exported unencrypted, even if the volume was originally encrypted.
    • If the volume is not currently encrypted and you want to encrypt it for export, or if it is encrypted and you want to export it with a different password than is currently in use, select the Encrypt volume with a password option and type a password in the Enter a new password option.
    • If the volume is currently encrypted, and you want the exported copy to use the same encryption password as the volume on the Server, select the Encrypt volume with a password option and then select Continue to encrypt the exported volume with the same password. The password currently set on the volume will be necessary to attach the exported volume to a repository.
  11. Click OK to export the volume.

    Note: If any errors or warnings occur during volume export, an error message will be displayed and you will be able to open the volume export log for more information.

To detach a volume

  1. Start the Laserfiche Administration Console.
  2. In the console tree, expand the desired Laserfiche Server item.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on the selected repository, log in as any user who has been granted the Manage Volumes privilege for the specified repository.
  5. Select the Volumes item.
  6. Select the volume to detach.
  7. From the Action menu, select Detach. The Detach Volume dialog box will appear.
  8. Under Destination, select Volume's fixed path or Volume's removable path.
  9. Under Encryption, perform one of the following:
    • If you do not want to encrypt the detached volume, do not select the Encrypt volume with a password option. The volume will be exported unencrypted, even if the volume was originally encrypted.
    • If the volume is not currently encrypted and you want to encrypt it for detach, or if it is encrypted and you want to detach it with a different password than is currently in use, select the Encrypt volume with a password option and type a password in the Enter a new password option.
    • If the volume is currently encrypted, and you want the detached copy to use the same encryption password as the volume on the Server, select the Encrypt volume with a password option and then select Continue to encrypt the exported volume with the same password. The password currently set on the volume will be necessary to attach the detached volume to a repository.
  10. Click OK to detach the volume.

    Note: If any errors or warnings occur during volume detach, an error message will be displayed and you will be able to open the volume detach log for more information.

To export a volume

  1. Start the Laserfiche Web Administration Console.
  2. Select the desired Laserfiche Server item.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on the selected repository, log in as any user who has been granted the Manage Volumes privilege for the specified repository.
  5. Select Volumes.
  6. Select the desired volume.
  7. Click the Export button. The Export Volume dialog box will appear.
  8. Under Destination folder, determine where to export the volume. You must provide a path local to the Laserfiche Server computer.
  9. Under Format, determine which version of Laserfiche you want your exported volume to be compatible with.
  10. Under Encryption, perform one of the following:
    • If you do not want to encrypt the exported volume, do not select the Encrypt volume with a password option. The volume will be exported unencrypted, even if the volume was originally encrypted.
    • If the volume is not currently encrypted and you want to encrypt it for export, or if it is encrypted and you want to export it with a different password than is currently in use, select the Encrypt volume with a password option and type a password in the Enter a new password option.
    • If the volume is currently encrypted, and you want the exported copy to use the same encryption password as the volume on the Server, select the Encrypt volume with a password option and then select Continue to encrypt the exported volume with the same password. The password currently set on the volume will be necessary to attach the exported volume to a repository.
  11. Click OK to export the volume.

To detach a volume

  1. Start the Laserfiche Web Administration Console.
  2. Select the desired Laserfiche Server item.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on the selected repository, log in as any user who has been granted the Manage Volumes privilege for the specified repository.
  5. Select Volumes.
  6. Do one of the following:
      • Click on the volume name to open the Volume properties page. Click Detach below the volume name.
      • Select the desired volume. Click the Detach button. If you do not see the Detach button, click >> to see more toolbar buttons.
  7. Under Destination, select Volume's fixed path or Volume's removable path.
  8. Under Encryption, perform one of the following:
    • If you do not want to encrypt the detached volume, do not select the Encrypt volume with a password option. The volume will be exported unencrypted, even if the volume was originally encrypted.
    • If the volume is not currently encrypted and you want to encrypt it for detach, or if it is encrypted and you want to detach it with a different password than is currently in use, select the Encrypt volume with a password option and type a password in the Enter a new password option.
    • If the volume is currently encrypted, and you want the detached copy to use the same encryption password as the volume on the Server, select the Encrypt volume with a password option and then select Continue to encrypt the exported volume with the same password. The password currently set on the volume will be necessary to attach the detached volume to a repository.
  9. If you want to compress the detached volume, select the Compress exported volume option.
  10. Click OK to detach the volume.

    Note: If any errors or warnings occur during volume detach, an error message will be displayed and you will be able to open the volume detach log for more information.

Note: If any errors or warnings occur during volume export, an error message will be displayed and you will be able to open the volume export log for more information.

To encrypt a volume

To encrypt a volume

  1. Start the Laserfiche Administration Console.
  2. In the console tree, expand the desired Laserfiche server item.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on the selected repository, log in as a user with the Manage Volumes privilege.
  5. Navigate to the Volumes node.
  6. Select the volume to encrypt.
  7. Open the Action menu or right-click, and point to All Tasks. Select Encrypt Volume....

    Warning: We strongly recommend against encrypting volumes that are attached to a repository and that contain files that may be modified.

  8. In the Please select the encryption algorithm option, select the encryption algorithm you want to use. You can choose AES-128, AES-192, or AES-256.
  9. Specify the password you want to use to encrypt the volume.
  10. Verify the password.
  11. Click OK to save your changes.

To decrypt a volume

  1. In the Administration Console, log in as a user with the Manage Volumes privilege.
  2. Navigate to the Volumes node.
  3. Select the volume to decrypt.
  4. Open the Action menu or right-click, and point to All Tasks. Select Decrypt Volume.... If the volume is secured, you will be prompted to provide the encryption password.

To encrypt a volume

  1. Start the Laserfiche Web Administration Console.
  2. Select the desired Laserfiche server item.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on the selected repository, log in as a user with the Manage Volumes privilege.
  5. Click on Volumes.
  6. Select the desired volume.

    Warning: We strongly recommend against encrypting volumes that are attached to a repository and that contain files that may be modified.

  7. Click the Encrypt  button. If you do not see the Encrypt button, click the >> to see more toolbar buttons.
  8. In the Encryption Algorithm option, select the encryption algorithm you want to use. You can choose AES-128, AES-192, or AES-256.
  9. Specify the password you want to use to encrypt the volume.
  10. Verify the password.
  11. Click OK to save your changes.

To decrypt a volume

  1. Start the Laserfiche Web Administration Console.
  2. Select the desired Laserfiche server item.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on the selected repository, log in as a user with the Manage Volumes privilege.
  5. Click on Volumes.
  6. Select the desired volume.
  7. Click the Decrypt  button. If you do not see the Decrypt button, click the >> to see more toolbar buttons. If the volume is secured, you will be prompted to provide the encryption password.

Secured volumes

Once a volume has been encrypted, it can also be secured. Securing the volume makes it inaccessible to anyone, whether they are viewing documents from that volume in Laserfiche or are viewing its files in Windows. Once a volume has been secured, a user with the encryption password need to unlock the secured volume in the Web Administration Console to make it accessible again.

While a volume is secured, users attempting to open the document in Laserfiche will not be able to see the pages, text, or electronic documents from that volume. The password will be required to export, detach, decrypt or attach the volume.

When the Laserfiche Server is started, any volumes that were encrypted when the server was stopped will be loaded in a secured state. A user with the encryption password will need to unlock the secured volumes to make their contents accessible again. In addition, all volumes that have been encrypted when they were exported or detached will be loaded in a secure state and will require a password to decrypt.

Note: Only encrypted volumes can be secured.

To secure a volume

  1. Start the Laserfiche Administration Console.
  2. In the console tree, expand the desired Laserfiche server item.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on the selected repository, log in as a user with the Manage Volumes privilege.
  5. Navigate to the Volumes node.
  6. Select the volume to secure. Note that only encrypted volumes can be secured.
  7. Open the Action menu or right-click and point to All Tasks. Select Secure Volume.

To unlock a secured volume

  1. In the Administration Console, log in as a user with the Manage Volumes privilege.
  2. Navigate to the Volumes node.
  3. Select the volume to unlock from its secured state.
  4. Open the Action menu or right-click, and point to All Tasks. Select Unlock Secured Volume....
  5. Provide the encryption password and click OK.

To secure a volume

  1. Start the Laserfiche Web Administration Console.
  2. Select the desired Laserfiche server item.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on the selected repository, log in as a user with the Manage Volumes privilege.
  5. Click Volumes.
  6. Select the desired volume.
  7. Click the Secure button. If you do not see the Secure button, click >> to see more toolbar buttons.

To unlock a secured volume

  1. Start the Laserfiche Web Administration Console.
  2. Select the desired Laserfiche server item.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on the selected repository, log in as a user with the Manage Volumes privilege.
  5. Click Volumes.
  6. Select the desired volume.
  7. Click the Unlock Secure button. If you do not see the Unlock Secure button, click >> to see more toolbar options.
  8. Provide the encryption password and click OK.