Reference: Beyond FTP Private Key Management
Beyond FTP allows you to secure the data that is actually stored on an FTP server. In this case, even if someone were to get the user and password for the site, they would not be able to interpret any of the information actually stored there.
Each Beyond FTP server or client must have an address book entry for the FTP server. If you elect to use a single key phrase for all sites, only This Computer must be assigned a private key. If you elect to use different keys, you must make assignments for each FTP server in the address book that will store encrypted files.
For example, suppose there are two Beyond FTP sites, Boston and Chicago, which share information via an FTP site ftp:Public. You might assign key phrases as follows:
At
Boston:
This Computer: Now is the time for all good
men
ftp:Public:
Swing low sweet chariot
At
Chicago:
This
Computer:
The quick brown fox
jumped
ftp:Public:
Swing low sweet chariot
Data sent to the FTP server is encrypted with the ftp:Public key. Each Beyond FTP site that downloads that data MUST decrypt it with the same key. Otherwise they receive a file that is gibberish.
Unlike Beyond FTP servers, you may have more than one address book entry for the same FTP server. This proves useful if you also wish to store decrypted versions of transferred files. A Beyond FTP server sitting behind your firewall can scan for incoming encrypted files, retrieve them, and then send them to a private store in decrypted form. The Beyond FTP web site contains sample scripts that accomplish this task.
See Setting Up Encryption Services for step-by-step instructions on generating keys.