Choose your language

Choose your login

Support

Secure print jobs at the printer while they’re waiting to be printed

This page applies to:

Our Spool File Encryption feature helps you keep spool files (print jobs) secure while they are being held and waiting to be printed. This feature works in conjunction with printers set up for Secure print release , and works in Windows environments.

When using this feature, print jobs are encrypted using the Galois/Counter Mode GCM (AES-256-GCM).

Requirements

  • PaperCut MF 20.1 or later

  • Print Provider 105.0.0 or later running on Windows—at least Windows Server 2012

Summary of setup steps

  1. Enable Spool File Encryption on PaperCut servers

  2. Configure printers/devices to wait for user authentication before releasing jobs

  3. Prevent print jobs from being released on printers in error

  4. (Optional) Configure the directory for Spool File Encryption

Enable Spool File Encryption on PaperCut servers

  1. Log in to the PaperCut Admin web interface.

  2. Click Options, then under the Generaltab select Enable Spool File Encryption.

  3. If you have multiple primary and site servers, repeat steps 1 and 2 for each.

Configure printers/devices to wait for user authentication before releasing jobs

Configure printers and devices to hold a print job until the user authenticates at the device.

  1. Follow the procedure in Configure Secure Print Release .

  2. Repeat the procedure for each printer you want to set up for encryption.

Prevent print jobs from being released on printers in error

To block spool files (print jobs) from being released when a printer or device is in error, follow the appropriate procedure below for your environment.

(Optional) Configure the directory for Spool File Encryption

You can configure the directory used for Spool File Encryption.

  1. Navigate to \providers\print\win

  2. Open the Print Provider configuration file print-provider.conf and locate the EncryptedSpoolDir configuration key.
    By default it is set to to:
    \providers\print\win\spool\encrypted

  3. Set the key to your target location, for example:
    Windows path: EncryptedSpoolDir=D:\print\encryptedspools
    UNC path: EncryptedSpoolDir=\\print-server\encryptedspools

Notes on downgrading a Print Provider version > or = 105.0.0 to a prior version

There are some rare occasions where you might want to downgrade the version of Print Provider. For example, you want to upgrade PaperCut NG/MF to use new functionality, but you want to keep your current version of Print Provider for stability.

Before you downgrade, if you have already enabled Spool File Encryption, you must release or cancel all current encrypted print jobs. If you don’t, the:

  • print job will remain in the print queue but because prior versions of Print Provider (version < 105.0.0) don’t support encryption, it will send a zero-byte spool file to the printer when a job is released. These empty files are ignored by most printers, but can cause errors on those printers that don’t ignore them.

  • encrypted spool files will remain in the encrypted folder until they are manually deleted.

Comments