Our Spool File Encryption feature helps you keep spool files (print jobs) secure while they are being held and waiting to be printed. This feature works in conjunction with printers set up for Secure print release , and works in Windows environments.
When using this feature, print jobs are encrypted using the Galois/Counter Mode GCM (AES-256-GCM).
Requirements
-
PaperCut MF 20.1 or later
-
Print Provider 105.0.0 or later running on Windows—at least Windows Server 2012
Summary of setup steps
-
Configure printers/devices to wait for user authentication before releasing jobs
-
(Optional) Configure the directory for Spool File Encryption
Enable Spool File Encryption on PaperCut servers
-
Log in to the PaperCut Admin web interface.
-
Click Options, then under the Generaltab select Enable Spool File Encryption.
-
If you have multiple primary and site servers, repeat steps 1 and 2 for each.
Configure printers/devices to wait for user authentication before releasing jobs
Configure printers and devices to hold a print job until the user authenticates at the device.
-
Follow the procedure in Configure Secure Print Release .
-
Repeat the procedure for each printer you want to set up for encryption.
Prevent print jobs from being released on printers in error
To block spool files (print jobs) from being released when a printer or device is in error, follow the appropriate procedure below for your environment.
-
Prevent jobs being released from a Standard Release Station when a printer is in error
-
Prevent jobs being released from an MFD Release Station when a device is in error
(Optional) Configure the directory for Spool File Encryption
You can configure the directory used for Spool File Encryption.
-
Navigate to
\providers\print\win -
Open the Print Provider configuration file print-provider.conf and locate the EncryptedSpoolDir configuration key.
By default it is set to to:
\providers\print\win\spool\encrypted -
Set the key to your target location, for example:
Windows path: EncryptedSpoolDir=D:\print\encryptedspools
UNC path: EncryptedSpoolDir=\\print-server\encryptedspools
Notes on downgrading a Print Provider version > or = 105.0.0 to a prior version
There are some rare occasions where you might want to downgrade the version of Print Provider. For example, you want to upgrade PaperCut NG/MF to use new functionality, but you want to keep your current version of Print Provider for stability.
Before you downgrade, if you have already enabled Spool File Encryption, you must release or cancel all current encrypted print jobs. If you don’t, the:
-
print job will remain in the print queue but because prior versions of Print Provider (version < 105.0.0) don’t support encryption, it will send a zero-byte spool file to the printer when a job is released. These empty files are ignored by most printers, but can cause errors on those printers that don’t ignore them.
-
encrypted spool files will remain in the encrypted folder until they are manually deleted.
Comments