How do I ... use secure copy for file encryption in Windows?

The secure copy command allows the user to securely copy files from a local machine to a remote machine with encryption. One of the easiest methods of achieving this feat is with WinSCP. Jack Wallen explains how to install, configure, and use this tool.

If you're a fan of secure shell (ssh) in Linux then you know of the beauty that is secure copy (scp). The scp command allows the user to securely copy files from a local machine to a remote machine with encryption. One of the easiest methods of achieving this feat is with WinSCP.

WinSCP is currently in release 4.1.7 and is fully open source (licensed under the GPL). WinSCP supports drag and drop, SSH-1 and SSH-2, batch file scripting, directory syncing, public key authentication, Kerberos authentication, and legacy scp protocols.

WinSCP comes in two "flavors": An Explorer-like single-paned view or a Norton Commander two-paned view (this choice is made during the installation). WinSCP also offers session information storing. This way you can store the information about sessions you frequently use so you don't have to constantly re-enter that information. However, use caution with this feature if you store passwords for each session (thereby leaving them less secure).

This blog post is also available in PDF format as a TechRepublic download.

Getting and installing

As with most Windows applications, the installation of WinSCP is as simple as double-clicking a downloaded binary file. Once that file is downloaded, double-click it to begin the process. There really isn't anything tricky about the installation process. The only installation step that is outside of the norm is making the choice of interface. There are two types of interfaces (as listed earlier) Explorer-like (Figure A) and Norton-Commander-like (Figure B).

Figure A

This is the Explorer navigation view.

Figure B

The local machine is on the left, the remote machine is on the right.

Don't worry about the interface. If the interface you choose at install doesn't suite your needs, you can always change it later.

Once WinSCP is installed, a new entry will be found in the Start Menu called WinSCP; from that submenu click on WinSCP to start the application.

The Login Window

The Login Window is where the information regarding any scp (or sftp) connection is made. As you can see in Figure C, there are four configuration categories. Although, in a standard setup, zero configuration is needed (outside of setting up login information in the Session category), there are a number of configuration options you might want to peek into.

Figure C

This screen is the heart of WinSCP and is all you need to fill out for a connection.
The first configuration option is under the Stored Session subcategory. This is where sessions are saved for later use. Figure D shows the main window where new sessions can be created and stored.

Figure D

Setting the defaults is a quick way to speed up your connection process when most connections share a similar setup.

To create a new stored session, click the New button. What this does is take you back to the main Login Window where a new session is created. In all actuality this does nothing differently than creating a new login session. In order to save the session you have to manually click the Save button before you hit Login. Once you click the save button you will be asked to give the session a name. The default name is USERNAME@REMOTE_ADDRESS (where USERNAME is the actual login name and REMOTE_ADDRESSS is the actual address of the machine you are logging in to.)

Once you have saved a session, that session will appear in the Stored sessions window (Figure E).

Figure E

The Edit button opens up (once again) the main Login Window where you can make a change to your connection.

Let's say the machine that WinSCP is installed on always connects to the same remote server (only with different username/passwords). Instead of having to enter the machines' address each time you create a saved session (or just log in to a session), you can set the defaults simply by clicking the Set Defaults button. When the Set Defaults button is pressed, WinSCP will ask if you want to use the selected session as the default session.

This can be a problem if the current session has a username already entered. In order to get around this, click the New button and enter only the values you want to use as the default session. So if you want to configure only the IP address and the protocol of the remote server as the defaults, enter the address and select the correct protocol and then click Save. The new session will show up in the Stored session window listed only with the IP address (or FDQN if that is used).

Under the SSH configuration category you can configure Protocol options (such as SSH version and compression) and Encryption options (type of encryption as well as legacy). Figure F shows the SSH options.

Figure F

Make sure you move the cipher selection policy to match your needs.

The only configuration under the Preference category is selecting which interface you want to use. If you change the interface type, it will not take affect until you restart WinSCP.


Using WinSCP is simple. Once you have logged in, you can navigate to the directory you need to work under and drag and drop the files you want to copy. I have found using the Norton Commander interface is actually the easiest because it does not require a second window to be open.

When you select the files to be copied, you will see a new window (Figure G) that will allow you to make a few selections, including moving the current transfer to the queue. Adding files to the queue is very helpful when you have larger files to transfer and you need to transfer multiple files to different directories. Of course, if you are transferring multiple files to the same directory, you only need to hold down the Ctrl key as you select files.

Figure G

Transfer files in this window.

Once a file is added to the queue it will begin transfer right away. You might have to enter the password if the password is not saved in the session. As you add new files to the queue, they will begin transferring immediately as well. All of the queue transfers occur seamlessly in the background.

Final thoughts

If you are in need of simple, yet secure, file transfers in a Windows environment you need not look any further than WinSCP. This application is easy to learn, is open source, and will enable you to safely transfer files without concern for your data or your security. WinSCP is a must-have for anyone looking for secure file transfer.


Jack Wallen is an award-winning writer for TechRepublic and He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website


If SSH/OpenSSH is not installed and running on the remote machine, then you'll never connect with WinSCP in the first place.

Mark W. Kaelin
Mark W. Kaelin

I do not encrypt my files, but I have begun to wonder if I should. Do you encrypt your data? Why? Is it really necessary? What tools do you use for encrypting?


if SSH/OpenSSH is required on the remote pc, how do you get it there? Is it an available download and will it work on Windows pc's? Is it a difficult install or do the defaults pretty much install it? With the new security regulations that came into place October this year, encryption and the transfer of encrypted files is going to become more prevalant in our everyday use of data transmissions. I would like to know what products can simplify the process and provide compliance without having to have an advanced degree in technology or open source software

Editor's Picks