News & Events

AES256 Encryption for the GT Controller


Increasingly, our customer’s customers are demanding that the data they provide is protected in the plant, that is, that the data is encrypted with the latest and safest encryption standards, no ASCII files permitted anymore. For that reason, GTUS has gone from triple DES to AES256 encryption for the GT controller in Windows 10 from version 10.40P1E on.

The GT controller decrypts the files on the fly, very fast. The files, even if stolen, are almost impossible to decrypt.

To encrypt the data files, GTUS has implemented the app EncryptFileAES256.exe. You will need a license to run this program. You can easily do a key-entering ceremony and encrypt your files in the secure location, then transfer it to the production floor safely over the secure SMP network.

Graphic 1

Data preparation

Run EncryptFileAES256.exe which is in c:/AES256. You will see the following screen, if not licensed.


First, you have to select a file to be encrypted by pressing this button and elect a file.


The ASCII data has to be fixed size and have CR/LF at the end of each record

Second, you select the key method. Normally, the keys are already defined (they usually change once a month). Thus, you select the Resident key method and encrypt the file selected with [Encrypt]. But as you can see, keys can be entered: key fob, Hex input, and Text derived


For example Text derived, you enter the 4 keys here according to your protocols and [Encrypt].


After having encrypted, a new resident Key file is created. This file is also highly encrypted and can reside in an HSM.

Normally, however, you use the resident file


Then press [Encrypt] and wait for this message


We take the original name and add the “.4AES” extension.

This is the file to be transferred to the GT controller on the corresponding production machine