The SendSafely Secure Package Export Utility is a Windows command line app that allows you to export and save items that are transferred through your SendSafely Enterprise portal. The latest version of the Package Export Utility can be downloaded here.
When run, the utility will save the contents of each exported package to an "archive" folder in the same location as where the utility is run. A sub folder will be automatically created for each unique package id that is exported.
- Previously sent and received items in Active status will be downloaded, as long as you have at least one trusted browser configured prior to setting up and running the export utility.
- Previously sent and received items that are Expired but not Archived will also be downloaded if your account has permission to temporarily reactivate them (i.e. you are the owner, or you are an enterprise admin). Items that are Archived will not be retrieved as they can no longer be accessed by any user.
- After running the utility, the presence of any folders that are prefixed with an underscore (_) in the folder name indicate that an error occurred during export. A file containing the error message will be included in the folder for reference.
- Folders that do not include an underscore in the name indicate a successful export. Packages that were successfully exported will be skipped if the utility is run again from the same location.
The utility supports two primary export operations: Organization Package Export (requires admin rights) and User Package Export (can be run by any user).
Organization Package Export
Downloads all files and messages within an entire organization for a date range specified. This option requires use of a portal master key. Export results are limited to 500 records (if you hit this limit you will get an error instructing you to reduce the size of your date range).
NOTE: Use of this command requires that you have the correct enterprise private key for your organization and a valid API Key and API Secret (refer to Generating an Enterprise Private Key and Generating an API Key below for more information).
SendSafelyExportUtility.exe -exportOrgPackages [your SendSafely host name] [your api key] [your api secret] [path to enterprise private key file] [enterprise private key id] [start date] [end date]
SendSafelyExportUtility.exe -exportOrgPackages https://yourcompany.sendsafely.com AAABBBCCC XXXYYYZZZ c:\secure\123456.private_key.txt 111-2222-3333-4444 01/01/2018 12/31/2018
User Package Export
Downloads all files and messages for a specific user. This option requires use of trusted device key and will export all active (non-archived) items.
NOTE: Use of this command requires that you have a valid trusted device key for your user account (refer to Generating a User Device Key below for more information).
SendSafelyExportUtility.exe -exportUserPackages [your SendSafelyhost name] [your api key] [your api secret] [path to trusted device key file] [trusted device key id]
SendSafelyExportUtility.exe -exportUserPackages https://yourcompany.sendsafely.com AABBBCCC XXXYYYZZZ c:\secure\111-2222-3333-4444.private_key.txt 111-2222-3333-4444
Generating a Portal Master Key
If you do not already have a portal master key active for your organization, you will need to generate a new key pair and provide the public key to the SendSafely support team so that it can be activated as your portal master key. For more information on this process, please see our help center article here. Only items uploaded to SendSafely AFTER the key has been activated will be available for export. The export utility can be used to generate a new key using the following command.
The utility will produce two randomly named files, NNN.public_key.txt and NNN.private_key.txt (NNN is simply a random number to provide a unique file name, it has no significance). You will need to provide the public_key.txt file to the SendSafely support team, and store the private key in a secure location for use when exporting items. The support team will provide you with a unique key id for your portal master key once activated.
Generating a User Device Key
The export utility will require its own trusted device key for use when exporting items. The export utility should be used to generate a new device key using the following command.
SendSafelyExportUtility.exe -genUserKey [your SendSafely host name] [your api key] [your api secret]
The utility will automatically upload the public key to the SendSafely server and save the private key on your local storage in a file named NNN.private_key.txt, where NNN is the unique Key ID# of the uploaded public key. You will need this key ID number when using the key, so we suggest keeping the key id in the filename if you rename the file.
NOTE: After generating the new device key, you will need to log into SendSafely from one of your trusted devices to synchronize access to the new key. If you do not, you will be unable to export any previously sent or received items.
Generating an API Key
In order to perform most commands, the utility requires you to have a valid API Key and API Secret. If you do not already have one, you can generate a new API Key and Secret by logging into the SendSafely portal and browsing to the Edit Profile screen (linked under the Account menu). From there, choose the “API Keys” option and generate a new API key for use.
Make sure you record the API Key and API Secret for later use and store it in a secure location.