Encrypt network data for copy and install tasks

Remote Desktop can encrypt files sent using the Copy Items and Install Packages commands.

Encryption isn’t enabled by default—enable it for each Copy task, or globally in Remote Desktop preferences. Even installer package files can be intercepted if they’re not encrypted. Alternatively, you could encrypt the file archive before copying it.

Authentication to Remote Desktop clients uses an authentication method based on a Diffie-Hellman Key agreement protocol that creates a shared 128-bit key. This shared key is used to encrypt the user name and password using the Advanced Encryption Standard (AES). The Diffie-Hellman key agreement protocol used in Remote Desktop is very similar to the one used in personal file sharing, with both of them using a 512-bit prime for the shared key calculation.

With Remote Desktop, keystrokes and mouse events are encrypted when you control OS X client computers. All tasks—except Control and Observe Screen, and the copying of data and files using Copy Items and Install Packages—are encrypted for transit. This information is encrypted using the AES with the 128-bit shared key that was derived during authentication.