Endpoint Encryption

 View Only

  • 1.  NetShare 10.2 keys

    Posted Aug 13, 2012 06:35 PM

    I'm sure my issue is just a key issue, but when I installed the PGP Desktop on each of the users' computers who I want to have access to a specific folder on the server and I exported their keys and imported the keys on the machine I'm using to create the encrypted folder, the users are being forced to type their passphrase all the time to unlock this folder.  Is there a way to configure the clients so they don't have to enter their passwords and have it work based solely on keys?  If so, what do I need to do?



  • 2.  RE: NetShare 10.2 keys

    Posted Aug 13, 2012 06:54 PM

    If the users are managing their own keys, they have to enter their passphrase each time they need to use their private key, such as when accessing a file from a NetShare protected folder.  However, you can use PGP Options to cache their passphrase, so they only need to enter it once each time they log in.



  • 3.  RE: NetShare 10.2 keys

    Posted Aug 13, 2012 07:03 PM

    Is there a method where the keys can be configured so they don't have to enter a passphrase at all or is the minimum, each time they log onto the share for the first time each day?



  • 4.  RE: NetShare 10.2 keys

    Posted Aug 13, 2012 08:52 PM

    I suspect this can be done in a PGP Universal setting when keys are managed at that level. 

    Let me clarify how NetShare works, at least for PGP Dekstop users.  When files are placed in a NetShare protected folder by a PGP NetShare authorized user of that folder, the files are encrypted to the public keys of all authorized users of that protected folder.  When this folder is on a server, and a file it contains is accessed by an authorized user of that protected folder, the file is sent over the network in an encrypted state to the authorized user.  After it reaches the user's computer, the user's private key then transparently decrypts the file for use.  However, since the user's private key is encrypted to the user's passphrase, the passphrase is necessary for the decryption of the private key, so that it can then decrypt the file - unless the passphrase has been cached, it must then be entered. 

    What you might want to try (I'm not sure if it will work), taking into account that this is not recommended due to the lowered security of the protected files if you do, is to change a user's key's passphrase, and not make any entry for the new passphrase - since this results in having no passphrase for the encryption of the private key, that private key will no longer be encrypted.