Endpoint Protection

 View Only

  • 1.  SEE Master Cert and Group Key

    Posted Jun 17, 2009 03:14 AM
    Hi,

    From the documentations, I know that we can do data recovery using the Master Cert. However, the master cert needs to be imported to a smart card or token for data recovery.
    Can I use the Master Cert to do data recovery without the use of smart card or token? How do I go about doing it? Do I need to install a client package such that it is able to decrypt using the cert? Because currently my settings is to use password for encrypt and decrypt.

    Another thing is regarding the Group key. With the group key generated, I am able to decrypt any file right? Is this consider as a means of data recovery also?


  • 2.  RE: SEE Master Cert and Group Key

    Posted Jun 17, 2009 04:51 AM
     The Master Certificate is used by SEE Removable Storage and the Removable Storage Access
    Utility to encrypt files.

    Choose Do not encrypt files with a master certificate if you do not want to use a master certificate.
    Choose Encrypt files with a master certificate if you want to use a master certificate. You will be prompted for the
    location of the PKCS#7 format certificate file (.p7b). Once you have chosen a certificate file, the Select Certificate
    dialog will show information about the certificate you have chosen.


     The group key is used by SEE Removable Storage
    and the Removable Storage Access Utility to encrypt files.

    Click Do not encrypt or decrypt files with a group key if you do not want the computers receiving this policy to
    use a group key.
    Click Encrypt and decrypt files with this group key to deploy a group key to the computers receiving this policy.
    Clicking Generate new key will fill the key box with a randomly generated number.
    If you type or paste the key in, ensure that this value is random, 64 digits, hexadecimal format, and that alphanumeric
    characters are lowercase.


  • 3.  RE: SEE Master Cert and Group Key

    Posted Jun 17, 2009 05:08 AM
    Group Key is
    Used to specify a shared key with which to have SEE Removable Storage and the Removable Storage
    Access Utility encrypt all files on removable storage devices. All users on computers receiving the same group key
    will be able to decrypt one another’s files without having to type a password. This feature only applies to computers on which access to and encryption of removable storage devices are enabled.