File Share Encryption

Hello,

I would like to have File Share Encryption based on certificates and would like to keep this certificates on a smartcard.

Is this possible with Symantec File Share Encryption?

I tried to download a trialversion of Symantec Encryption Management Server but i only received a activation code for Symantec Encryption Desktop.

Is it possible to get a trialversion of the Symantec Encryption Management Server?

you can generally use certificates, but those certificates generate a sort of PGP Wrapper Key after importing to PGP Desktop , so this wrapper key/pair based on pgp-keypair is then used to encrypt the folder/file via File/NetShare . 

i dont tried smartcard/token with FileShare so im not 100% sure how the key-saving to the token works. good idea cause i remember i wanted to talk with a SE from Symantec about this topic so i can share ideas after i spoke with him .

so to summarize generally : from my understanding only certificates can be saved to tokens/smartcards, and from my understanding each time you import your p12/pfx certificate to PGP desktop a "new" pgp wrapper keypair is generated having another fingerprint and also other expire date based upon importing the key, so it's normal that a new fingerprint and keyID is generated. but the decryption works smooth and the fileshare folder still can be accessed.

perhaps someone of the smartcard/token fileshare users could point it out how it works regarding "workflow" if you use tokens/smartcards with your certficiate to encrypt folders.

thanks!

ben

How to import keys (or certificates) in Symantec Encryption Desktop:
https://support.symantec.com/en_US/article.HOWTO42073.html

How to generate a PGP Key on a token:
https://support.symantec.com/en_US/article.HOWTO42065.html

It somewhat depends on your configuration.  Do you have pre-existing certificates that you want to use for FileShare encryption?  Is there a policy that requires certificate instead of PGP usage for the shares?

In most cases, unless you already have an existing setup with certificates already in use, it might just be easier to generate PGP Keys on those tokens.  If you already have tokens with certificates, you should be able to see the token in Symantec Encryption Desktop under PGP Keys.  If not, import the public key block into Symantec Encryption Desktop, and it should automatically tie it to the private block on the token when the token is plugged in.

Hi

thanks for pointing this out , didnt remember this separate KB article regarding PGP keys generation directly on token .

question that would raise now :

-if user already has imported his pkcs12 certificate already into PGP desktop under keys , the pgp keypair wrapper is generated during import, can both keypairs be saved afterwards to the smartcard/token or only pgp keypair "or" certificate? im not sure , sorry for the silly question .

regarding smartcard/token support:
i have aladdin eToken 5100 here but dont have the latest SAC Client as PKI client for enrolling those smartcards. is this finally supported on PGP Desktop , i remember it wasnt in 2014 , regarding ATR for bootguard auth. 

thanks

We already have an Mircosoft internal PKI so my first idea is to use this certificates.

I just don't have any experience of using PGP Key on a Gemalto IDPrime .Net 510 because this is the smartcard we are using.

We already have User Certificates with CLient AUthentication on this Smartcards for VPN access.

I have done some tests and i'm not sure if my card is supported.

We are using Gemalto IDPrime .NET 510. (Axalto Cryptoflex .NET) and i've found this list which does not have my card on it https://support.symantec.com/en_US/article.TECH148839.html

I can import the certificates from my smartcard and i see them in my PGP Keys. I have two certifcates with File Encryption.

When i try to encrypt a folder and add a User i don't see this certificates.

I also have a file encryption certificate on my local machine and this one is recognized and i'm able to encrypt my folder but somehowe when i want to decrypt my folder he is looking for a smartcard and i can not use my Gemalto because of missing drivers.