Specifications

Encryption keys

| 55

userthatisassignedtothekey,thenthatgrouporusercannolongermanagethekey.Beextracautiousif

thisistheonlyobjectassignedtothekey;otherwisethekeymaybecomeimpossibletomanage.Sucha

situationcannotberesolved.

Alsobeverycautiouswhenpermanentlydeletingus

ers.Makesu

rethatusersthatarepermanentlydeleted

arenottheonlypersonsassignedtoanyencryptionkey.Ifpermanentlydeletedandnootheruseris

assignedtomanagethekey,thenthekeywillforeverbeimpossibletomanage.Suchasituationcannotbe

recovered.Suchkeyswillforeverremaininthesystemaszombie”keys.Undernocircumstancesmust

zombiekeysbeselectedtoencryptdata!

NOTE:Youcanrestrictwhatadministrationfunctionsregardingkeys(addkey,deletekey,propertiesetc)by

settingausersadministrationrights–seeEndpointEncryptionManagerAdministrationGuidefordetails.

Admin level

Admin level must be greater than…

You can specify the minimum admin level required to access a key. This parameter is

enforced in

addition to the restricted user lists. If you add a user to the user list, and

also set an admin level, then if the user does not match or exceed the level they will

not be able to access the key. For more information on admin levels see the Endpoint

Encryption Manager Administrators’ Guide.

Allowed to use on client

This option offers a way to prevent certain Endpoint Encryption administrator levels

from being able to access encryption keys from clients, e.g. for reading encrypted

data. Even if the Administrators of a restricted level are listed in the Users list, when

they try to authenticate on a Endpoint Encryption for Files and Folders client, no

encryption key with the corresponding Admin level restriction set will be loaded. By

un-checking the relevant tick-boxes 1 through 32, you restrict the access right based

on the Endpoint Encryption Admin level.

Algorithm

Select algorithm to be associated with the keys in the group. The available algorithms

are presented in the drop-down menu. The recommendation is to use the Endpoint

Encryption FIPS 140-2 certified implementation of the AES algorithm with a key length

of 256 bits.

Properties for an Encryption Key

Information

This dialog presents information about the particular encryption key. If the key is in a

non-controlled group, you may edit the description information about the selected key.

Select Apply to save any changes.

Validity

Please see the Validity section of this Guide for details on this dialog.