Specifications

Endpoint Encryption for Files and Folders client

| 73

Create Local Key…

Starts the encryption key creation wizard. Keys may be stored either on the user’s

local hard disk or on a removable unit, e.g. a USB flash memory stick. The encryption

keys are stored in key stores that are protected either by a password or a user digital

certificate. The creation wizard allows the user to select storage location and

protection method; these selections cannot be policy controlled.

NOTE:ThepasswordrulesforlocaluserkeysfollowtheEndpointEncryptionpasswordqualityrestrictions

thatareappliedtotheuser,e.g.minimumlength.(SeetheAdministrationGuide,sectionPassword

templatesfordetails.

All locally generated encryption keys can be recovered using the Endpoint Encryption

standard recovery procedure for lost tokens.

Delete Local Key…

Starts the key deletion wizard to delete local user keys, both locally generated keys

and imported keys. Encryption keys from the Endpoint Encryption central database

cannot be deleted with this option.

CAUTION:Beverycarefulwithallowinguserstodeletelocaluserencr

yptionkeys.Ifdeleted,thereisno

waytorestorethatkey.

Export Local Key…

Selecting this option starts the wizard for exporting a user local key so that it can be

imported by other clients, i.e. shared. NOTE: it is not possible to export a user local

key and import it into an Endpoint Encryption database. Nor is it possible to export an

encryption key from the Endpoint Encryption database and import it by a client.

However, user local keys can always be shared with other users through export and

import, provided these operations are allowed by the policy.

In order to export a key, there must be one key available for export. If there is no key

available for export, this menu option will be visible, but not accessible.

Exported keys are protected by a transport password that the user selects. Also, in

order to complete the export the user must again authenticate to the key store holding

the encryption key, even if the key is already loaded in the client.

Import Local Key…

Selecting this option starts the wizard for importing a user local key that has been

exported from another client, i.e. shared. Like with the Export… function, note that it

is not possible to import a key from a Endpoint Encryption database. Only user local

keys can be shared with other users through export and import, provided these

operations are allowed by the policy.