The preferred method to create this key is to enroll the first user to the SEMS using a managed client, which will create the SKM key. Step 1: Create a Consumer Policy on SEMS and within the key settings, check only the SKM option: Part 1 of 3: Creating, Modifying and Uploading a Shared Key At least one machine will be a standalone client that will be used to make needed modifications to the key for final upload to the SEMS to individual user accounts.įor Another Method using a "Shared Key" with Symantec File Share Encryption, see the following article:Ģ25452 - Using File Share Encryption to send encrypted files to Group Keys (Shared Method) Prerequisites: Two to three machines that have Symantec Encryption Desktop. For the SED client that is not enrolled to the server, we’ll refer to this system as the “Standalone” client. Once the necessary modifications have been made to the keys, the keypairs with the known passphrase should be securely wiped.ĭefinitions: In this document, we’ll refer to the SED client that enrolled with SEMS the “Managed” client. Once a keypair is exported to a desktop, it will be usable. This document goes over the steps on how to configure this key, and using Symantec Encryption Desktop to make needed modifications to a Keypair.Ĭonsiderations: Because this article deals with a keypair, it is advised that multiple administrators be present to ensure chain of custody of this keypair. When the user logs in to Windows, the SKM key is unlocked.Įven if the keypair is exported from the local encryption desktop keyring, the random passphrase protects the key and this is not stored anywhere for access. A random passphrase that is not know by any user is assigned the key. When the users enroll, the SKM keypair is downloaded from the SEMS. SKM Mode provides individual users with a keypair in which the end user never needs to enter a passphrase, and the key is protected while in the local keyring managed by Symantec Encryption Desktop.Īccess to this SKM key is available by uploading the keypair to the SEMS after adding additional User IDs to it and removing non-user specific User IDs. This scenario is possible when using Symantec Encryption Management Server (SEMS) in Server Key Mode (SKM Mode). The users need to have access to the keypair, but the key needs to be protected so that if the private key is ever exported and taken to another system, the key must remain unusable. Scenario: Multiple users need to share a key and each of the users must be unique.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |