The 'Resolving rules' tab in SafeGuard LAN Crypt Preferences, has had additional functions added with the release of version 3.80.
This article explains where and how to configure 'Select which encryption format should be used by the SafeGuard LAN Crypt Client' options.
Applies to the following Sophos product(s) and version(s)
SafeGuard LAN Crypt Administration 3.80
What To Do
In the SafeGuard LAN Crypt Preferences window, go to the Resolving Rules tab.
Apply the settings of your choice to 'Select which encryption format should be used by the SafeGuard LAN Crypt Client' as follows:
SafeGuard LAN Crypt supports the following encryption modes:
1 CBC v1 format (versions 3.50 or higher)
This format is used by client versions 3.50 and higher. These clients can read files encrypted in OFB mode (legacy format). The file encryption mode for new files is CBC v1. Other setting are ignored.
2 CBC v2 format (versions 3.90 or higher)
This format can only be used by client versions 3.90 and higher. But these clients can also read files encrypted in OFB and CBC v1 mode. The file encryption mode for new files is CBC v2.
Use this encryption file format until a defined date
Newly created files can be encrypted with the old encryption mode until the date the SGLC Security Officer specifies. After that date, all newly created files will be encrypted with the new format, but old files can still be accessed.
From this date onwards all existing clients must be updated/configured to support the new configured file encryption mode. This is because new clients create encrypted files using the new configured mode, which cannot be read by older clients.
Depending on the setting for the encryption format to be used, the following formats can be selected here:
Legacy format (versions 2.x, 3.0x, 3.1x)
CBC v1 format (version 3.50 or higher)
Both formats are only available in the drop down box if CBC v2 is configured as the encryption file format. CBC v2 requires a client version 3.90 or higher. If you select Legacy format, then the older clients only evaluate the 'Use this encryption file format' until the specified date (as above).
You must specify the date until which the old format is used to encrypt files. After this date, or if the option is cleared, the files are written with the new encryption format. Any changes to this option are only effective on the clients after new profiles have been generated and distributed.
After all clients have been updated we recommend that you perform initial encryption with the initial encryption tool. You thereby ensure that only the new SafeGuard LAN Crypt encryption format is used.
This change becomes effective the next time the encryption rules are resolved.