How to create a customized key ring to limit the user ability to select keys for encryption.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Management Center
SafeGuard Device Encryption
SafeGuard Data Exchange
All supported operating systems
What To Do
With the release of with SafeGuard Enterprise 5.60 it is possible to define whether or not a key is visible in the user key ring. Using this feature it is possible to create a defined set of keys that will only be available in the user key ring.
In order to mark a key as visible or not, perform these steps:
Open the SafeGuard Management Center, switch to the Keys and Certificates tab.
In the left hand pane select Keys | Assigned keys, and use the magnifying glass symbol on the right hand side to display all active keys.
On the right-hand side, select or deselect the 'Hide Key' check box that is alongside each key name .
Using this feature you can control the keys that are displayed at the end users key ring if an encryption policy is set to use "Any key in user key ring". A good example would be to set all keys hidden except for the Domain Key and a small number of other defined keys (for example group keys) - all keys must be inherited to the User object, otherwise they won't be displayed anyway.