This article describes how to migrate to SafeGuard LAN Crypt version 3.51 and above.
SafeGuard LAN Crypt Client and Administration v.3.5x and above
Windows 7, Windows Vista, Windows XP
What to do
- Update SafeGuard LAN Crypt Administration:
Version 3.51 and above of SafeGuard LAN Crypt administration can create profiles for old (3.1x) and new clients (3.5x and above). This can be used by old and new clients. For this reason start the update process with the administration.
- Preparations for the roll-out (optional):
In many cases the roll-out for SafeGuard LAN Crypt 3.5x and higher will not happen for all clients simultaneously. There is the risk that new clients have already created files in the new format, while older clients are not able to interpret it. Because older clients cannot decrypt recently encrypted files, they will open those files with the new format in encrypted form – the user will see the encryption header.
To avoid this, all new SafeGuard LAN Crypt 3.5x and above clients can be set into a backward compatibility mode using SafeGuard LAN Crypt Administration: on to the central Properties page a Master Security Officer can define a final date (which ends at 12pm).
- Up to this date and time, all new 3.5x clients use the old encryption format for encryption and decryption (see Use old encryption file format until a defined date at the screenshot below).
- After this date and time, or if this setting is not defined, all 3.5x and above clients will switch to the new encryption format automatically. This final date is stored in the encryption profiles.
- Profiles for all users have to be generated again. This is a mandatory step, since all 3.5x clients will need the updated profiles with the new key GUID. (Older clients will accept the 3.5x profile.)
- Update all SafeGuard LAN Crypt Clients.
- Stop backward compatibility as described in step 2 above. If all clients have been migrated before the final date for the old profile (see step 2), you can deactivate the setting and generate new profiles. This allows the switch to the new format before the end date is reached.
- Re-encryption (optional). It is recommended that files with the old encryption format are re-encrypted (for the new GUID and to switch to the CBC mode). Utimaco provides an initial encryption tool for this purpose. In addition to manual re-encryption this tool can also have parameters applied for use by command line scripts.