Defining default keys for file based encryption with Data Exchange
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Data Exchange
All supported operating systems
What To Do
There are different ways to assign default keys to the FileBased encryption of SafeGuard Enterprise:
- Predefined Key
You can define a particular key when creating the policy for encryption.
Choose one of the "defined" keys, e.g. "Defined Machine key" to make this the default key for any created/encrypted files on the volume. Please note that the key must be available in the user key ring - otherwise no encryption can be done!
- Selectable Key
You can define it to use the whole key ring when creating the policy for encryption.
Choose one of the "key ring" options, e.g. "Any key in user key ring". This will give the user the opportunity to choose the key he wants to make the default key for any created/encrypted files on the volume.
When you are using a "selectable" key configuration and at the same time selecting the option "Initial Encryption of all files = NO", then the first key in the user's keyring will be used as default key until the user chooses another one. Therefore, new files might be encrypted with a preselected group key or company key (which is the first key in the database for this user) although the user has not yet defined a key.
The sort order of the keyring on the client cannot be controlled in any way.