This article gives additional information about the keyring feature of Sophos Mobile Encryption, and answers some frequently asked questions.
Applies to the following Sophos product(s) and version(s)
Sophos Mobile Encryption for iOS
iOS 7, iOS 8
What does Sophos Mobile Encryption do?
With Sophos Mobile Encryption you can access files which are encrypted with the Cloud Encryption module of SafeGuard Enterprise or Sophos Mobile Encryption itself.
In previous versions of Sophos Mobile Encryption it was necessary to enter the password of the encrypted file every time it was opened on the iOS device. There was a grace period which allowed the user to temporarily close the file and re-open it without entering the password again within a limited time frame. In addition, it was necessary to enter the same password again for a file which was encrypted with the same key.
Using the keyring feature you can open files encrypted with the same key after entering the password of this key only once. After the first authentication the key is stored in the keyring of Sophos Mobile Encryption and the app recognizes if a file is encrypted with a key already in the key chain.
Where are the keys stored?
The keys are stored within the iOS keychain and not within our app.
How are they secured?
Our application does not add any cryptographic information or functionality into the operating system. The keys are secured by the standard cryptographic functionality of iOS. Only applications using a specific Sophos certificate are able to access the keys imported by Sophos Mobile Encryption.
The keys are only usable if the device is unlocked.
Are the keys stored on the device part of the iOS backup?
Yes they are. If you save your iOS backup in the iCloud, we recommend you use a strong password for your Apple ID.
For the local backup use a strong password to encrypt it.
Is there a maximum number of keys I can import?
No. There is practically no limit.
If I enter a wrong password for a key, will it be imported?
No. A key is only imported if the password was entered correctly.
Is it possible to delete a single key from the keyring?
No, this is not possible. Only the whole keyring can be deleted.
How do I delete the Sophos Mobile Encryption keyring?
- Open Sophos Mobile Encryption on your iOS device.
- Select "Settings" in the "Options" section
- In the 'General' section, change the 'Keyring' setting to 'Off'. All keys used by Sophos Mobile Encryption are deleted.
Other keys stored in iOS which are not related to Sophos Mobile Encryption are not affected by this setting.
Are the keys deleted if the device is wiped?
Yes. With a wipe of a device all key information stored by Sophos Mobile Encryption is deleted.