This article gives additional information about the keyring feature of Sophos Secure Workspace, and answers some frequently asked questions.
Applies to the following Sophos product(s) and version(s)
Sophos Secure Workspace for iOS
iOS 7, iOS 8, iOS 9
What does Sophos Secure Workspace do?
With Sophos Secure Workspace you can access files which are encrypted with the Cloud Encryption module of SafeGuard Enterprise or Sophos Secure Workspace itself.
In previous versions of Sophos Secure Workspace it was necessary to enter the password of the encrypted file every time it was opened on the iOS device. There was a grace period which allowed the user to temporarily close the file and re-open it without entering the password again within a limited time frame. In addition, it was necessary to enter the same password again for a file which was encrypted with the same key.
Using the keyring feature you can open files encrypted with the same key after entering the password of this key only once. After the first authentication the key is stored in the keyring of Sophos Secure Workspace and the app recognizes if a file is encrypted with a key already in the key chain.
Where are the keys stored?
The keys are stored within the iOS keychain and not within our app.
How are they secured?
Our application does not add any cryptographic information or functionality into the operating system. The keys are secured by the standard cryptographic functionality of iOS. Only applications using a specific Sophos certificate are able to access the keys imported by Sophos Secure Workspace.
The keys are only usable if the device is unlocked.
Are the keys stored on the device part of the iOS backup?
Yes they are. If you save your iOS backup in the iCloud, we recommend you use a strong password for your Apple ID.
For the local backup use a strong password to encrypt it.
Is there a maximum number of keys I can import?
No. There is practically no limit.
If I enter a wrong password for a key, will it be imported?
No. A key is only imported if the password was entered correctly.
Is it possible to delete a single key from the keyring?
No, this is not possible. Only the whole keyring can be deleted.
How do I delete the Sophos Secure Workspace keyring?
- Open Sophos Secure Workspace on your iOS device.
- Select "Settings" in the "Options" section
- In the 'General' section, change the 'Keyring' setting to 'Off'. All keys used by Sophos Secure Workspace are deleted.
Other keys stored in iOS which are not related to Sophos Secure Workspace are not affected by this setting.
Are the keys deleted if the device is wiped?
Yes. With a wipe of a device all key information stored by Sophos Secure Workspace is deleted.