Restoring encryption keys

When encryption keys are restored from an external file, the keys are added to all endpoint profiles as disabled keys. For more information on managing keys in

endpoint profiles, see Endpoint profile: Encryption tab section. To restore encryption keys:

1. Go to the Settings > Deployment > Endpoint Profiles page in the Data Security module of the Security Manager.
2. Click the down arrow next to Encryption Keys, then click Restore.
3. Click Browse and navigate to the backup file location.
4. Click Open.
5. Click OK.

After restoring encryption keys:

1. Generate a new active key for each profile.
2. Enable the restored keys.

For example, profile A has key A1 and profile B has key B1. Then:

1. Back up the keys.
2. Restore the keys.

   Both profiles now have 2 disabled keys (A1 and B1).

3. Create a new active key for each profile (for example, A2 and B2).
4. Enable the old (restored) keys for decryption only, to ensure that files that were encrypted before the restore process can still be decrypted. The result looks like this:
   Profile A:

   • Key A1 - Decrypt only
   • Key B1 - Disabled
   • Key A2 - Active Profile B:
   • Key A1 - Disabled
   • Key B1 - Decrypt only
   • Key B2 - Active
   Profile B:

   • Key A1 - Disabled
   • Key B1 - Decrypt only
   • Key B2 - Active

To generate a new active key:

1. Open each endpoint profile, one at a time.
2. Navigate to the Encryption tab.
3. In the Active Key section, click New.
4. Enter and confirm a password for the key.
5. Click OK.

To enable former keys as decryption only:

1. In the Archived Keys section, select each disabled key, one by one, and click Enable.
2. Click OK.
3. Repeat steps 1 and 2 for each endpoint profile.
4. Click Deploy.