Key management permits you to back up, import, and update an encryption key. We recommend the following key management practices:
Export and save your encryption keys. This ensures that, in the case of a systems failure or an inadvertent policy change, data can be decrypted. Each Management Console has its own encryption key. If you have multiple Management Consoles, you need to export the encryption key from each console.
If you believe that an encryption key is compromised, update to a new key. Generating a new key results in a temporary performance decrease on endpoint devices while the Security client reencrypts data.
If you have used multiple Management Consoles to create Data Encryption policies, you should export the key from each Management Console and import it into the other consoles so that all Management Consoles have all keys. This allows the Management Console to include all keys in each Data Encryption policy. The result is that all Security client users, regardless of their Data Encryption policy, can access encrypted policies created by other Security client users in your environment.
Encryption Key controls are accessed through the
menu of the ZENworks Endpoint Security Management Console.Figure 5-16 Access Encryption Keys through the tools menu
The following sections contain additional information:
For back up purposes, and to send the key to another Management Console, the current encryption key set can be exported to a designated file location.
In the Management Console, click
, then click .Specify the path and filename for the exported file.
Specify a password in the provided field. The key cannot be imported without this password.
Click
.All key files in the database are included in the exported file.
You can import keys from a backup or another Management Console. Importing keys from another Management Console allows endpoints managed by this console to read files protected by Data Encryption policies created in the other Management Console. When importing keys, duplicates are ignored. Imported keys become part of your “key set” and do not replace the current common key. All keys are passed down when a new policy is published.
In the Management Console, click
, then click .Browse to or specify the file to be imported.
Specify the password for the encryption key.
Click
.In the Management Console, click
, then click .All previous keys are stored in the policy.