Keys and Certificates

When importing the directory structure, SafeGuard Enterprise in its default setting automatically generates keys for:

and assigns them to the corresponding objects. Computer and user keys are generated as required.

Keys for groups

In its default setting, SafeGuard Enterprise does not automatically generate keys for groups. This behavior is deactivated by default. As a security officer, you can change this behavior on the Keys tab by selecting Tools > Options. If Groups is checked on the Keys tab, SafeGuard Enterprise automatically generates group keys, when the database is synchronized. At the bottom of the Synchronization tab it is indicated for which items keys are generated when synchronization is performed.

Keys cannot be deleted! They are retained permanently in the SafeGuard Enterprise Database.

The first time an endpoint is started, SafeGuard Enterprise generates a computer key for that endpoint (defined machine key).

Note: The defined machine key is only generated when volume-based encryption is installed on the endpoint.

Each user obtains all their keys at logon from their user key ring. The user key ring comprises the following:

The keys in the user key ring determine the data which that user can access. The user can only access data for which they have a specific key.

Note: To avoid showing too many unused group keys in the user's key ring, you can specify keys to be hidden. For further information, see Hide keys.

To display all keys for a user, click Users and Computers and select the Keys tab.

To display all keys, click Keys and Certificates in the SafeGuard Management Center and select Keys. You can generate lists for Assigned Keys and Inactive Keys.
Note: The Assigned Keys list only shows the keys assigned to objects for which you have Read only or Full access rights. The Keys view shows the number of all available keys, regardless of your access rights. The Assigned Keys list shows the number of keys visible according to your access rights.
  1. Click Users and Computers to open the display.

  2. The keys of a selected object are displayed in the action area and in the respective views.

  3. The display in the action area depends on what is selected in the navigation area. All keys assigned to the selected object are displayed.

  4. Under Available Keys, all available keys are displayed. Keys already assigned to the selected object are grayed out. Select Filter to switch between keys already assigned to an object (active) and keys not yet assigned to an object (inactive).

After the import, each user receives a number of keys which can be used for data encryption.