|Recovery / Virtual Clients|
When multiple keys are needed to recover access to encrypted volumes during a Virtual Client recovery, the security officer can combine them in one exported file. This key file is encrypted with a random password which is stored in the database. The password is unique for each created key file.
The encrypted key file needs to be transferred to the user and must be available to the user when starting a Challenge/Response session with a recovery tool.
In the Challenge/Response session, the password for the key file is transmitted with the response code. The key file can be decrypted with the password and all volumes encrypted with the available keys can be accessed again.
To export key files, you need Full access rights for the objects the relevant keys are assigned to.