Create and export key files for Virtual Client recovery

When multiple keys are needed to recover access to encrypted volumes during a Virtual Client recovery, the security officer can combine them in one exported file. This key file is encrypted with a random password which is stored in the database. The password is unique for each created key file.

The encrypted key file needs to be transferred to the user and must be available to the user when starting a Challenge/Response session with a recovery tool.

In the Challenge/Response session, the password for the key file is transmitted with the response code. The key file can be decrypted with the password and all volumes encrypted with the available keys can be accessed again.

To export key files, you need Full access rights for the objects the relevant keys are assigned to.

  1. In the SafeGuard Management Center, click Keys and Certificates.
  2. In the left-hand navigation window, click Virtual Clients and then Exported Key Files.
  3. In the toolbar, click Export keys to a key file.
  4. In Export keys to a key file, enter the following:
    1. Directory: Click [...] to select a location for the key file.
    2. File name: The key file is encrypted with a random password which is displayed here. You cannot change this name.
    3. Click Add key or Remove key to add or remove keys. A popup window is displayed to search for and select the required keys. Click OK to confirm the selection.
    4. Click OK to confirm all entries.
  5. Distribute this key file to the respective endpoint environment. It must be available before the response code is entered on the endpoint.