Use default keys

By defining a default key, you specify the key to be used for encryption during normal operation of SafeGuard Data Exchange and SafeGuard Cloud Storage.

Your security officer has to explicitly allow the use of default keys for Cloud Storage. If allowed, you can select a default key from a predefined set of keys and use it for encrypting folders in your cloud storage.

You can define a default key from the context menu in the following locations:
  • removable media
  • files on removable media
  • Cloud Storage synchronization folders or sub-folders
  • files in a Cloud Storage synchronization folder or sub-folder
  • Additionally, you can set a key as default immediately when you create a new local key in the Create key dialog.

To define a default key, select SafeGuard File Encryption > Set default key.

The key you select in this dialog is used for all subsequent encryption processes on the removable storage medium or in your Cloud Storage synchronization folder. If you want to use a different one, you can define a new default key at any time.

If a local key is selected for encryption of Cloud Storage, SafeGuard Portable will be copied to the Cloud Storage synchronization folder.

If you intend to read encrypted files on Android and iOS devices with Sophos Secure Workspace, you must use local keys for encryption. For further information, see the Sophos Secure Workspace user help.

Example

You want to use Dropbox to provide secured data for multiple partners and to give each partner access to only one subfolder. To do this, simply set a separate default key for each subfolder. SafeGuard Enterprise will automatically add a copy of SafeGuard Portable (which gives partners without SafeGuard Cloud Storage access to encrypted data) to each subfolder. You provide your partners with the respective passphrases for the keys. Using SafeGuard Portable and the passphrase, they can decrypt data in the folder you created for them, but they do not have access to data stored in other subfolders, because it is encrypted with a different key.