Create a local key

Local keys can be used for encrypting files in specified locations on a removable device or a cloud storage provider. These locations must be included in an encryption policy already.

To create a local key:

  1. Right-click the Sophos SafeGuard system tray icon on the Windows taskbar or right-click a volume/folder/file.
  2. Click Create new key.
  3. In the Create Key dialog, enter a Name and a Passphrase for the key.

    The internal name of the key is displayed in the field below.

  4. Confirm the passphrase.

    If you enter a passphrase that is not secure, a warning message is displayed. To increase the level of security, we recommend that you use complex passphrases. You can also decide to use the passphrase despite the warning message. The passphrase also has to comply with the company policies. If it does not, a warning message is displayed.

  5. If you opened the dialog using a right-click menu it contains the Use as new default key for path option. With the Use as new default key for path option, you can set the new key immediately as the default key for a volume or Cloud Storage synchronization folder.

    The default key you specify here is used for encryption during normal operation. It will be used until a different one is set.

  6. Click OK.

    The key is created and becomes available as soon as the data has been successfully synchronized with the SafeGuard Enterprise Server.

    If you define this key as the default key, all data copied to a removable storage medium or a Cloud Storage synchronization folder from now on is encrypted using this key.

For a recipient to be able to decrypt all data contained on a removable storage medium, you may have to re-encrypt the data on the device using the key created locally. To do so, select SafeGuard File Encryption > Encrypt according to policy from the device's context menu in Windows Explorer. Select the required local key and encrypt the data. This is not necessary if you use a media passphrase.