Local keys

SafeGuard Data Exchange supports encryption using local keys. Local keys are created on the computers and can be used to encrypt data on removable media. They are created by entering a passphrase and are backed up in the SafeGuard Enterprise Database.

Note By default a user is allowed to create local keys. If users should not be able to do so, you have to disable this option explicitly. This has to be done in a policy of the type Device Protection with Local Storage Devices as Device protection target (General Settings > User is allowed to create a local key > No).

If local keys are used to encrypt files on removable media, these files can be decrypted using SafeGuard Portable on a computer without SafeGuard Data Exchange. When the files are opened with SafeGuard Portable, the user is prompted to enter the passphrase that was specified when the key was created. If the user knows the passphrase, they can open the file.

Using SafeGuard Portable every user who knows the passphrase can get access to an encrypted file on removable media. This way it is also possible to share encrypted data with partners who do not have SafeGuard Enterprise installed. They only need to be provided with SafeGuard Portable and the passphrase for the files they should have access to.

If different local keys are used to encrypt files on removable media, you can even restrict access to files. For example: You encrypt the files on a USB memory stick using a key with passphrase my_localkey and encrypt a single file named ForMyPartner.doc using the passphrase partner_localkey. If you give the USB memory stick to a partner and provide them with the passphrase partner_localkey, they will only have access to ForMyPartner.doc.

Note By default SafeGuard Portable is automatically copied to removable media connected to the system as soon as content is written to media covered by an encryption rule. If you do not want SafeGuard Portable to be copied to removable media, deactivate the Copy SG Portable to target option in a policy of the type Device Encryption.