Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/esg/ssw/help/en-us/index.html?contextId=keys

Manage keys

Sophos Secure Workspace collects all your encryption keys in a keyring. You can see them by tapping Encryption keys in the menu.

Warning

If you lose the encryption key and you can’t remember the passphrase, you can’t access your content. If there were a backdoor for reading the content without having the key or knowing the passphrase, this could be used by attackers as well.

The Sophos Secure Workspace keyring is removed from the device when the app is uninstalled. Encrypted files in the cloud or on storage cards in Android devices remain encrypted. When the keyring is removed, you are no longer able to access these files.

If you lose the encryption key, you can still access encrypted files if you remember the passphrase. Sophos Secure Workspace asks you to enter the passphrase and adds the key to the keyring again.

Share encryption keys

Restriction

These instructions only apply to iOS. To share an encryption key on Android, encrypt any file with that key and share the file. See Share files between users.

You can easily share local keys by using QR codes. For example, you can attach the key to an email and the recipients can add the key to their keyring by scanning the QR code.

We recommend that you protect the exported key with a passphrase. When recipients add the key to their keyring they have to enter the passphrase.

You cannot export keys from the corporate keyring. You can export local keys when corporate keyring sync is activated, if your organization's policy allows this.

Export key

To export a local key:

  1. Select the key you want to export.
  2. Select Export.
  3. Enter a passphrase and select Share with passphrase.
  4. When the QR code is displayed, select Open In.
  5. Attach the key to an email or select a storage location.

Import key

To import a key:

  1. Select Encryption keys in the menu.
  2. Select + and then Import key from QR code and scan the key's QR code.
  3. If required, enter the passphrase.

The key is added to your keyring.

Corporate keyring

If Sophos Secure Workspace is managed by Sophos Mobile, your organization can activate a corporate keyring sync with Sophos SafeGuard. This makes the keys from your SafeGuard keyring available in the Sophos Secure Workspace keyring.

This means that:

  • If there are local keys in your keyring when corporate keyring sync is activated, you can continue to use them.
  • After corporate keyring sync is activated, you can’t create new local keys.
  • If configured by your organization, your corporate keys are removed from the device when the Sophos container is locked, for example when your device violates compliance rules.