Manage keys

Sophos Secure Workspace collects all your encryption keys in a keyring. You can see them by tapping Encryption keys in the menu.

Keyring removal

  • The Sophos Secure Workspace keyring is removed from the device when the app is uninstalled.
  • Encrypted files in the cloud or on storage cards in Android devices remain encrypted. When the keyring is removed, you are no longer able to access these files.

Loss of encryption keys

  • If you lose the encryption key, you can still access encrypted files if you remember the passphrase.
  • Sophos Secure Workspace asks you to enter the passphrase and adds the key to the keyring again.
CAUTION If you lose the encryption key and you can’t remember the passphrase, you can’t access your content. If there were a backdoor for reading the content without having the key or knowing the passphrase, this could be used by attackers as well.

Corporate keyring

If Sophos Secure Workspace is managed by Sophos Mobile, your organization can activate a corporate keyring sync with Sophos SafeGuard. This makes the keys from your SafeGuard keyring available in the Sophos Secure Workspace keyring.

This means that:

  • If there are local keys in your keyring when corporate keyring sync is activated, you can continue to use them.
  • After corporate keyring sync is activated, you can’t create new local keys.
  • If configured by your organization, your corporate keys are removed from the device when the Sophos container is locked, for example when your device violates compliance rules.

Share encryption keys by using QR codes

You can easily share local keys by using QR codes. For example, you can attach the key to an email and the recipients can add the key to their keyring by scanning the QR code.

We recommend that you protect the exported key with a passphrase. When recipients add the key to their keyring they have to enter the passphrase.

You cannot export keys from the corporate keyring. You can export local keys when corporate keyring sync is activated, if your organization's policy allows this.

To export a local key:

  1. Select the key you want to export and then do one of the following:
    • (Android) Select Share .
    • (iOS) Select Export.
  2. Enter a passphrase and select Protect (Android) or Share with passphrase (iOS).
  3. When the QR code is displayed, select Share (Android) or Open In (iOS).
  4. Attach the key to an email or select a storage location.

To import a key:

  1. Select Encryption keys in the menu and then do one of the following:
    • (Android) Select the QR code icon and scan the key's QR code.
    • (iOS) Select + and then Import key from QR code and scan the key's QR code.
  2. If required, enter the passphrase.
  3. The key is added to your keyring.