Transferring Encryption Keys

Users can transfer encryption keys between removable storage devices and computers by exporting and importing the encryption keys.

Ivanti Device Control administrators can export and import encryption keys for the user using the Media Authorizer module. Encryption keys can be exported to a file or device, and imported from a device. Export to a file is the most secure method for transferring encryption keys. Transferring an encryption key directly to a device is less secure because security is primarily dependent upon the password complexity.

Export an Encryption Key

A user can transfer an encryption key from a computer to a device by exporting the encryption key to a file or device.

Prerequisites:

  • An administrator must assign users access to the media.
  • An administrator must assign device permissions to allow the user to export an encryption key to a file or device.
  • A user must attach the device to the computer.

Exporting the encryption key directly to the encrypted device is significantly less secure because the level of difficulty required to access the data is directly linked to the device password complexity.

  1. Open Windows Explorer®.
  2. Right-click the device.
  3. Select Export medium key.
    The Export Medium Key dialog opens.
  4. In the Export key to panel, select one of the following options:

    5. Option

    Description

    Medium

    Exports the encryption key to the attached device.

    Folder

    Exports the encryption key to a file folder that the user specifies.
    1. When you select the folder option, click the ellipses to locate a folder.
  5. In the Password field, type a password.

    Restriction: When the administrator defines the encrypted media password option to require password complexity, the password meet the following criteria:

    • Contain at least six characters.
    • Contain upper and lower case letters.
    • Contain numbers.
    • Contain at least one non-alphabetical character.
  6. In the Confirm field, retype the password.
  7. Click OK.
    The encryption key is sent directly to the device or to the folder you specified. Using the password, a user can import the encryption key from the device or file to access encrypted media.

Import Encryption Key

A user can unlock an encrypted device by importing the encryption key from the device or a file containing the encryption key.

Prerequisites:

  • An administrator must assign users access to the media.
  • An administrator must assign device permissions to allow the user to export an encryption key to a file or device.
  • A user must attach the encrypted device to the computer.
  • A user must have the password for the encryption key.
  • A user must export the device encryption key to the encrypted device or a computer file containing the encryption key.

A network administrator can delegate to trusted users the right to access Device Control encrypted media by importing an encryption key from a separately transmitted file.

  1. Open Windows Explorer®.
  2. Right-click the device name.
  3. Select Unlock medium.
    The Import Medium Key dialog opens.
  4. In the Import key from panel, select one of the following options:

    5. Option

    Description

    Medium

    Imports the encryption key from the attached device.

    Folder

    Imports the encryption key from the file folder that the user specifies.
    1. When you select the folder option, click the ellipses to locate the folder containing the encryption key.
  5. In the Password field, type the password.
  6. Click OK.
    The encrypted device is unlocked and accessible to the user through Windows Explorer®.