As a result, if the GKM user loses their private key, the key is not recoverable and all data encrypted to the key is lost. The Symantec Encryption Management Server has a copy of the key pair, however, the server does not store the user's passphrase. With a GKM key, the end user has the private key and passphrase of the key. Key Reconstruction can be used to reconstitute the key, but the user must remember the Questions and answers to do so. Make sure you backup the keypair and don't forget the passphrase. If a CKM user loses their private key, the key is not recoverable and all data encrypted to the key is lost. The Symantec Encryption Management Server has only the public portion of the key. This means that the end user is solely responsible for backing it up. With a CKM key, only the end user has the private key and passphrase of the key. To ensure all users are generated using SKM, disable all keymodes except for SKM and during client enrollment, even the key generation process is more seamless.This is the only key mode where the user does not need to remember a passphrase for their key and because of this, this is the easiest method for key management.Even if the keypair is accidentally deleted on the local machine, the user can update policy and immediately be back in working order.If Encryption Desktop is being used, the user does not need to worry about remembering a passphrase as this is managed seamlessly using Crypto APIs.In an email Gateway deployment (no Encryption Desktop clients), only SKM mode must be used.Keys are generated and managed on Encryption Management Server.Use SKM unless you have a very specific reason to use another key mode. Server Client Key Mode (SCKM) - Not recommended unless Signing keypairs cannot be managed/stored on the server).Client Key Mode (CKM) - Not recommended unless Keypairs cannot be managed/stored on the server).Symantec Encryption Management Server provides four separate key modes for use with Symantec Encryption Desktop clients. ![]() If you have any doubts on this information, feel free to reach out to Symantec Encryption Support for further guidance to help you proceed. The below information will explain all these key differences and assumes the greatest care will be taken when working with keys on the Symantec Encryption Management Server. Obviously, each of these keymodes has its own scenarios to address as far as security considerations ranging from seamless keymodes, to other strict modes, such as CKM, which only the end users manages.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |