Below are the best practices in configuring File Encryption to share data:
- Create a group.
- Place the preferred members in the created group.
- Set the "EncryptionKeyUsed" policy of the group to "Group Key".
- Set the "EncryptionKeyUsed" policy to "Enterprise Key".
- Create groups and add members to it. All groups created after the enterprise policy has been set will have the new setting.
- Right-click the file or folder to be encrypted.
- Select File Encryption > Archive.
- Choose fixed password or certificate.
- When the file is created, deliver it in any ways. For example, you may copy the file to external drive or send it through mail.
- Provide the password or certificate to the recipient to open the encrypted file.
For files less than 2GB:
It is recommended to create a self-extracting file. This file can be configured with password or certificate and can be shared with endpoint devices with no File Encryption.
However, the Windows Operating Systems view the self-extracting files as application and there is a size limitation. For more details about the size limit of applications, refer to the Microsoft article entitled Memory Limits for Windows Releases.
For files greater than 2GB, do one of the following:
- For files to be shared within the PolicyServer enterprise, right-click the file or folder, and then choose FileArmor\archive\shared key. The key to be used is determined by the PolicyServer policy "EncryptionKeyUsed":
- If the policy is defined as "Enterprise", anyone in the orginazation may share the data.
- If the policy is defined as "Group", only the members of the group may share the data.
- For files to be shared outside the PolicyServer enterprise:
The recipient device is required to have File Encryption. The devices do not need to be members of the same enterprise.
- Go to FileArmor\Archive\Fixed Password.
- Assign the password.
- Transfer the encrypted file or folder.
- Enter the password to decrypt the file or folder.
Specify a folder in the "SpecifyEncryptedFolders" policy. The administrator may define this policy on the enterprise level of the PolicyServer so that the groups that will be created will inherit the value.
Restoring and accessing the encrypted backup data is subject to the same encryption policies implemented prior to the back up process.
Follow the same process of backing up a clear text. The administrator should consider the right to view the shared backup when setting the "EncryptionKeyUsed" policy:
- Select the "Enterprise Key" when the backup should be shared to the organization.
- Select the "Group Key" when the backup should be shared to a specific group.
Set the "AllowedUSBDevice" policy to KeyArmor.
- Members of the same enterprise, but belong to different groups, may see the list of files from other group's encrypted folders. However, they cannot access the content of such files if the Group Key is used to encrypt the data.
- Self-extracting files cannot be modified and re-encrypted on a machine with no File Encryption.