To deploy an encryption solution in built-in key management mode, a recovery system that makes it possible to retrieve encryption data within legal requirements must be set up.
In SDS for C&M, the first user account that is created becomes the recovery account, and its owner is the security administrator. This account is needed to run the solution and will never be deleted. When creating this account, ensure that you apply all the important recommendations.
The roles of the security administrator are the following:
Helpdesk: assigns a new password to users who have forgotten their passwords or if password confidentiality has been compromised,
Recovery: grants access to all the protected files of one user to another user, for example if the former user has left the company.
Since external users do not have paid SDS for C&M accounts, they do not need a helpdesk or recovery system. They also do not have passwords and authenticate with a unique temporary code. To retrieve their protected files, they only need to provide their e-mail addresses.
When the first user creates an account in built-in key management mode, SDS for C&M generates recovery keys on the same basis that it generates encryption keys for standard users.
All user accounts created after this will be protected with both the key from the user password and the public key of the recovery account.
For more information, refer to the diagram in the section Main principles for internal users.
In SDS for C&M, the recovery account is a user account, not an administrator account, because recovery operations require keys to be generated. Administrator accounts do not have keys.
The Recovery role allows the security administrator to delegate the private key of User A (Alice) to User B (Bob) so that Bob can access all of Alice’s protected files. To do so:
- The security administrator retrieves Alice’s master key using the private recovery key.
- The master key decrypts Alice’s key store.
- Likewise, the security administrator retrieves Bob’s master key.
- Bob’s master key is then used to wrap Alice’s private key again, which will then be added to Bob’s keystore. This key will only be used to decrypt files.
The Helpdesk role allows the security administrator to change a user’s (Alice) password if it is forgotten or needs to be more secure. To do so:
- Alice informs the Helpdesk security administrator that she has lost her password.
- The security administrator decrypts Alice’s master key using the private recovery key.
- The security administrator chooses a new password from which SDS for C&M will generate a password key.
- The master key is wrapped with the new password key.
- The security administrator sends Alice the new password assigned to her.
- Alice logs in to SDS for C&M with this new password and she will be asked to replace it with a password of her choice. The security administrator will not know Alice’s final password.