Exporting a security key

You can create a file to export a security key (public key and private key), with its certificate and any trust chain.

For an account with two keys, you can export each key individually.

By saving this file, you can:

  • Create a new account using the current key,
  • Use this key in any application that can import security keys.

This will be useful for delegated decryption keys (see Decrypting a user's data with an old key or a delegation key). This is also useful if you want to decrypt files or information previously encrypted with this key.

The file containing your key is generated in PKCS#12 format (extension .p12 or .pfx). If the user has two keys, each key will be exported in a separate file.

To export a key:

  1. On the user workstation, right-click on the SDS Enterprise SDS Enterprise icon icon in the Windows system tray.
  2. Select Properties.
  3. Select the Configuration tab.
  4. Double-click on the Key ring icon.
    • If the user has two keys, choose the Encryption key or Signing key tab.
    • If the user has only one key, choose the Personal key tab.
  5. Click on Operations and choose Export key, then skip the introduction screen.

  1. Select one of the following two options. You can tick both options.
  • The Provide certificate trust chain to associate the key with the certificate of the authority(ies) that certified the key.

    Only the certificates found in the trusted address book will be listed. No LDAP search will be performed.

  • The Provide former key certificates option if the user renewed one or several certificates but wishes to decrypt documents which were encrypted with the previous certificates.

    You can select both options.

  1. Enter the name of the file to be created, and proceed to the next screen.

    The Save as button enables you to browse folders in order to set the target file. However, the keys are not yet exported.

  1. Enter a password to protect the file: this will allow you to encrypt the key in the generated file.

NOTE
The password must be at least eight characters long and contain either a number or an interpunction. If this is not the case, the export is denied.

  1. Proceed to the next screen, check the summary, and click on Finish.

    The key has been exported into the indicated file.