Endpoint Encryption

Expand all | Collapse all

How to decrypt with Recovery Certificate with SEE Client

  • 1.  How to decrypt with Recovery Certificate with SEE Client

    Posted 01-04-2019 03:20 AM

    Hi, guys.

    I would like to know if there is a way to decrypt encrypted file that were encrypted by SEE RME using the SEE Client instead of the Removable Media Access Utility?

     

    The main reason I want to know this is that Removable Media Access Utility can only be run from a removable storage and on a machine without SEE client.

    Here's a scenario for easy understading:

    User A forgets his password which was used to encrypted the new files on his USB drive and he lives half the globe away from the administrator designated for recovery. Therefore he is unable to provide the administrator with the USB drive but he can send the encrypted file to the administrator to recover via recovery certificate. 

    Is there a way to decrypt the file with recovery certificate using the SEE Client instead of the Access Utility?



  • 2.  RE: How to decrypt with Recovery Certificate with SEE Client

    Posted 01-04-2019 06:10 AM

    Yup, the recovery method is identical, whether you are using the installed SEE client or the Removable Access Utility.

    All you need is to have the Master Recovery Certificate (i.e. the one with the private key) in the currently logged on user's personal certificate store.  In this case, it should be that of your admin user.  The SEE-RME Client automatically looks for certs when opening encrypted files, and should just find it.  This is just like how the Removable Access Utility behaves, and also how the SEE-RME client behaves when user certs are available.

    In summary, the Admin would:

    1. Receive encrypted file, and put it onto a USB stick via a machine that does not have SEE-RME
    2. Install Master Recovery cert to machine with SEE-RME installed (i.e. Recovery Machine)
    3. Plug USB into machine with SEE-RME installed
    4. Open/Recover file, and save decrypted copy
    5. Remove Master Recovery Cert from Recovery Machine

    Remember, it is best practice to securely store, and audit access to, the Master Recovery Certificate.