Besides of storing encryption keys on Aladdin eToken devices, BestCrypt Volume Encryption provides the user with additional functionality for eTokens. The functions may be useful and even necessary to avoid losing encrypted data and enhance security for sensitive data.
It is strongly recommended to create backup copy of encryption keys stored on eToken device. eToken is a small plastic thing that can be lost. If you lose eToken with encryption key for some volume, the volume will become completely inaccessible.
To copy encryption keys from one eToken to another eToken device, run the Rescue->Hardware Token->Backup Encryption Keys to Other Token command. The program will ask the user to insert Source Token where from the keys should be saved, as the following picture illustrates:
After entering passphrase for eToken, press button. The program will display next dialog window asking to insert another Destination eToken to USB port where encryption keys should be saved to.
Insert Destination eToken to USB port and press button. The program will copy encryption keys to the eToken and report that the operation has been successfully completed.
Then the program asks the user to insert another eToken device where from the user may wish to backup encryption keys. If the user agrees, the program will save encryption keys from the source eToken to the same destination eToken. As a result, the single destination eToken will store encryption keys from several source eTokens. Such a functionality allows the administrator to keep a single backup eToken with encryption keys originally stored on a number of users' eTokens.
Please store the Destination eToken in a safe place and use it if you lose original eToken with encryption keys.
BestCrypt Volume Encryption has no command to copy the keys from eToken to other types of storage devices to avoid decreasing security level of the keys. Indeed, if the user occasionally copies encryption keys from eToken to hard disk, there is no sense in keeping original eToken very safely.
When the user runs Change passphrase command, BestCrypt Volume Encryption changes password only for selected volume.
If encryption key for volume is stored on Aladdin eToken USB device, passphrase for the volume actually is a passphrase for the eToken. If you decide to change the passphrase, you should realize that then new passphrase for the eToken must be entered in other applications that use the eToken device. If the eToken stores encryption keys for several volumes, all the volumes will be possible to access only with new passphrase.
To change passphrase for Aladdin eToken run Rescue->Hardware Token->Change Token Passphrase command. BestCrypt Volume Encryption will ask to enter current passphrase for the eToken and enter new passphrase twice to avoid mistyping some letter in the passphrase.
If you are not going to use some eToken device as a storage for encryption keys, you can delete the keys to free up eToken memory. To delete the keys run Rescue->Hardware Token->Delete All Encryption Keys from Token command.
Please be careful when you delete encryption keys from eToken! If you still have some volume encrypted with key stored on the eToken, the volume will become completely inaccessible!