Managing Keys on Hardware Token


Besides of storing encryption keys on SafeNet eToken devices, BestCrypt Volume Encryption provides the user with an additional functionality for eTokens. The functions may be useful and even necessary to avoid losing encrypted data and enhance security for sensitive data.

Saving encryption keys from one eToken to another

It is strongly recommended to create backup copy of encryption keys stored on eToken device. eToken is a small plastic thing that may be lost. If you lose eToken with encryption key for some volume, the volume will become completely inaccessible.

To copy encryption keys from one eToken to another eToken device, run the Rescue->Hardware Token->Backup Encryption Keys to Other Token command. The program will ask the user to insert Source Token where from the keys should be saved, as the following picture illustrates:

Select eToken

After entering passphrase for eToken, click OK . The program will display next dialog window asking to insert another Destination eToken to USB port where encryption keys should be saved to.

Insert Destination eToken to USB port and click OK. The program will copy encryption keys to the eToken and report that the operation has been successfully completed.

Then the program asks the user to insert another eToken device where from the user may wish to backup encryption keys. If the user agrees, the program will save encryption keys from the source eToken to the same destination eToken. As a result, the single destination eToken will store encryption keys from several source eTokens. Such a functionality allows the administrator to keep a single backup eToken with encryption keys originally stored on a number of users' eTokens.

Please store the Destination eToken in a safe place and use it if you lose original eToken with encryption keys.

BestCrypt Volume Encryption has no command to copy the keys from eToken to other types of storage devices to avoid decreasing security level of the keys. Indeed, if the user occasionally copies encryption keys from eToken to hard disk, there is no sense in keeping original eToken very safely.



Deleting all encryption keys from eToken

If you are not going to use some eToken device as a storage for encryption keys, you can delete the keys to free up eToken memory. To delete the keys run Rescue->Hardware Token->Delete All Encryption Keys from Token command.

Please be careful when you delete encryption keys from eToken! If you still have some volume encrypted with key stored on the eToken, the volume will become completely inaccessible.



See also: