Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 6758 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recovery for encrypted files with lost keys

Agonist_Inhaler

Hi,

I'd like to seek assistance in my issue with SGN 5.5

I created a policy for file based encryption using a machine define key, however instead of using removable drive as the target for this policy I accidentally deployed it using Local Storage option. After the policy has been deployed it started to encrypt all files in my drive D:/ and I have no option to cancel it, so I just waited hoping I can revert the changes, but somewhere along the way, the computer rebooted, after I log back it, it reboots again after loading everything including the SGN client icon and it does it in a loop. I need to remove the policy from the MC and that allowed me to log in again. However I noticed that most of my files in drive D:/ were already encrypted. I tried to check the file status and it says "file encrypted with 0x62.... key" that I can't find. I tried looking for mek* keys, or boot keys from the MC but nothing shows, I even added all keys available for the user but I can't open the encrypted files.

Any suggestion how I can recover the files that were already decrypted?

Thanks,

:5684


This thread was automatically locked due to age.
  • 0

    Hi there,

    when assigning keys please be so kind and do not search the key by key name rather than by key_id.

    You can find further information on how to do that in KBA 108156 (http://www.sophos.com/support/knowledgebase/article/108156.html) > look at the drive slaving section which describes how to assign keys. This also applies to file based encryption.

    In case that this does not solve the issue please open a new support call!

    Regards

    Dan

    :5909
  • 0

    Hi,

    Thanks for your reply, I did give Sophos support a call, unfortunately, there was no way to recover the key. It's just surprising that in the manual, SafeGuard has no way to delete generated keys, because of recovery purposes, but for some reason, a key got lost for whatever reason and there is no recovery process for this.

    Perhaps designing it more strategic where in, if a locally created key was not forwared to the MC, using that key shouldn't be allowed in encrypting files to prevent data loss.

    Thanks.

    :6275
  • 0

    Hi there,

    thank you very much for providing further feedback. With regards to your last reply I would like to add some things / have some things clarified.

    Upon creation a local key on a client machine, information about the key are stored encrypted in the local registry until the client can connect to the SafeGuard Enterprise server and the key is then stored in the database.

    Based on this information the only occasion that a local key could get lost would be if the local registry of the client would be severe damaged (unfortunately) deleting the key information at the same time.

    Can you therefore please be so kind and confirm, that you have not been using a centrally created key and that it is at least possible that the registry was damaged as you system crashed while encrypting the drive.

    Thank you very much!

    Regards

    Dan

    :6331
Unfiltered HTML