ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

HOW TO: Backup the Organization Key on Symantec Encryption Management Server

book

Article ID: 180196

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

 Symantec Encryption Management Server at the core is a keyserver and will manage all the public and private keys for an organization.  As such, keys that reside on the server can be exported, including the Organization Key Pair.  

This article details how to backup the Organization Key for the Symantec Encryption Management Server (previously known as PGP Universal Server). The Organization Key is used to sign all user keys and to encrypt server backups.

Resolution

As all backups are encrypted with the Organization Key, it is extremely important to back up the Organization Key. If the Organization Key is not backed it up, it is not possible to restore from backups encrypted to the Organization Key.

Important Note: Make special care to protect the organization key when exporting.  Do not allow the Org Key to be exported without a passphrase unless absolutely necessary, and if this is done, protect it so that it does not end up in unauthorized hands. 

Each Symantec Encryption Management Server is pre-configured with a unique Organization Key generated by the Setup Assistant. If different settings for this key is needed, the Organization Key can be re-generated based on new settings, however this should only be done prior to live deployment of the server or creation of user keys by the server.

The Organization Key automatically renews itself one day before its expiration date including all of the same settings.

The Organization Key can be backed up during the initial installation of the server or by exporting the key from the Symantec Encryption Management Server interface.

To backup your Organization Key

  1. Log into the Symantec Encryption Management Server administrative interface.
  2. Click the Keys tab and then click Organization Keys.
  3. Select your Organization Key. The information of your key is displayed.
  4. Click Export.
  5. Select Export Keypair then click Export Keypair.

    Note: It is important to export the full keypair.  Exporting only the public portion will not allow restoration of the backup, as the keypair is what is needed to decrypt the backup.  Also, ensure the passphrase used to protect the Organization Key is not forgotten.  If the passphrase of the Organization Key is not known, it is not possible to restore a backup.
     
  6. Click Save and choose a location for your key.

Additional Information

ISFR-1907 
ISFR-1906