search cancel

How certificates are used for file encryption by Endpoint Encryption Removable Media Encryption

book

Article ID: 203389

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

Endpoint Encryption RME (Removable Media Encryption) encrypts files using one of the following three methods:

  1. Password
  2. Certificate
  3. Workgroup key

This article gives an overview of how certificates are used to encrypt files.

Environment

Symantec Endpoint Encryption Removable Media Encryption 11.2 and above.

Resolution

Removable Media Encryption encrypts files using the cipher AES256-CBC.

Each file is encrypted to a unique key.

Each unique key is protected by one or more passwords or certificates or group keys.

Therefore, when a certificate is used with Removable Media Encryption to encrypt a file, the file is not encrypted directly to the certificate. Instead, the certificate is used to protect the underlying key to which the file is encrypted.