Not able to encrypt/decrypt using Certificate
If a Master Certificate was configured by installation setting or policy update, all files encrypted by SEE-RD from the time forward will be encrypted under the Master Certificate’s public key.
To recover files encrypted under a given Master Certificate, you need to provide the private key associated with the Master Certificate. This private key should be stored on a token in a physically secure location.
If smart card is used, Master Certificate including associated private key must be included on smart card and the recovery workstation has been configured with smart card application software and a smart card reader.
Insert the smart card into the reader and authenticate to the smart card software. This will make any certificate stored on the smart card available to the local certificate store.
1. Launch the Access Utility (To have this utility, “Storage Access utility” should be checked during specific package creation for Removable Storage Encryption)
2. Choose File and click Open Files(s). Navigate to the encrypt file or files to be decrypted, then click Open
3. The files will be listed in the main window of the Access utility
4. Double click on the file(s) to be decrypted.
5. You will be prompt to have a certificate on a smart card.
6. Insert the smart card when prompted, then click OK
(Note: If the smart card is already inserted, you may need to re-insert it.)
7. Select a location to save the decrypted file.
If the user is not a part of Active Directory and Certificate must be exported with a private key. This key must be supplied to users and workstation must be CA configured.
1. From MMC select the Certificate from Personal>Certificates>right click>All Tasks>Export
2. Select “Yes, export the private key” option box
3. Only “Personal Information Exchange – PKCS #12 (.PFX) will be checked if above option is checked
4. Type password and confirm password
5. Select a File name
6. Click next>Finish
Configure manual enrollment to a client workstation:
1. Open MMC and Add/Remove Snap-in
2. Select Certificates>My user account> OK
3. Personal>Certificate>right click>All Task>Import
4. Browse the supplied *.PFX file
5. Click Next and provide the password
6. Select “Place all certificates in the following store “Personal”
7. Click Next and Finish
- Smart Card
- Clients not in AD