Configuration encryption

The Master key enables encrypting sensitive configuration parameters, system backups and external storage volumes. It also allows for recovering internal storage encryption key in case the pen drives containing encryption key are lost or damaged.

Note

  • The Master key is exported to PEM format and it is encrypted with SMIME using administrator’s public key/certificate.
  • It is essential to have the Master key exported and stored in a safe location.
  • In case the Master key has been compromised, you can invalidate it, which will result in generating a new one and re-encrypting the data.

Exporting master key

  1. Select Settings > System.
  2. In the Maintenance and supervision click Export current key and save the file on the file system.
../../_images/masterkey_export.png
  1. Click Choose file and browse the file system to find the certificate that will be used to encrypt the Master key.
  2. Click Confirm and save the the Master key file.
../../_images/masterkey_export_confirm.png

Invalidating current master key

In case the current Master key has been compromised, you can invalidate it. Invalidating the current Master key generates a new one and triggers data re-encryption.


  1. Select Settings > System.
  2. In the Maintenance and supervision click Invalidate current key.
../../_images/masterkey_invalidate.png
  1. Click Confirm to proceed with invalidating the current key and re-encrypting the data.
../../_images/masterkey_invalidate_confirm.png
  1. Make sure to export the newly generated key.

Related topics: