Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 5 subscribers
  • Views 7199 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Frequently Asked Questions about Security in Sophos Mobile Encryption

StefanD

How is the keyring containing the encryption keys secured on iOS devices?

Sophos Mobile Encryption does not add any cryptographic functionality. The keys are stored within the iOS key chain but secured with an additional certificate from Sophos.
This way, the keys cannot be accessed by other applications.

How is the keyring containing the encryption keys secured on Andriod devices?

There is a difference between devices with Android 4.3. and new and devices with former versions.

  • On devices with Android version lower 4.3 the keys are stored securely within the app. To enable this the application password to access Sophos Mobile Encryption must be enabled
    The keys are stored within the app encrypted with a key derived from the application password.
  • On devices with Android 4.3 and higher the keys are stored and protected by means of the operating system using the Android KeyStore.
    The Android keystore is protected by the screen lock Pattern/PIN/Password. It is required to set a screen lock for the key ring to be available.
    If the user disables the screen lock, the key ring is automatically disabled and the keys are discarded.

Is it possible to back up the keyring?
For Android a backup of the keyring is not possible.
On iOS device, you can backup the key ring if you have downloaded the app from iTunes.
To include the key ring into your backup, you have to create an encrypted backup within iTunes.
If the app was deployed using Sophos Mobile Control, the key ring cannot be backed up.

What is the recovery password good for?

The recovery password which can be created after enabling the app protection password.
Using the recovery password you can get access to Sophos Mobile Encryption if you forgot your password.
However, the recovery password does not provide an recovery mechanism for encryption keys.

Can I get access to the encrypted file if I forgot the password of the encryption key?

This would only be possible if you are using Sophos Mobile Encryption within your company in combination with SafeGuard Enterprise.

:1016499


This thread was automatically locked due to age.
Unfiltered HTML