8.11 Managing Passphrase for Encrypted iFolders

An encrypted iFolder has a unique data encryption key that is auto-generated during iFolder creation. The key is encrypted by using a passphrase provided by the user and also by using the public key of the recovery agent.

The recovery agent is selected during the iFolder account creation process if the iFolder administrator has enabled the encryption policy on the server.

If the iFolder administrator has enabled encryption, a dialog box is displayed during iFolder creation for you to enter your passphrase. iFolder uses the passphrase to generate a unique encryption key to encrypt or decrypt the iFolder data on the iFolder server. If you forget the passphrase, you cannot access the iFolder data. You must reset your passphrase to gain access to the iFolder data.

8.11.1 Recovering an Encrypted iFolder

Use the Passphrase Recovery Wizard to reset the passphrase and recover an encrypted iFolder. Follow the steps given below to launch the Passphrase Recovery Wizard:

  1. In the iFolder browser, click Security > Forgot Passphrase to launch the wizard.

  2. From the iFolder Account list, select the domain for which the passphrase must be reset and click Forward.

    During the iFolder account creation process, if Server_Default option was selected as the recovery agent, then the Set New Passphrase page is displayed.To reset the new passphrase, see Resetting the passphrase when recovery agent is Server_Default.

    On the other hand, if you selected a recovery agent other than Server_Default, then you must reset the passphrase using Resetting the passphrase when recovery agent is not Server_Default.

Resetting the passphrase when recovery agent is Server_Default

To set the new passphrase, perform the following steps:

  1. In the Set New Passphrase page, specify the new passphrase in the New Passphrase field.

  2. Re-enter the new passphrase in the Confirm Passphrase field and click Forward.

  3. Specify the password in the Password field, then click Forward.

  4. After the passphrase is reset successfully, click Finish to close the wizard.

Resetting the passphrase when recovery agent is not Server_Default

To reset the passphrase when the recovery agent selected is not Server_Default, follow the steps given below:

  1. The Welcome page of the wizard displays information regarding the information you need to reset the passphrase. Click Forward to display the Passphrase Recovery Mechanism page.

  2. There are three methods you can use within the wizard to reset your passphrase:

    • Using the secret file and its password: The secret file and its password are used to reset the passphrase. If you have maintained the secret file and its password, you can use the wizard to specify the location of the secret file and provide its password. To reset the paasphrase using the secret file, see Using the Secret File to Reset the Passphrase.

      NOTE:You obtain the secret file and its password from the iFolder administrator.

    • Using the new data file: The new data file can also be used to reset the passphrase. You can get the new data file from the administrator after performing an export operation of the old data file. To reset the passphrase using the new data file, see Using the New Data File to Reset the Passphrase.

    • Exporting the old data file: If you don't have the secret file or the new data file, you can use the wizard to export the old data file, then you e-mail the file to your administrator. When the administrator sends back the new data file, you can use the wizard to reset your passphrase. To export the old data file, see Using an Exported File to Reset the Passphrase.

The following table summarizes the decisions you make.

Table 8-5 Passphrase recovery wizard settings

Settings

Description

iFolder Account list

Displays the list of configured iFolder accounts. By default the first logged in account is selected.

Location of secret file

Denotes the location of the private key file of the certificate that can be obtained from the iFolder administrator.

Secret password

Represents the password to the secret key file.

One time password

Represents the password that is used by the administrator to encrypt the new data file.

Location of new data file

Denotes the location of the decrypted key file. The new data file is obtained from the iFolder administrator after performing an export operation of old data file.

Location to save old data File

Denotes the location to save the exported key file. After exporting the old data file, you can e-mail it to your administrator. The administrator then sends you the new data file.

New Passphrase

Represents the new passphrase that you enter which is used to encrypt the unique data encryption key that is auto generated during iFolder creation.

Confirm Passphrase

Represents the new passphrase that you must re-enter.

Using the Secret File to Reset the Passphrase

To reset the passphrase using the secret file, perform the following steps:

  1. Select I have the secret file and its password option, then click Forward.

  2. Fill in the following fields:

    Location of secret file: Specify the location of the secret file, or click the Browse button to locate and select the secret file.

    Secret Password: Specify the password to the secret file.

    New Passphrase: Specify the new passphrase.

    Confirm Passphrase Re-enter the new passphrase.

  3. Click Forward to reset the passphrase.

  4. Click Finish to close the wizard.

NOTE:You obtain the secret file and its password from the iFolder administrator.

Using the New Data File to Reset the Passphrase

To reset the passphrase using the new data file, perform the following steps:

  1. Select I have the new data file sent by the administrator option, then click Forward.

  2. In the Location of new data file field, specify the location of the new data file, or click the Browse button to locate and select the new data file.

  3. If the new data file that you receive from the administrator is encrypted, select Is the above file encrypted? check box. When you select this check box, the One Time Password field is enabled.

  4. In the One Time Password field, specify the password that is used by the administrator to encrypt the new data file.

  5. In the New Passphrase field, specify the new passphrase.

  6. In the Confirm Passphrase field, re-enter the new passphrase.

  7. Click Forward to reset the passphrase.

  8. Click Finish to close the wizard.

Using an Exported File to Reset the Passphrase

To reset the passphrase when you don't have the secret file or the new data file:

  1. Select I have no secret file or data file option, then click Forward.

  2. In the Location to save old data file field, specify the location where the old data file must be saved or click the Browse button to specify the location to save the old data file.

  3. Click Forward to obtain the old data file. The location of the old data file and the email address of the iFolder administrator is displayed. You can use this information to obtain the new data file.

  4. Click Finish to close the wizard.

  5. E-mail the old data file to your iFolder administrator with a request to receive the new data file in return.

  6. When you receive the new data file, see Using the New Data File to Reset the Passphrase to reset your passphrase.

8.11.2 Changing the Passphrase

For security reasons, you must change your passphrase periodically. You can reset the passphrase by using the one-time passphrase sent by your Recovery agent.

  1. In the iFolder browser, select Security > Change Passphrase.

  2. In the Change Passphrase window, select the iFolder account you want to reset the passphrase for and specify the following details:

    Enter Passphrase: Specify your current passphrase.

    Enter New Passphrase: Specify the new passphrase you want to set for the current iFolder account.

    Retype Passphrase: Specify the new passphrase again for confirmation.

    Recovery Agent: Select the Recovery agent you have set for the current iFolder account.

  3. Click Reset.