3.4 Creating an Encrypted iFolder

Novell iFolder 3.7 supports encrypted iFolder storage. To store the files encrypted, users must ensure that the iFolder they are uploading to is created as encrypted. For that, they must ensure that the option for Encryption is selected. They also must specify a passphrase and select a Recovery agent when creating an encrypted iFolder by using the iFolder thick client. However, this option is available only when you set the Encryption policy to On. In this case, users are free to choose between the two options: Regular and Encrypted. However, if you set the encryption policy to Enforced, users can create only encrypted iFolders and they cannot change this encryption settings for their iFolders.

NOTE:Even if the encryption policy is set to Enforced, you can create a regular iFolder by using the Create button on the iFolder page of the iFolder Web Admin console.

An existing iFolder cannot be converted to be an encrypted iFolder, and an encrypted iFolder cannot be converted to be a regular iFolder.

During the creation of an encrypted iFolder, the user is prompted to enter a passphrase and select a Recovery agent. iFolder uses the passphrase to dynamically generate a unique encryption key for encrypting and decrypting the key used for data encryption. The encrypted iFolders are not processed without the passphrase. If the user forgets the secret passphrase, he or she cannot access either the iFolder data or the encrypted key used for recovering it. In this case, the Recovery agent that is selected when the passphrase is set helps in recovering the encryption key. For more information on the Recovery agent, see the Section 3.5, Using the Recovery Agent.