8.11 Managing Passphrase for Encrypted iFolders

Novell iFolder provides user-friendly interface to encrypt your iFolders to ensure data security at the server side.

After you successfully log in to the iFolder, an optional iFolder passphrase dialog box opens where you can enter your encryption passphrase if encryption is enabled by the Admin. iFolder uses the passphrase to generate a unique encryption key for encrypting and decrypting your iFolder.If you don’t provide a passphrase, the passphrase dialog box appears automatically while processing the encrypted iFolders. If you cannot recall your passphrase, the recovery agent you selected during login, helps you recover your encryption key. For more information, see Enter the Passphrase.

Encryption occurs before the files leave your workstation to travel securely across an Internet connection to be uploaded to, and stored on, the iFolder server. The iFolder data remain encrypted on the iFolder Server and travel securely on the channel to and from the server. The iFolder client decrypts the downloaded files as they arrive on your local workstation.

8.11.1 Recovering an Encrypted iFolder

Each iFolder has a unique data encryption key which is auto-generated during iFolder creation. You use your passphrase to create the key that encrypts the unique data encryption key. If you forget the secret passphrase, you cannot access either the iFolder data or the encrypted key used for recovering it unless your passphrase is saved locally (enabling Remember passphrase). To avoid this problem, you must export the keys using the Export encrypted Keys menu item and send it manually to the recovery agent using e-mail address given in the dialog box. The recovery agent retrieves the keys and sends back to you (through e-mail or any other communication channel). You can import the keys and use them to reset the passphrase.

NOTE: The Recovery agent is generally an entity independent of entities owning the iFolder server's infrastructure, or, independent of the IT department if deployed in a corporate environment.

To export your data encryption key,

  1. Select Security > Key Recovery > Export Encrypted Keys

  2. Select the iFolder account from the drop down list.

  3. Specify the location on your local machine where you want to store your exported file that contains the encrypted keys.

  4. Click OK

To import your recovered data encryption key,

  1. Select Security> Key Recovery > Import Decryted Keys

  2. Specify the location of the imported file that contains the decrypted keys.

  3. Specify the One Time Passphrase provided by the Recovery agent to decrypt and rarefy the key.(optional)

    The Recovery agent can choose to encrypt the recovered decrypted keys using the one time passphrase. The one time passphrase and key file need to be send through different communication channels (for security reason). If the Recover agent choose not to re-encrypt, then the imported file contains decrypted keys.

  4. Specify the New Passphrase to re-encrypt the data encryption key.

  5. In the Re-type Passphrase field, re-type the passphrase to verify and then, click OK

8.11.2 Resetting the Passphrase

For security reasons, you should reset the passphrase after you import the keys. You do this by using the one-time passphrase sent by your Recover agent.

  1. Select Security > Reset Passphrase.

  2. In the Reset Passphrase window, select the iFolder account you want to reset the passphrase for and specify the following details:

    Enter Passphrase: Enter the one-time passphrase.

    Enter New Passphrase: Enter the new passphrase you want to set for the current iFolder account.

    Retype Passphrase: Enter the new passphrase again for confirmation.

    Recovery Agent: Select the Recovery agent you have set for the current iFolder account.

  3. Click Reset.