Distributing certificates for users

Each time an encrypted folder is accessed, DriveLock File Protection checks whether a user certificate is available in the user's certificate store and whether it can be used for automatic authentication.

The public key infrastructure (PKI) normally used for managing user certificates is not necessary for DriveLock File Protection if you create the certificates via DES.

If your organization already has an existing PKI and uses it to issue user certificates, you can use this PKI to authenticate users for DriveLock File Protection.

The following options are available for managing user certificates:

• Certificates are managed by the user - a personal (self signed) certificate can be created using the DriveLock Application.
• Certificates are administered using DriveLock. The Certificates (public key) are stored by DriveLock in a database.
• User certificates are managed in an existing PKI in Microsoft Active Directory outside of DriveLock
• User certificates are administered in a third-party Windows compatible-environment without any involvement by DriveLock