Recovering encrypted folders

If a user is no longer able to access an encrypted folder and decrypt the content, which can occur, for example, if the appropriate user certificates are lost or the password is not remembered, you can use recovery to restore access to these folders.

The following procedures are used to restore the data:

• Challenge-response procedure: this involves the user and the administrator (or support employee).

  The challenge/response mechanism validates both the challenge (request code) that DriveLock creates for the user and the corresponding response code that is generated by the person performing the recovery. Only when both codes are valid for the drive or folder to be recovered, can access to the data be restored (for example enabling the user to select a new encryption password). The request code is generated by the user with the help of a wizard, transmitted to the administrator and checked for validity by the administrator in the DOC under Security Controls -> Encryption -> Recovery -> File Protection Recovery. The administrator checks that the request code is valid and then generates a response code that is in turn validated by the wizard running on the client computer.

• If the user has access to the certificate, it can be used directly (via online recovery)

• Direct recovery from the DOC under Security Controls -> Encryption -> File Protection -> Centrally Managed Folders using the menu command Recover access to the folder

The steps for recovery by the administrator (or support employee) in the DMC correspond to those for online or offline recovery with Encryption 2-Go.