If I have an encryption key management software in-house and I want to manage keys for EEPC - is there any document from McAfee that talks about which folder I have to take back-up? Is it the whole SBDATA folder?
Thanks in advance.
- Amiya Bisoi
I guess you are using EEPC5 since you mention SBData?
In short, it's not possible to move keys into a third party management system, most don't have the capacity to deal with the weight of symmetric keys EEPC leverages, and the security benefit is tangible to say the least. It is theoretically possible though, but would require some custom development.
It's not something you can do in any way, as all the keys in SBData are encrypted with other keys. It's pretty hard to actually get at the root key info, though I guess you could export them with the "GetMachineKey API command.
Not sure what this would give you though? Protection from someone deleting SBData maybe?
In any case, for EEPC 5.x, making frequent backups of SBDATA directory is the simplest and most efficient way to protect EEPC Client info. You may use provided SFDBBack utility to perform frequent on-line backups.