3 Replies Latest reply on Jun 17, 2009 3:45 PM by SafeBoot

    MEE - Encryption Keys

      Team,

      I am really confused between the different keys used by MEE. Can anyone explain a little bit:

      1. Is there a separate encryption key for MEE for PC and MEE for F&F?

      2. Where the key is stored. I guess it's SBDATA, if yes then which sub-folder?

      3. What are the types of keys used or created for MEE for F&F? what the difference between default local keys, user defined keys i.e we create in encryption key group? Where these keys are stored?

      4. How different is McAfee Endpoint Encryption for Removalbe Media?

      5. Is there a master key to decrypt everything. I hope PGP uses one like that.

      Thanks in advance.
        • 1. RE: MEE - Encryption Keys
          1. Is there a separate encryption key for MEE for PC and MEE for F&F?

          Yes - you can have lots and lots of EEFF keys, but only one key per hard disk. You won't see the hard disk keys though, they are managed in the background for you.

          2. Where the key is stored. I guess it's SBDATA, if yes then which sub-folder?

          It's stored somewhere in the database encrypted with other keys - you can't actually get at it through the file interface.

          3. What are the types of keys used or created for MEE for F&F? what the difference between default local keys, user defined keys i.e we create in encryption key group? Where these keys are stored?

          User local keys are stored encrypted on the client machine itself, the default key is stored in the user profile (and replicated to EEM for redistribution). You don't have to worry about where they are stored.

          4. How different is McAfee Endpoint Encryption for Removalbe Media?

          It's just a feature of EEFF.

          5. Is there a master key to decrypt everything. I hope PGP uses one like that.

          No, though it's impossible to encrypt something in a way that an administrator can't get it back - there's no master key, but keys are wrapped together in such a way as to be recoverable at any stage.


          There's no tiresome key management processes in the McAfee products like PGP - mostly things are done in the background for you - users just have to worry about what to protect, but even that can be automated based on content.
          • 2. RE: MEE - Encryption Keys
            Is there any white paper or document apart from the product guys which explains these things in detail?

            Can you elaborate a little more please " the default key is stored in the user profile (and replicated to EEM for redistribution) ". So default key is generated by user and get replicated to MEE and then redistribution for what? Other users to use?

            Thanks for your quick response.

            - A
            • 3. RE: MEE - Encryption Keys
              no, the only documentation is the product manual.

              the default key gets distributed to EEM so when you log onto another machine, you get to use the same default key. Keys you create locally though are stored locally. The data they protect can be recovered by an EEM key, but they don't get moved around.

              remember, this is a centrally managed enterprise product, not a stand alone end-user thing.