4 Replies Latest reply on Jul 31, 2012 8:48 AM by jmcleish

    Client encryption key overwritten?

    jmcleish

      At what point does an EEPC v6.1.1 client send its (or creates its) encryption algorithm to (in) ePO. When activation success is achieved or when the ee agent is installed?

       

      I’ve been off on holiday and someone has decided to remove an encrypted drive from a machine and replace it with a newly imaged drive (unencrypted). of course they now want it decrypted and the data off it.

       

      The existing machine doesn’t exist now in ePO and I’m thinking that because it has the same Mac address its changed the name to the new drive. It is sitting at in-active in ePO, but it’s not been on for 10 days so in theory it could have activated, but not sent that info back to ePO. I don't have access to this new drive (trying to track it down) to see whether it has activated locally in the log.

       

      I did do the re-use key in the hope that the new disk wouldn't use a different key (- but as I say I’ll need to check locally on the client if it has activated) and she wether i'm too late

       

      I’ve tried a decrypt on the fly with the recovery xml (which normally works), but this has not worked and now i'm thinking I may have to restore the db to another server with epo installed and export the key that way… or any other ideas?

      i don't want to decrypt the drive (Remove EE) with the recovery xml, unless i can be sure that it is the original key for that drive.

       

      Thanks

      Jane