0 Replies Latest reply on Oct 20, 2016 9:25 AM by nicholas.klebs

    Deleting User Personal Key in FRP

    nicholas.klebs

      Do others ever have the need to delete UPKs from FRP?

      We see need to delete UPKs to satisfy our audit/policy/regulation around Key Management and Key Destruction, and also for testing and troubleshooting.

       

      Currently the process to delete a UPK is very cumbersome and could introduce negative consequences.

       

      The KB about deleting a UPK is incomplete, and does not account for all the steps that need to be taken, which are:

      • Disable the specific UPK - no negative effect to any other user.
      • Remove all Key Assignments for UPKs - NEGATIVE EFFECT for all FRP users - net effect users may lose use of their UPK temporarily - can't decrypt data - can't access Encrypted Removable Media - again temporarily.
      • Remove the UPK from ALL POLICIES with the UPK Key Value assigned - WORSE NEGATIVE EFFECT for all FRP users - net effect ALL FRP users may lose data (encryption policy changed from UPK to different key) or access to Encrypted Removable Media because the Key value in ALL FRP POLICIES has to change from UPK to a DIFFERENT KEY.
      • DISABLE UPK functionality completely - NEGATIVE EFFECT for all FRP users - net effect users may lose use of their UPK temporarily - can't decrypt data - can't access Encrypted Removable Media.
      • After these steps, the SINGLE UPK can be deleted, then the FRP Policies need to be re-configured (change from different key back to UPK), Key Assignments can be reconfigured, and UPK functionality can be re-enabled.

       

      Taking these steps can lead to negative situations or potential loss or destruction of data (example if you have to change an encryption policy from UPK to a DIFFERENT key, the data encrypted by UPK can't be decrypted because the user may no longer have the UPK assigned, and the DIFFERENT key would attempt to encrypt the already encrypted blob).