Transmitting encryption keys between Administration Servers

If the data encryption feature is enabled on a managed device, the encryption key is stored on the Administration Server. The encryption key is used to access encrypted data and to manage the encryption policy.

The encryption key must be transmitted to another Administration Server in the following cases:

You can transmit encryption keys the following ways:

To enable automatic transmission of encryption keys between Administration Servers within the hierarchy:

  1. In the console tree, select the Administration Server for which you want to enable automatic transmission of encryption keys.
  2. In the context menu of the Administration Server, select Properties.
  3. In the properties window, select the Encryption algorithm section.
  4. Enable the Use hierarchy of Administration Servers to obtain encryption keys option.
  5. Click OK to apply the changes.

The encryption keys will be transmitted to master Administration Servers (if any) at the next synchronization (the heartbeat). This Administration Server will also provide, upon request, an encryption key from its repository to a slave Administration Server.

To transmit encryption keys between Administration Servers manually:

  1. In the console tree of Administration Server, select the slave Administration Server from which you want to transmit encryption keys.
  2. In the context menu of the Administration Server, select Properties.
  3. In the properties window, select the Encryption algorithm section.
  4. Click the Export encryption keys from Administration Server.
  5. In the Export encryption keys window:
    • Click the Browse button, and then specify where to save the file.
    • Specify a password to protect the file from unauthorized access.

      Remember the password. A lost password cannot be retrieved. If the password is lost, you have to repeat the export procedure. Therefore, make a note of the password and keep it handy.

  6. Transmit the file to another Administration Server, for example, through a shared folder or removable drive.
  7. On the target Administration Server, make sure that Kaspersky Security Center Administration Console is running.
  8. In the console tree of Administration Server, select the target Administration Server where you want to transmit encryption keys.
  9. In the context menu of the Administration Server, select Properties.
  10. In the properties window, select the Encryption algorithm section.
  11. Click Import encryption keys to Administration Server.
  12. In the Import encryption keys window:
    • Click the Browse button, and then select the file containing encryption keys.
    • Specify the password.
  13. Click OK.

The encryption keys are transmitted to the target Administration Server.

See also:

Data encryption and protection

Page top