Changing Client Password
Offline Password
CTE supports the offline password feature. This feature is designed to enable retrieval of the keys being used to protect data in a GuardPoint. When communication between the CipherTrust Manager and the CTE Agent are lost, the GuardPoint continues to encrypt/decrypt data with the current last known key and policy. However, if the communication is lost and the protected client is rebooted, the CTE Agent attempts to validate it using the latest keys and policies, but fails. Therefore, a password can be used by the isolated CTE Agent to retrieve the last known key and policy to enable the GuardPoint to continue with encryption/decryption operations. After the communication is re-established, any policy or key changes can be applied.
The offline password feature enables access to encryption keys that are stored locally on a client. This keeps the data secure when the CipherTrust Manager is inaccessible. To access the data, provide the offline password. Then, the CTE Agent encrypts/decrypts the guarded data according to the applied policy.
Password Types
The client password is initially set when the client is added to the CipherTrust Manager. Passwords can be set on a client-by-client or client group basis. The CipherTrust Manager supports two types of offline passwords:
Manual (Static): A password is specified manually. After a client is registered, you must change the client password using this method.
Generate (Dynamic): A password is generated automatically by CipherTrust Manager. Support for dynamic method is limited in this release. Refer to the CipherTrust Manager Release Notes for details.
Changing the Password Manually
Note
The manual password creation method is recommended for disaster recovery scenarios.
To change the password:
Open the CTE application.
Click Clients > Clients.
Under Client Name, click the desired client.
Alternatively, click the expand icon () to the left of the desired client in the clients list.
From the Password Creation Method drop-down list, select Manual. The Regenerate Password button is replaced by Change Password.
Click Change Password.
Enter the new password in the Password and Confirm Password fields. The password must match in both the fields.
Note
The password must contain minimum eight characters including at least:
• One capital letter
• One number
• One of these special characters:! @ # $ % ^ & * ( ) { } [ ]
To cancel the password change, click Cancel Change Password.
Click Apply.
When changing a static password or modifying a client to use a static password instead of a dynamic password, provide the new static password to the client users. Without the password, they cannot access encrypted data when there is no network connection between the client and the CipherTrust Manager.
Changing the Password Dynamically
To change the password:
Open the CTE application.
Click Clients > Clients.
Under Client Name, click the desired client.
Alternatively, click the expand icon () to the left of the desired client in the clients list.
From the Password Creation Method drop-down list, select Generate. This is the default method.
Click Regenerate Password.
A new generated password is downloaded to the client.