This article details how to backup the Organization Key for the Symantec Encryption Management Server (previously known as PGP Universal Server). The Organization Key is used to sign all user keys and to encrypt server backups.
As all backups are encrypted with the Organization Key, it is extremely important to back up the Organization Key. If the Organization Key is not backed it up, it is not possible to restore from backups encrypted to the Organization Key.
Each Symantec Encryption Management Server is pre-configured with a unique Organization Key generated by the Setup Assistant. If different settings for this key is needed, the Organization Key can be re-generated based on new settings, however this should only be done prior to live deployment of the server or creation of user keys by the server.
The Organization Key automatically renews itself one day before its expiration date including all of the same settings.
The Organization Key can be backed up during the initial installation of the server or by exporting the key from the Symantec Encryption Management Server interface.
To backup your Organization Key
- Log into the Symantec Encryption Management Server administrative interface.
- Click the Keys tab and then click Organization Keys.
- Select your Organization Key. The information of your key is displayed.
- Click Export.
- Select Export Keypair then click Export Keypair.
Note: It is important to export the full keypair. Exporting only the public portion will not allow restoration of the backup, as the keypair is what is needed to decrypt the backup. Also, ensure the passphrase used to protect the Organization Key is not forgotten. If the passphrase of the Organization Key is not known, it is not possible to restore a backup.
- Click Save and choose a location for your key.