Encryption Key Management

  • Work with your unit administrator to decide how you will select encryption keys. You will do one of the following:
    • If IT encrypted one or more of your files with AES Crypt, you can continue using the key IT provided.
    • If you choose to use your own key, you will need to choose a strong key that is impossible to guess. You are advised to use random letters, numbers, and symbols. Consider using a password generator to create a secure key.
  • Check with your unit administrator to understand how your unit will keep encryption keys secure and available for operational continuity. Your unit's encryption keys:
    • must be secured from loss, destruction, unauthorized access or modification at the same level as the data they protect
    • must not be stored or sent in clear text that identifies them as encryption keys or that identifies the file(s) they protect.
  • When sharing an encrypted file, send the key using a different communication channel from the one used to send or share the encrypted file. For example, do not send the key in the same e-mail message that contains a link to the encrypted file or that includes the encrypted file as an attachment. Instead, communicate the key using a separate e-mail, a phone call, or an in-person meeting.
  • Remember the key (password) you used to encrypt your files. If the key gets lost, there is NO way for IT, or anyone, to decrypt files encyrpted with AES Crypt. They will remain encrypted and inaccessible forever.