Recover Encryption Keys
This section is only pertinent to users with:
- BLOA SecureEmail
- MLOA Software
- MLOA Hardware
A user receives three certificates for FIS BLOA SecureEmail, MLOA Software, and Hardware:
Once a user revokes or loses their MLOA certificates, they need to re-apply for certificates, and go through the in-person proofing process again. This may also require an additional purchase. To enable users to access data encrypted using the revoked/lost certificates, Exostar offers the self-key recovery functionality.
- If you are approved for and downloaded FIS BLOA SecureEmail certificates, you can recover encryption keys for all active, revoked, or expired certificates.
- If you are approved for and downloaded FIS MLOA Software certificates, you can recover both BLOA SecureEmail and MLOA Software encryption keys for all active, revoked, or expired certificates.
- If you are approved for and downloaded FIS MLOA Hardware certificates, you can recover encryption keys for all certificates – BLOA SecureEmail, MLOA Software, and MLOA Hardware. However, for hardware certificates, you can only recover expired or revoked encryption keys. Current keys cannot be recovered.
- If you are recovering hardware encryption keys, you need to log-in using your hardware token.
- You can use the keys only to access the data which was encrypted using the revoked or lost certificates.
To recover the keys:
Step 1. Log-in to your MAG account using your new MLOA certificates. If you have not reapplied for certificates, complete all activities related to requesting access, in-person proofing, and downloading your certificates, prior to attempting to recover encryption keys.
Step 2. The following screen displays if you have not logged-in using your new certificates. Click the link to select the certificate associated with your log-in credentials.
Step 3. Click the Recover Encryption Keys tab under the Manage Certificates tab.
Step 4. Select the certificate for which you need to recover the encryption key. If multiple certificates are available, repeat the process to recover each key. Click OK to proceed.
Step 5. From the Choose a digital certificate pop-up screen, select the certificate you used to log-in.
Step 6. You may be prompted to log-in again using your MLOA certificate. Complete the log-in with the MLOA certificate used to log-in in step 1, and click OK. The following screen displays. Click Download.
Step 7. You are prompted to either Open or Save the file. Click Save.
Step 8. Save the certificate file (.p12 format) at a location of your choice. Click Close on the Exostar Self Key Recovery screen.
Step 9. You receive an email with a one-time password, which is required to unlock the file you just downloaded. Follow the instructions under the Importing Recovered Encryption Keys section for the next steps.
Import Recovered Encryption Keys
To import the encryption keys recovered in the Recover Encryption Keys section, you need the following:
- Access to the location where you saved the .p12 file.
- Email with the one-time password, to unlock the key for importing.
Follow the steps below to import your encryption key:
Step 1. Double click the saved .p12 file.
Step 2. You are presented with the Certificate Import Wizard. Click Next.
Step 3. Confirm the file name, and click Next.
Step 4. Copy or enter the one-time password from the email you received, and make sure no trailing spaces are entered. In addition, it is strongly suggested you enable strong key protection, and set-up a password to access the encryption key. To enable further export of the key, you may also select the Mark this key as exportable option.
Step 5. Click Next. You are prompted to select a location to store the certificate. Click Next.
Step 6. Click Next again to complete the import process, then click Finish.
Step 7. If you selected to Enable strong protection in step four, you are presented with the below screen. Click Set Security Level to set a password for the encryption key.
Step 8. Select High to ensure you are prompted for a password each time, and click Next.
Step 9. Enter a password. Click Finish.
Step 10. Click OK on the confirmation pop-up.
NOTE: When you attempt to open an encrypted document or email, which was encrypted using this key, you are automatically prompted for the key password you set-up. Enter the password to access your document or email.