Master Key

What is Master Key?

Master key is a feature which enables Master Key Owner and Group Administrators to recover files of the group members.

Imagine an important financial document being encrypted after creating the yearly revenue report. During the following year a new financial team is put in place, and when it's time for the yearly report they realize the financial document the previous team used, is now encrypted with credentials no one has access to any longer.

Enter Master key! With Master key enabled, the administrators of the group can always recover any file encrypted by the group members. In the above case the new financial team just has to ask their group administrator, and the financial document can easily be recovered, even if the original user left the company.

As long as the Master Key Owner or group administrators who make sure to keep track of their credentials, no files will ever be lost due to employees leaving or forgetting their passwords.

Who is Master Key Owner?

A Master Key Owner holds special rights to recover any file encrypted by all Group’s members when Master Key is enabled, even not being a member of the group.

Only one Business Administrator can be a Master Key Owner. A new Master Key Owner can be assigned only by the current Master Key Owner, by selecting from the Business Administrators list.

Also, Master Key Owner can enable/disable the group’s master key. A Master Key Owner can recover any files encrypted by the group members when group administrator lost master key access.

What is the purpose of Master Key?

When Master Key enabled for a Group, a Master Key Owner or Group Administrators can recover any file encrypted by that Group members. This, as mentioned, eliminates the risk of losing access to critical files. But is it secure?

In terms of security, you can view Master key as an automatic sharing of files with Administrators of the group. Group Administrators will automatically be able to recover files which has their Master key applied. This is no less secure than simply using AxCrypt's tried and tested Key Sharing feature.

Of course, Group Administrators need to be extra careful to choose strong passwords and always keep their account safe.

Enable / Disable Master Key

Note: Master Key Owner must be selected before enabling the Master Key. Only Master Key Owner and Group Administrator can enable the master key.

  1. Login to your AxCrypt Business account
  2. Go to Master Key side-menu
  3. Enable Master Key
    • Toggle the action button to enable Master Key for the corresponding group.
  4. Disable Master Key
    • Toggle the action button to disable Master Key for the master key enabled group.
  5. Provide your consent by selecting the checkbox “I Understand” and then click the “Understand” button below.

Approve Master Key

Once master key enabled, all the existing group members needs to approve. This is an important security consideration, and an existing user should never feel like this feature was hidden from them.

  1. Login to your AxCrypt Business account
  2. Go to AxCrypt ID side-menu
  3. Navigate to groups section
  4. Click Approve Master Key for the corresponding group action menu.
  5. Provide consent to Approve Master Key .

Note: A Group Administrator who enabled the Master Key will be auto approved.

How does Master Key work?

If a user has not accepted Master key, it will not be applied to files they encrypt, so make sure everyone in your group accepts the feature.

Group Administrator can view, who has accepted the Master key feature in the user's page.

For new members of existing businesses, Master key will be automatically approved when members join the business.

Once Master key has been enabled, it will be automatically applied to all files encrypted by members of the group.

Files encrypted before enabling Master key will of course not be possible to recover. Old files must be re-encrypted after the user having accepted master key.

After Master Key enabled, sign out If already signed in and sign in back to the AxCrypt Application. An information message popup will appear to inform about the master key enabled.

You can see if Master key has been applied by the Master key icon shown in the application. If a file has this icon, then any group administrator can recover the file.

That's it! As you can see, Master key is very easy to use and nothing your business member ever must consider or spend time on.

Notes

Business created before the group feature, Default group was created with all the business members and master key data securely moved from business to default group.

Please note that while Group Administrators or Master Key Owners can recover files using the Master Key, this functionality should not be relied upon for regular usage. If a file is intended to be opened by a group administrator, it should be key shared with that user, just like with any non-admin user.

Try for free