How would you manage keys with TrueCrypt in a business enviroment?

user-management encryption truecrypt

One suggestion could be to encrypt the volume with a encryption key only (no passphrase), but keep the key always encrypted on laptops/workstations with EFS (Windows only), so that in reality both the users password (optionally backup agent key) and the encryption key is used by Truecrypt.

This way, access to the encrypted devices will be "transparent" to the users, and you can manage passwords, EFS backup keys etc centrally without having to worry about lost keys etc


You should specify your OS, but why not keep all the keys backed up somewhere secure? Also, I would use a passphrase in combination with the key if you are not already, if the key is on something like a thumbdrive, chances are they might lose that with the laptop (ie, they are in the same bag), making the encryption pretty much useless in the first place.

Related

Securely Deleting Files on Linux Journaled Filesystem
pfSense Site-toSite VPN with OpenVPN connects but won't route traffic
Best way to use large IP blacklist to deny access to a web server?
APT: Public Key is missing? How to fix?
How many user/supplicant certificates are needed for WPA2 enterprise on a small network?
Should IGMP Snooping be configured on all Layer 2 switches on LAN?
OpenVPN and Routing and IPtables
I/O high on DRBD disk drbd10 on stacked site
ldap_modify: Insufficient access (50) when changing password
How to construct a MongoDB Health Check in HAProxy?
Redundant Load Balancers for Windows-based Web Servers?
What is the best way to configure the number of workers in Apache?