:xRecovery is an optional SSProtect component that allows you to recall protected information from users in your Organization. To request an Archive, and/ or for additional information, see the article, Abbreviated Procedures for :xRecovery.
:xRecovery Access Panel
The :xRecovery Access Panel is designed to run independent from SSProtect - in fact, the two applications cannot run at the same time. Start the application from the Desktop shortcut creating during installation, then take your focus to Archive Details at the top left of the display::
- Browse to the folder in which you placed your Archive files
- Enter your 32-character Archive IV from Support
- Choose Open to see the list of files by IDs
This presents the list of files, though encoded by their HostGUID. This is a unique identifier specific to the host-encrypted instance of a double-encrypted file. As such, the HostGUID is not accessible by viewing a protected file, since it is, "wrapped" by the cloud-encrypted instance.
To decrypt filenames, in the Key Store section on the top right:
- Browse to your exported .ssp key file
- Enter your Passphrase
- Choose Import
This operation utilizes Organization and Account keys to unlock the actual filename for each Archived file instance.
To access plaintext content, select one or more files from the list, then choose Decrypt. Plaintext content will be stored in a subfolder of the noted Archive Folder, \Decrypted. Manage these files manually (see the note at the end of this article) - decrypted files are not removed except when you do so manually. Don't forget to remove files from the Recycle Bin if your procedure moves content to this interim location.*
Plaintext Content Availability and Isolated Use
Note the above distinction that refers to both Organization and Account keys. Each key set is required for plaintext access to Archive content, made available from Exported keyfiles.
As such, Non-Privileged Users do not have access to plaintext content since they to not have access to required keys. For this reason alone it is critical to retain Archive isolation when working with the :xRecovery Panel, and retain isolation even after use.
Using UI Controls
Limit the list of files with the Filter / Clear buttons to the right, searching through content for specific files. You can also choose Users in the dropdown listbox underneath the Organization name on the left side above the file list. If you hold the Shift key and choose multiple files, Decrypt will loop through each, showing status on the lower right side of your display. Notice that the Dcryptd column changes from, "No" to, "Yes" on successful decryption.
This depiction is session-specific, i.e. if you restart,the Decrypted column state is reset. This will be enhanced in future app releases.
Selective Plaintext Filenames
Starting with v6.7.0, you will have the ability to modify the resulting Decrypted filename using checkboxes located above the User filter dropdown control:
- HostGUID - includes the entire HostGUID with the decrypted file
- Owner - includes the owning Username with the decrypted file
- Version - includes the decrypted file's version
As you check each of these options, click a file in the list to see a preview of the resulting filename, which will be in the following form:
As you check and uncheck each option, you will see the resulting filename change. Decrypting with the active selection yields similar results for all selected files.
Decrypting Only the Latest Versions
In some cases, you may have an Archive with all Versions of each file, but you only wish you see the latest version for each in plaintext. Check the Latest Only checkbox immediately to the right of the Decrypt button to ignore older versions of each file instance.
Name Collisions During Decryption
In some cases, a decrypted filename matches that of another decrypted file. This can happen if you name a file using the same format used when Restoring files from the Protected Files display, which uses the following format:
x is the Version of the Restored file.
If you restore a versioned file, then access it, the versioned instance is then also stored - though tracked as an independent version of the original since it is in fact the same content. However, rather then decrypting and overwriting another file instance, the :xRecovery Panel will append -<letter> before the extension, using letters between a and z, offering and couple dozen alternatives before collisions become problematic and fail.
Managing Decrypted Files
Current releases of the :xRecovery Panel are primarily designed to provide simple and secure access to plaintext Archive content. More feature-rich capabilities will be introduced in a new product in the future, though until that time it may be helpful to rename the \Decrypted subfolder between successive Decrypt operations. In this respect, you can partition individual Users from an Organization Archive, or separate latest version instances from previous versions then manage differences/ overlapping content with file comparison tools such as Beyond Compare.
As previously noted, don't forget to remove unwanted plaintext materials from decrypted state, copied instances, and also the Recycle Bin when applicable.*
For More Information
If you have questions or need more detail, email firstname.lastname@example.org.
* - See our technical notes on Solid State Drive technology to understand requirements for insuring data is not inadvertently disclosed when recycling hardware.
This article was updated w/ v6.7.1 of the :Foundation Client