You are authorized to make copies of your Extreme Encryption™ flash drive. But limit the number of copies you make to the number of people in your group, that is, the people who are intended to share files and messages with each other using Extreme Encryption™ technology. You and your intended group members are the only ones who should be allowed access to the keys that come with your flash drive. Every person who receives a copy must understand that further copying is a serious breach of security, and that loss or theft of a flash drive must be reported to you as the group leader immediately.
Exercise caution as well in the process of distributing flash drives to your team members. For example, if your organization has a mail room that opens all mail, that creates the risk of illicit copying or theft. It would be better to put the flash drive directly into the hand of the intended person.
If you have selected the option of extra protection for the one time keys, you will receive a separate flash drive containing the codes (seven letters or seven characters) used for each individual one time key. This flash drive is not intended for wide distribution. See the section immediately below.
Extreme Encryption™ is delivered to you complete with a large set of one-time keys, each as an individual numbered file that can be selected from within the program when encrypting or decrypting files or messages. Who gets what keys when? Who should use which keys? Here are three scenarios.
Solo user, no key encryption: If you plan to use Extreme Encryption™ for your own file archiving and no-one else is involved, there is nothing to decide. Keep all the keys for yourself. Use them when you wish.
Small team with high trust, no key encryption: It's probably okay to copy the content of the Keys directory for every team member. The question of who uses what keys can probably be settled verbally.
Encrypted keys: The introduction mentioned an option to have each key individually encrypted with its own seven character code. Here too it is okay to copy the content of the Keys directory for every team member. You are left with the question of who uses what key when. In other words, you need to devise a system of allocation the seven character codes. Some possibilities:
- A delegated person offers codes in response to telephone calls. -- Limited by working hours and allowable levels of distraction for the person delegated.
- Server based allocation -- If you already have login control to a server for each team member, adding a way to allocate codes may be relatively straight forward for your technical staff.
- Weekly replenishment of each team member's allotment of keys. These short lists could be encrypted using MarpX Privacy™ which is included on every flash drive.
Let us know of other creative methods that you find work in your situation. Thanks.
Use a key once to encrypt, then once for each intented recipient to decrypt. That is the most secure method.
There is nothing to stop you from using a key more than once, if you so choose. That's lower cost for you. However, if any one file or message using that key is compromised by deception, violence or whatever, then all content using that key is instantly open to the intruder.
Set a policy, single use or specified low count or unrestricted. Whatever your policy, track how it works for you.
Include in your list of best practices all the entries in
MarpX Privacy™ Best Practices.