Manage key rollovers

Rights Management uses encryption algorithms and licenses to protect documents. When it encrypts a document, Rights Management generates and manages a decryption key called a DocKey that it passes to the client application. If the policy that protects a document permits offline access, an offline key called a principal key is also generated for each user who has offline access to the document.

Note: If a principal key does not exist, Rights Management generates one to secure a document.

To open a policy-protected document offline, the user's computer must have the appropriate principal key. The computer obtains the principal key when the user synchronizes with Rights Management (opens a protected document online). If this principal key is compromised, any document to which the user has offline access might also be compromised.

One way to lessen the threat to offline documents is to avoid permitting offline access to particularly sensitive documents. Another method is to periodically roll over the principal keys. When Rights Management rolls the key over, any existing keys can no longer access the policy-protected documents. For example, if a perpetrator obtains a principal key from a stolen laptop, that key cannot be used to access the documents that are protected after the rollover occurs. If you suspect that a specific principal key has been compromised, you can manually roll over the key.

However, you also need to be aware that a key rollover affects all principal keys, not just one. It also reduces the scalability of the system because clients must store more keys for offline access. The default key rollover frequency is 20 days. It is recommended not to set this value lower than 14 days because people may be prevented from viewing offline documents and system performance may be affected.

In the following example, Key1 is the older of the two principal keys, and Key2 is the newer one. When you click the Rollover Keys Now button the first time, Key1 becomes invalid, and a newer, valid principal key (Key3) is generated. Users will obtain Key3 when they synchronize with Rights Management, typically by opening a protected document online. However, users are not forced to synchronize with Rights Management until they reach the maximum offline lease period specified in a policy. After the first key rollover, users who remain offline can still open offline documents, including those protected by Key3, until they reach the maximum offline lease period. When you click the Rollover Keys Now button a second time, Key2 becomes invalid, and Key4 is created. Users who remain offline during the two key rollovers are not able to open documents protected with Key3 or Key4 until they synchronize with Rights Management.

For more information about security, see Adobe LiveCycle Overview.

Change the key rollover frequency

For confidentiality purposes, when you are using offline documents, Rights Management provides an automatic key rollover option with a default frequency period of 20 days. You can change the rollover frequency; however, avoid setting the value lower than 14 days because people may be prevented from viewing offline documents and system performance may be affected.

  1. On the Rights Management page, click Configuration > Key Management.

  2. In the Key Rollover Frequency box, type the number of days for the rollover period.

  3. Click OK.

Manually roll over principal keys

To maintain confidentiality of offline documents, you can manually roll over principal keys. You may find it necessary to manually roll over a key (for example, if the key is compromised by someone who obtains it from a computer where it is cached to enable offline access to a document).

Important: Avoid frequently using manual rollover because it causes all principal keys to roll over, not just one, and may temporarily prevent users from viewing new documents offline.

The principal keys must be rolled over twice before previously existing keys on client computers are invalidated. Client computers that have invalidated principal keys must re-synchronize with the Rights Management service to acquire the new principal keys.

  1. On the Rights Management page, click Configuration > Key Management.

  2. Click Rollover Keys Now and then click OK.

  3. Wait approximately 10 minutes. The following log message appears in the server log: Done RightsManagement key rollover for N principals. Where N is the number of users in the Rights Management system.

  4. Click Rollover Keys Now and then click OK.

  5. Wait approximately 10 minutes.

// Ethnio survey code removed