Changing a User Decryption Key Passphrase

Changing a user decryption key passphrase requires both the physical data file (USB key or such) and the user's current passphrase. (If neither is available, create a new decryption key from scratch.)

  1. Right-click on a user decryption key and select Change passphrase.
  2. When prompted, select the file with the user's key, and enter the current passphrase.
  3. Enter the new passphrase twice (for verification).
  4. Click the OK button. Then, choose the file in which to save the modified key.

Note if the user has more than one key, each one must be updated individually, or the file containing the key can be copied to the second location.

If a user's key or passphrase has been compromised, do not just change the user's passphrase. Since the key itself can be copied, and the passphrase is tied to the copy of the key, the compromised key can be used to access data. Instead, revoke the user's key and create a new one. This will make the old key and all of its copies useless, regardless of how many times it's been copied.

