PKWARE’s key management support for Microsoft Double Key Encryption (DKE) provides organizations with a simple and seamless experience for administrators. When an end user authenticates with Azure Active Directory, the unified labeling client will retrieve appropriate DKE keys from the PEM Administrator. To access this screen, go to MIP > DKE Keys.
Following is the description for the columns.
This column displays the unique name given to DKE key.
This column displays Yes or No indicating whether encryption is enabled with this key.
This column displays Yes or No indicating whether decryption is enabled with this key.
The URL in this column displays DKE service path used by administrators for defining the location of key service.
This column displays the time/date when key was created.
This column displays time/date when the key was last updated.
This screen also displays the following UI controls for configuration.
- Click Delete button to delete a key.
- Click Copy Link to copy the URL of a key. Refer Microsoft documentation for DKE Labels to know how to use it in the Microsoft Compliance Center.
- Click Edit button to edit the details of a key. Steps of editing are same as adding a DKE key.
Adding DKE Key
Click Add button to add a new DKE key in PEM Administrator. The Add DKE Key screen appears.
Following is the explanation of properties that appear while adding a key.
Enter a unique name for the key.
Check this checkbox to enable encryption with this key.
Check this checkbox to enable decryption with this key.
Importing & Exporting Keys
If there is a need to move DKE keys from one environment to another, PEM Administrator allows this functionality by using the Import/Export capability. Click this button to open DKE Key Import/Export screen.
In the following example: there are two servers, Server 1 and Server 2. Server 1 has DKE keys, but Server 2 doesn’t. Follow the below mentioned steps for exporting key(s) from Server 1 and importing it to Server 2:
- Go to MIP > DKE Keys tab of Server 2. Click Import/Export button.
- Click Download Public Key. The JSON file automatically gets downloaded in the Downloads folder of your PC.
- Go to MIP > DKE Keys tab of Server 1. Click Import/Export button.
- Click Export. The Export – DKE Key Transfer To screen appears.
- In the Upload Public Key to Target Server field, browse and open the JSON file downloaded in step 2 from Choose File button.
- In the Select Keys to Export field, select the checkbox associated with the key(s) you want to export. All existing keys are checked by default. Click OK to download the Key Transfer file to the Downloads folder of your PC.
- Return to MIP > DKE Keys tab of Server 2. Click Import/Export button.
- Click Import. The Import - DKE Key Transfer From screen appears.
- In the Upload Key Transfer File field, browse to the Key Transfer file downloaded in step 6 and select Choose File. Click OK to import the selected key(s) on this server.
- After completing the importing process, the imported key(s) can be seen on MIP > DKE Keys tab of this server.