Guide to Using SafeHouse

Branding Files for Password Recovery

Branding is the process of marking, or updating, the original set of SafeHouse distribution files with special keys and administrative messages. Not all files need branding. At present, only SDWLIB.DLL and SD.EXE get updated. These files are then deployed in place of the non-branded versions when installing SafeHouse throughout your organization.

Before you begin branding files you must perform a normal SafeHouse install which includes the administrative components. The administrator’s tools are only needed on the administrator’s PC. Normal users do not need any of these extra utilities, although it doesn’t do any harm for them to be available.

If you will be using more than one administration domain, you should save copies of the non-branded versions of SDWLIB.DLL and SD.EXE to a temporary directory so that you can retrieve fresh copies before each branding procedure. You will need to run the branding wizard on the non-branded versions of these files once for each domain to be created.

Branding Wizard - Page 1

The branding wizard is run using the Brand SafeHouse icon. The first screen summarizes what’s about to take place. Context-sensitive help is available at every step.

The files to be branded must reside in the same directory as the branding wizard. The default action during installation is to copy all files to C:\SAFEDISK which complies with the requirement.

Select Next to begin.

Branding Wizard - Page 2

The first piece of information you are asked to provide is the administrative contact and description for the target domain. At the very minimum, you should include a name, phone number and domain identifier.

The message you enter here is embedded into every encrypted volume created with the branded fileset. It can be displayed by users at any time using an option built into the Change SafeHouse Password utility.

The contact information message can be any format you desire. The maximum length is 128 characters. An example of this sample being displayed for a user can be seen in the next section under password recovery. Use of this field is completely optional.

Branding Wizard - Page 3

The next wizard page allows you to enter a multi-line text message which will be displayed on the first page of the Create SafeHouse Volume wizard.

You may enter any text up to 128 characters long. If you do not wish to display a special message during volume creation, leave this field blank.

Create Volume Wizard - Showing branded text.

This screen capture shows how the first page of the create volume wizard would look after being branded with the sample message shown above.

Branding Wizard - Page 4

You are next asked to choose an administrator’s passphrase. A passphrase is simply another word for password. We recommend that you create a normal sentence with proper punctuation which is at least 24 characters long.

Your passphrase is case sensitive and can be any combination of text, letters, numbers and punctuation. The maximum length is 999 characters.

Please be sure to write down your passphrase exactly as you typed it into this edit field. If you created an exceptionally long passphrase, you might find it convenient to copy it to the Windows clipboard and paste it into a text file created with NOTEPAD.

Your passphrase must remain secret. Anyone with knowledge of this phrase will be capable of recovering the encrypted volume passwords for all volumes created with this branded fileset.

Branding Wizard - Page 5

An optional feature for password recovery allows you to require that all recoveries be authenticated with an ActivCard challenge-response security token. By requiring ActivCard authentication in addition to the administrator’s passphrase, you are protected from passphrase breaches which might be caused by disgruntled administrators. Leave these fields blank if you choose not to require the use of ActivCards.

Your passphrase must remain secret. Anyone with knowledge of this phrase will be capable of recovering the encrypted volume passwords for all volumes created with this branded fileset.

If you are satisfied with all of your previous answers, move forward to the last screen and press the Brand Files button to perform the file updates.

Before deploying your branded files, you should first check your messages and test the password recovery features as described in the next section.