How are the encryption keys for an encrypted machine protected?
Encryption keys are generated by GuardianEdge Hard Disk Encryption’s FIPS 140-2 validated pseudo-random number generator and are unique to each endpoint. These keys are encrypted with public keys derived from user and administrator credentials applied to the Elliptic Curve Cryptography public/private key pair algorithm and securely stored within the GuardianEdge Hard Disk Encryption pre-boot environment, ensuring that the disk encryption keys can only be unlocked through valid user or administrator authentication.