I know this must be done before and doable but I didn’t know how or what exactly should be done!
I’ve many customers –especially the ones follow any compliance policy- that required REVOKING all the PGP users’ key every year or even after 12 months. They use PGP for Drive Encryption “Whole Disk Encryption”, File & Folder Encryption and E-mail Encryption. Using SKM “Server Key Mode” for all the users
I want to know what exactly should be done to revoke those keys and generating new keys without effecting users/machines/files…etc. Also without impact the business! And what will happened for the WDE users after the key revoked, will they be able to login to the Boot-Guard screen normally? And what about the E-mail that been encrypted with the revoked key will they still be able to read them with the new key! –I guess No! - If no, how can this are solved?
Is there any limitation in this process?