Page 14

www.mcafee.com

Appendix B Zeroization of Device Encryption Key

In order to zeroize the Device Encryption Key in an Endpoint Encryption for Mobile protected device, two

separate actions are required. However, it should be noted that this process will render the module

inoperable and will result in the potential loss of all module protected assets.

Firstly, the encrypted form of the device key has to be actively deleted from the registry by overwriting it

with "0"s.

The registry key to overwrite is: "HKEY_LOCAL_MACHINE\Software\SafeBoot International\Windows

Mobile\DevKey"

This can be done using a registry script file. Simply save the following to a file with a ".reg" extension,

such as "DeleteDeviceKey.reg" and running it from File Explorer.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\SafeBoot International\Windows Mobile]

"DevKey"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00

Alternatively, the key can be overwritten using a registry editor.

Once the encrypted form of the device key has been zeroized, the form of the device key that is in use in

the module can be removed by switching the module off and then on again.

revision].The information in this document is provided only for educational purposes and for the

convenience of McAfee's customers. The information contained herein is subject to change without

notice, and is provided "as is" without guarantee or warranty as to the accuracy or applicability of the

information to any specific situation or circumstance. McAfee, Avert, and Avert Labs are trademarks

or registered trademarks of McAfee, Inc. in the United States and other countries. All other names

and brands may be the property of others.

McAfee, Inc.

3965 Freedom Circle

Santa Clara, CA 95054,

888.847.8766