So you get a call from a tech, or they walk into your office, and tell you their TechClient says “Error Decrypting”. They say all my passwords are just “Error Decrypting”. What happened and what can be done about it?
First thing to try, is to make sure they have the latest version of the TechClient. https://ruffiansoftware.com/releases, and if they do, then try to do a “repair” install from the installer. I know this sounds like standard support advice, but it is standard advice because it often works.
If they are on the latest version of the TechClient, then keep reading….
No matter what the reason, drive crash, new computer, laptop run over by a truck, software update, malware, or careless file deletes, and then something else, and then something else….the root cause is that the Private RSA key for that tech has been lost. TechIDManager is based on some pretty strong asymmetric encryption where only the specific tech that should see the credential, can decrypt the credential information that is managed for them. This depends on them having their Private RSA key.
On the tech’s computer that key is stored in a directory named “RuffianSoftware” in their user’s folder. Everything in this folder is further encrypted, so you can’t just look at it and know the key. (We really care about security and protecting you from as many threat vectors as possible. Even admin access to a tech’s laptop can’t get a hacker access to their credentials for your clients’ networks that are stored in TechIDManager.)
To recover from this situation you have a few option.
Option 1.
If you exported the old key from TechClient before the directory was deleted, you can choose to import that key in the startup wizard in TechClient, or from the settings page.
- Tech – Open TechClient on Tech’s machine
- Tech – Go to the setting tab and select “Import Keys”
- Tech – Click Save/Upload
- Everything should be back to normal.
OR
- Tech – Renaming the user/RuffianSoftware directory to something else.
- Tech – Open TechClient on Tech’s machine and the startup wizard will start.
- Tech – Choose “Import” and follow the directions.
- Everything should be back to normal.
Option 2.
If you have a back up of the “RuffianSoftware” directory, you can restore that directory to get the key back.
- Tech – Restore the RuffianSoftware directory on the Techs’s machine
- Tech – Open TechClient on Tech’s machine (The Passphase to open TechClient needs to be the Passphare from when the directory was backed up).
- Everything should be back to normal.
Option 3.
Allow a key change and generate a new key. This will lose access to all the encrypted information until new credentials are made for the tech on each domain during the next normally scheduled password change.
Since ONLY the old key is able to decrypt the old information, all old information is lost. We are sorry, we don’t keep your keys, and don’t have access to your information (Again we are removing a threat vector, someone with admin access to our data can’t get access to your techs’ admin credentials to your clients’ networks.)
- Manager – On the Management Console change the Tech’s status to “allow key change”
- Tech – Delete the user/RuffianSoftware directory. (or save it off to the side by renaming it)
- Tech – Open TechClient and go through the setup wizard, choose the same username as before.
- Manager – On the Management Console change the Tech’s status back to active.
- At the next regularly scheduled password change time for each domain, a new password will be made and encrypted with the new key and sent to the Tech.
- The next morning everything should be back to normal.
We can help with any of these options via a screen share. Schedule time with a support person Schedule support help
