Restoring a Device with an Exported Encryption Key Parent topic

Before you begin

A person assigned to the Security Administrator role must first export the relevant device keys to a ZIP file. The ZIP file and the encryption password are required to restore the devices.
After removing an encrypted device from SecureCloud, restore (decrypt) the device using the exported device keys. The Key Exporter tool decrypts the device keys and mounts the device if necessary.


  1. Extract the device key file from the ZIP file and save the file to the machine to which the device is attached.
    SecureCloud stores device keys in an XML file. The name of the XML file appears similar to 4B2071DC-22F9-4DC1-9CEF-60517EE98604.xml. The file name is an internal identifier that only SecureCloud uses.
  2. Navigate to the appropriate directory:
    • On Linux, type cd /var/lib/securecloud/
    • On Microsoft Windows, click Start and type cmd to open a command shell, then type cd C:\Program Files (x86)\Trend Micro\SecureCloud\Agent\
  3. Run the Key Exporter tool using one of the following commands:
    • On Linux, type $ ./ <key file.xml path>
    • On Microsoft Windows, type key_exporter.exe <key file.xml path>
  4. When prompted, supply the password used to encrypt the exported device keys.