Page 1
Aegis Fortress
User
Guide
Remember to save your PIN in a safe
place. If lost or forgotten, there is no way
to access the drive.
If you are having difculty please refer
to the complete user’s manual which is
loaded on your Aegis Fortress drive and is
also available at Apricorn’s website at:
www.apricorn.com/support
Page 2
Table of Contents
About the Aegis Fortress Drive 4
Package contents 4
Aegis Fortress - Connections 5
Before you begin 5
Connecting the Aegis Fortress 5
Connecting with the USB Y-Cable 6
Aegis Fortress Keypad Panel 7
First Time Use 7
LED states and their meaning 8
Locking the Drive 9
Unlocking the Drive 9
Admin Mode 9
Changing the Admin PIN 9
Adding a new User PIN 10
Deleting the User PINs 11
Changing the User PIN 11
Setting and Using Recovery PINs 12
Setting Read-Only or Read / Write from Admin 13
To set the drive to Read-Only: 13
To return the drive to Read / Write: 13
Setting Read-Only or Read / Write from User 14
To set the drive to Read-Only: 14
To return the drive to Read / Write: 14
Setting LED Flicker Functionality 15
Aegis Fortress Brute Force Protection 17
Setting a Self-Destruct PIN 18
Performing a Complete Reset 19
Initializing and Formatting After Reset 19
Hibernating or Logging off from the OS 20
Aegis Fortress Setup for Mac OS 21
Diagnostic Mode 22
Troubleshooting 23-24
Technical Support 25
Warranty and RMA information 25
Copyright © Apricorn, Inc 2017. All rights reserved.
Windows is a registered trademark of Microsoft Corporation.
All other trademarks and copyrights referred to are the property of their
respective owners.
Distribution of modied versions of this document is prohibited without
the explicit permission of the copyright holder.
Distribution of the work or derivative work in any standard (paper) book
form for commercial purposes is prohibited unless prior permission is
obtained from the copyright holder.
DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR
IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID
Setting the Minimum PIN Length 15
Setting the Unattended Auto Lock Feature 15
Setting Lock Override Mode 16
(Rev 2.2) 5/08/2017
Page 3
About the Aegis Fortress Drive
Aegis Fortress - Connections
The Aegis Fortress is certied
and tested to NIST FIPS 140-2
Level 2 requirements for your
most sensitive data’s storage and
transportation
Sporting an easy-to-use
membrane-type coated keypad
design that is resistant to key
wear, impervious to dust and grit,
and with software-free setup and
operation, the Aegis Fortress
Edition enables you to access the
drive simply and easily with your
own unique PIN. And the super fast
integrated USB 3.0 cable allows
you to access your data up to 10x
faster than a USB 2 connection.
Before you begin
Be sure to review the following information before you begin to use the
Aegis Fortress.
Attention: Use only the included cables with your Aegis Fortress.
You might damage the drive if you use a cable not included with the
Aegis Fortress.
The Aegis Fortress is designed for portable use without an AC power
adapter and in most cases will be able to power on a single USB port.
In the event that the Aegis Fortress is unable to power on a single USB
connection, use the included USB Y-cable.
Connecting the Aegis Fortress
1. Attach the integrated USB cable of the Aegis Fortress drive to an
available USB port on your computer, as shown below.
NOTE: While the Aegis Fortress will work with any USB port, for the
fastest speeds connect to a USB 3.0 port on your computer.
2. At least one of the Aegis Fortress LEDs should turn on, indicating that
the Aegis Fortress is receiving power.
Package contents
• Aegis Fortress drive with
integrated USB 3.0 cable
• Travel pouch
• USB Y-cable
• Quick Start Guide
Aegis Padlo ck FIPS
Quick Start Guide
SHIFT button
1
UNLOCK button
2
4
LOCK button
3
LED Indicator lights
4
3
When you rst plug in the FIPS
Padlock, the unit will do a self-test
to verify all security components
2
are working properly. The LEDs
will go through 3 test stages
RED, GREEN, and BLUE. This
1
will be followed by three GREEN
ashes on a successful test. Any
test failure will leave the unit in an
interoperable state with the RED
First Time Use
Before the Padlock can be used, the Admin PIN MUST be set. The LED will display
Solid BLUE and Blinking GREEN to indicate the Padlock is waiting for a PIN to be set.
To Set-up the Admin PIN:
1. Press UNLOCK + 9. The LED will be Solid BLUE / Blinking GREEN.
2. Enter the new Admin PIN and press UNLOCK key. If accepted the LED will ash
3. Re-enter the Admin PIN and press the UNLOCK key. If accepted the GREEN
4. LED will then turn BLUE and remain in Admin mode for 30 seconds or if the
5. The Admin PIN is now set and will allow access to the drive or the Admin features.
6. To UNLOCK the drive, enter the new PIN and press UNLOCK.
LED ashing.
BLUE followed by 3 short blinks of the GREEN LED.
LED will be Solid for 3 seconds.
LOCK key is pressed, will return the drive to a standby state.
*Note: PINs must be a minimum length of 7 maximum 16.
Cannot contain all consecutive numbers (2345678 or 8901234)
Cannot contain all same number (1111111)
The SHIFT key can be used for additional combinations.
SHIFT + 1 are a separate value than just 1.
If none of the LEDs turn
on or the drive locks when
writing to the disk, use the
included USB Y-cable.
Refer to directions on the
following page
4
5
Page 4
Connecting with the USB Y-Cable
Aegis Fortress Keypad Panel
If none of the Aegis Fortress LEDs power on a single USB connection, use
the included USB Y-cable.
1. Attach the Aegis Fortress’s integrated USB cable to the female connector
of the USB Y-cable.
2. Connect the two male USB connectors to two available USB ports on
your computer.
3. At least one of the Aegis Fortress LEDs should turn on, indicating that
the Aegis Fortress is powered.
1
2
4
3
4
3
CONFIGURABLE
2
1
First Time Use
Before the Fortress can be used, the Admin PIN MUST be set. Both the BLUE and GREEN
LEDs glowing constantly indicate that the Admin PIN has yet to be established.
First ensure that the device to be
congured has the “congurable”
logo on the belly label. Also, DO NOT
perform the following Manual Admin
and USER PIN SETUP steps below;
The Aegis Congurator will only
recognize devices in their factory
“out of box” state or devices that
have been completely reset.
NOTE: if you are using the
Aegis Congurator to set
up your Aegis Fortress,
SHIFT button
UNLOCK button
LOCK button
LED Indicator lights
When you rst plug in the FIPS Fortress, the unit will do a self-test to verify all security
components are working properly. The LEDs will go through 3 test stages RED, GREEN,
and BLUE. This will be followed by three GREEN ashes on a successful test. Any test
failure will leave the unit in an inoperable state indicated by a ashing RED LED.
To Set-up the Admin PIN:
1. Press the UNLOCK + 9 buttons. The BLUE LED will continue glowing constantly but the
GREEN LED will now blink.
2. Enter the new Admin PIN and press the UNLOCK button. If accepted, the GREEN LED
will blink three times by itself, then will be rejoined by the constant BLUE LED.
3. Re-enter that Admin PIN and press the UNLOCK button once more. If accepted, the
GREEN LED will glow constantly for 3 seconds until replaced by the BLUE LED glowing
constantly, indicating that the Fortress is now in the Admin Mode and will remain in that
mode for 30 seconds of inactivity or if the LOCK button is pressed, at which time the
drive will return to a standby state.
4. The Admin PIN is now set and can be used to both access the drive’s data and the
Admin features and settings. To exit the Admin Mode and access the drive’s storage,
press the LOCK button, then enter the Admin PIN and press the UNLOCK button.
PINs must be a minimum length of 7 and a maximum of 16 digits. By default,
Cannot contain all consecutive numbers (2345678 or 9876543)
Cannot contain all same number (1111111)
6
The SHIFT key can be used for additional combinations.
SHIFT + 1 are a separate value than just 1.
minimum is set to 7, but can be programmed to be up to 16 for enhanced security.
7
Page 5
LED States and Their Meaning
Locking the Drive
No LEDs Drive locked, power switch is off, device unplugged
Blinking RED Error / incorrect button entry; Mode Not Available;
User PIN Change
Solid RED Locked / Standby state; Awaiting PIN entry
Blinking GREEN Button-entry accepted
Solid BLUE /
Blinking GREEN
Solid BLUE Admin Mode
Solid GREEN Drive unlocked
Slow Blinking BLUE Drive unlocked in Lock-Override Mode
Solid GREEN /
Slow Blinking RED
Alternating
RED / BLUE
One second of RED
followed by one
second of GREEN
followed by one
second of BLUE
Three Seconds of
Solid RED / GREEN
Waiting for New User or Admin PIN to be
established
Drive unlocked in Read-Only Mode
Indicates a mode has been entered that can result
in the deletion of a User or the data on the drive
(depending on the mode chosen.)
Also used when setting Auto-lock feature
Self-test mode to ensure all components are ready
and working properly
During Reset Process, indicates successful
resetting of cryptographic security parameters
To lock the drive, press the LOCK button.
If data is still being written to the drive, the Fortress will wait until all data has been written to
the drive and then it will lock automatically.
Note: The Aegis Fortress will not be recognized by any operating system in its standby state.
Unlocking the Drive
To unlock the drive:
Enter either a User PIN or Admin PIN and press the UNLOCK button.
Admin Mode
To enter the Admin Mode, do the following:
1. Attach the USB cable to an available USB port on your computer. After conducting a
self-check, the Fortress will go into Standby Mode, indicated by a constant RED LED.
2. Press and hold the UNLOCK + 0 buttons together for ve seconds until the RED LED
starts blinking.
3. Enter the Admin PIN and press the UNLOCK button.
4. A constant BLUE LED indicates that the drive is now in Admin Mode.
Changing the Admin PIN
You can change the Admin PIN by doing the following:
1. Enter Admin Mode (UNLOCK + 0 for ve seconds. Enter Admin PIN and press UNLOCK).
2. Press the UNLOCK + 9 buttons together until the BLUE LED glows constantly and the
GREEN LED starts bllinking.
3. Enter the new PIN and press the UNLOCK button--the PIN must be a minimum of 7
digits and a maximum of 16 digits. The GREEN LED will blink three times by itself and
then will be rejoined by the constant BLUE LED.
4. Re-enter the new Admin PIN and press the UNLOCK button again. The GREEN LED
will glow for two seconds and will be replaced by constant BLUE LED indicating that the
Admin PIN has been changed successfully and you’re back in the Admin Mode.
8
9
Page 6
Adding a new User PIN
Deleting the User PINs
If no additional User beyond the Admin will be permitted to access the Fortress’s data, disregard
the next two pages as they pertain to User PIN settings.
In addition to the Admin PIN, there can also be up to four User PINs allowed to access the drive
as well. Adding Users is a perfect way to securely share the Aegis Fortress or deploy it for use
where the Users do not require access to the key’s Admin features. While the Users have limited
functionality and no Admin rights to the drive, they can still access its data, change their own
User PINs, and set the drive to Read Only or Read / Write mode.
There are two ways to establish a User PIN: Admin generated while in Admin Mode, or User
generated while in User Forced Enrollment State.
A.) ADMIN-GENERATED USER PIN
1. Enter the Admin Mode by holding UNLOCK + 0 for ve seconds; With RED LED blinking,
enter the Admin PIN and press the UNLOCK button. The BLUE LED will glow solidly.
2. Press the UNLOCK + 1 buttons together until the BLUE LED glows solidly and the
GREEN LED starts blinking.
3. Enter the User PIN* and press UNLOCK. The GREEN LED will blink three times by
itself, then the BLUE LED will glow solidly as the GREEN LED continues blinking.
4. Re-enter that same User PIN and press UNLOCK. The GREEN LED will glow solidly
for three seconds verifying that the User PIN was successfully added, and then will be
replaced by the BLUE LED glowing solidly, indicating that the key has returned to the
Admin mode.
5. For each additional User PIN, repeat steps 2 - 4.
B.) USER-GENERATED USER PIN (USER FORCED ENROLLMENT)
Note: User Forced Enrollment state can only be implemented where there is no
Admin-generated User PINs set up as described in the process above.
User Forced Enrollment Security Warning:
When a drive is in the User Forced Enrollment state, it is essentially unlocked until a User
PIN is established. Therefore, DO NOT load sensitive data onto the drive if User Forced
Enrollment is to be implemented.
1. Enter the Admin Mode by holding UNLOCK + 0 for ve seconds; With RED LED blinking,
enter the Admin PIN and press the UNLOCK button. The BLUE LED will glow solidly.
2. Press 0 + 1 and the GREEN LED will blink three times, then will be replaced by BLUE
LED glowing solidly. Press the LOCK button to return the key to its locked state. The key
is now in User Forced Enrollment State, allowing a User to establish his own User PIN.
CREATING USER-GENERATED USER PIN IN FORCED ENROLLMENT STATE
1. Press UNLOCK and ensure that the BLUE LED is glowing solidly with the GREEN LED
blinking. Enter the new User PIN and press the UNLOCK button. The GREEN LED will
blink three times by itself and then will be joined by the BLUE LED glowing solidly.
2. Within 30 seconds, enter that same User PIN once more, and press the UNLOCK button
again. This time, the GREEN LED will glow solidly for a few seconds, then the drive will
return to its locked state, indicated by the RED LED glowing solidly. The key’s data can
now be accessed using either the User PIN or the Admin PIN.
* Note: Default setting for minimum PIN length is 7 characters,
and a maximum of 16.
You can delete ALL User PINs by doing the following:
1. Enter the Admin Mode (UNLOCK + 0 for ve seconds. Enter Admin PIN and press UNLOCK).
2. Press and hold 7 + 8 for ve seconds until the LED ashes GREEN three times and then
changes to BLUE / RED alternating.
3. Press and hold 7 + 8 a second time for ve seconds until the LED goes on solid GREEN
for two seconds and then back to solid BLUE, this indicates that the User PINs were
deleted successfully.
Changing the User PIN
You can change the User PIN by doing the following:
1. Unlock the drive by inputting your User PIN and pressing the UNLOCK button.
2. Press and hold UNLOCK + 1 until the LED ashes RED.
3. Enter your current PIN and press UNLOCK.
The LED will be Solid BLUE and Solid GREEN.
4. Enter the new PIN and press UNLOCK (The PIN must be a minimum of 7 digits and
a maximum of 16 digits). The LED will ash GREEN three times, then returns to Solid
BLUE and Blinking GREEN.
5. Re-enter the new User PIN and press UNLOCK. The LED stays solid GREEN
indicating that the User PIN has been changed successfully.
10
11
Page 7
Setting One-Time-Use Recovery PINs
Setting Read-Only or Read / Write modes
Gives the Admin the ability to set Recovery PINs that will allow a User to access data on the
Secure Key in the event of a forgotten PIN. The Admin can establish up to four one-time-use
Recovery PINs. Once a Recovery PIN has been used to access the Secure Key, it will no
longer be available. NOTE: The Recovery PIN will not unlock the device, but will place the
Secure Key into a User Forced Enrollment state, where the User can then establish a new
User PIN and then access the Key’s data.
1. Enter the Admin mode. (Hold UNLOCK + 0 for ve seconds. With the RED LED blinking,
enter the Admin PIN and press the UNLOCK button.) The BLUE LED will now glow solidly.
2. Press the UNLOCK + 8 buttons. The GREEN LED will blink three times by itself, and then will
be joined by a solid BLUE LED.
3. Enter the Recovery PIN and press the UNLOCK button. If PIN is accepted, the GREEN LED
will blink three times.
4. Repeat by entering that same Recovery PIN and pressing the UNLOCK button again. If PIN is
accepted for the nal time, the GREEN LED will blink three times and the Secure Key will then
return to the Admin mode indicated by a solid BLUE LED.
5. To add more Recovery PINs, repeat steps 2-4. When nished, press the LOCK button to
return Key to its Standby mode.
Using a One-Time-Use Recovery PIN
Remember that using a Recovery PIN to set the Secure Key into User Forced Enrollment
renders that PIN unavailable.
1. With the Secure Key in Standby mode, press and hold the UNLOCK + 7 buttons together for
ve seconds and release once the RED LED starts blinking.
2. Enter a recovery PIN (from Admin) and press the UNLOCK button. The GREEN LED will blink
three times by itself, and then will be joined by a solid BLUE LED indicating the Key is in User
Forced Enrollment mode.
3. Enter a new User PIN and press the UNLOCK button. The GREEN LED will blink three times
if accepted.
4. Re-enter that same new User PIN and press the UNLOCK button again to verify it. If
accepted, the GREEN LED will blink three times and then the Secure Key will return to its
Standby state, indicated by the RED LED glowing steadily. The Secure Key will now be
accessable using this new User PIN.
from Admin Mode
With a large number of viruses and Trojans that attach themselves to USB keys, this feature is especially useful if you need to access data on the key when used in a public setting. Additionally, Read-Only is an important feature for forensic applications, where data
must be preserved in its original, unaltered state and can’t be overwritten or modied. The
Admin can set the key to a Read-Only mode for both the Admin and the User. When set by
the Admin, the Admin is the only one that can change the key back to Read / Write mode.
When the key is unlocked in Read-Only mode and inserted into a USB port, the GREEN
LED will glow solidly and the RED LED will blink once every three seconds.
To set the drive to Read-Only:
1. 1. Enter the Admin mode. (Hold UNLOCK + 0 for ve seconds – with RED LED blinking,
enter the Admin PIN and press the UNLOCK button.) The BLUE LED will glow solidly.
2. 2. Press and hold the r + o (7 + 6) buttons together for three seconds. The GREEN LED
will blink three times.
3. 3. The key will return to Admin mode. The BLUE LED will glow solidly.
4. 4. Until changed, the key can only be read.
To return the drive to Read / Write:
1. 1. Enter the Admin mode. (Hold UNLOCK + 0 for ve seconds – with the RED LED
blinking, enter the Admin PIN and press the UNLOCK button.) The BLUE LED will glow
solidly.
2. 2. Press and hold the r + w (7+ 9) buttons together; the GREEN LED will blink three
times.
3. 3. The key will return to Admin mode, indicated by the BLUE LED glowing solidly and the
key will be restored to its normal Read / Write condition.
12
Important Note
Setting the drive to Read / Write from Admin mode will over ride any
User Read Only settings.
13
Page 8
Setting Read-Only or Read / Write from
Setting LED Flicker / Button Press Indicator
the User mode
NOTE: When changing Read-Only or Read / Write settings, do not make these changes
with the key attached to an operating system. This may cause confusion within the
operating system about the proper status of the key and the key may not function
properly until the operating system has been restarted. This mode will allow the User
to set the Read / Write status of the key, without having access to the Admin functions.
When the key is unlocked in Read-Only mode and inserted into a USB port, the RED
LED will blink once every three seconds while the GREEN LED will glow solidly. If the
key is set to be Read-Only in the Admin mode, the User cannot override that setting.
Only the Admin can return the key to Read / Write Mode.
To set the drive to Read-Only:
1. Press the UNLOCK button to wake the key. The RED LED will glow solidly.
2. Press the r + o (7 + 6) buttons together for three seconds. The GREEN LED will blink
three times.
3. Enter the User / Admin PIN and press UNLOCK. The GREEN LED will blink.
4. The Key will be in a Read-Only state the next time it is unlocked.
To return the drive to Read / Write:
1. Press the UNLOCK button to wake the key. The RED LED will glow solidly.
2. Press and hold r + w (7+ 9) for three seconds. The GREEN LED will blink three times.
3. Enter the User / Admin PIN and press UNLOCK. The GREEN LED will glow solidly.
4. Key will return to unlocked mode and can now be written to, indicated by the blinking
GREEN LED.
Important Note
Any changes to the Read-Only or Read / Write settings in User Mode will only affect
the user that unlocked the drive, any other users will be unaffected.
To set the drive in the Read-Only mode for all users, set the Read-Only mode using
the Admin function.
Creates a ickering effect in LED lights indicating positive button presses
1. Enter the Admin mode. (Hold UNLOCK + 0 buttons for ve seconds – with RED LED
blinking, enter the Admin PIN and press the UNLOCK button.) The BLUE LED will glow
solidly.
2. Once in the Admin mode, press 0 + 3 together to enable LED Flicker mode.
3. To disable LED Flicker mode, (while in Admin mode) press the 0 + 3 buttons together.
Setting Minimum PIN Length Requirement
The Secure Key’s minimum PIN length default setting is 7, however, for greater security, a
longer minimum PIN setting of up to 16 characters can be implemented.
1. Enter the Admin mode. (Hold UNLOCK + 0 for ve seconds – with RED LED blinking,
enter the Admin PIN and press the UNLOCK button.) The BLUE LED will glow solidly.
2. Press the UNLOCK + 4 buttons; The RED LED will blink.
3. Pressing two digits, enter the new minimum PIN length; e.g.: 08 = 8 characters, 11 = 11
characters, etc.
4. If accepted, the GREEN LED will blink three times and the Secure Key will return to the
Admin mode, indicated by the BLUE LED glowing solidly. If the numeric entry is below
07, or greater than 16, the RED LED will blink three times indicating entry error and your
command will not be accepted.
Setting the Unattended Auto Lock Feature
To protect against unauthorized access if the drive is unlocked and unattended, the Aegis
Fortress can be set to automatically lock after a pre-set amount of time. In its default state, the
Aegis Fortress Unattended Auto Lock feature is turned off. The Unattended Auto Lock can be
set to activate after 5, 10 or 20 minutes.
To set the Unattended Auto Lock please uses the following steps:
1. Enter the Admin mode by pressing and holding UNLOCK + 0 for ve seconds until the
LED ashes RED. This indicates that you can enter the Admin PIN.
2. Enter the Admin PIN and press UNLOCK. The drive is in Admin Mode when the LED has
changed to solid BLUE.
3. Once in Admin mode, press UNLOCK + 6. The LED should start ashing RED and BLUE
intermittently.
4. Press one of the numbers below that corresponds to amount of time you would like the
drive to lock after no activity:
1=5 minutes
2=10 minutes
3=20 minutes
0=OFF
The Default is OFF for this feature.
5. After you have input the number, the LED should ash GREEN 3 times to indicate that you
have successfully set the Unattended Auto Lock feature.
14
15
Page 9
Lock-Override Mode
Aegis Fortress Brute Force Protection
Certain users may encounter a case where they need the key to remain unlocked during
a reboot, passing the key through a virtual machine or other similar situation which, under
normal circumstances, would cause the key to lock. To help facilitate this use case, “LockOverride Mode” will allow the key to remain unlocked through USB port re-enumeration and
will not lock again until USB power is interrupted.
NOTE: When in this mode, the key is vulnerable to being moved from one computer
and connected to another computer provided USB power is uninterrupted. Due to this
vulnerability, we strongly recommend this mode be used ONLY in circumstances where
the key can be physically secured (as in a locked Server Room) or in a place where it can
be visually monitored while in this mode. Use of a powered hub or a Y-cable increases this
security risk.
Always return the key to the default Lock-Override Mode OFF when returning to normal
service.
To set the “Lock-Override” to On:
1. Enter the Admin Mode (Press and hold UNLOCK + 0 for ve seconds until the RED LED
blinks, then enter the Admin code and press the UNLOCK button. The BLUE LED will
glow solidly.)
2. Press and hold 7 + 1 for three seconds. The GREEN LED will blink three times, then the
BLUE LED will glow solidly.
3. When the key is unlocked and attached to a USB port in “Lock-Override Mode”, the
BLUE LED will blink once every three seconds to alert you that “Lock-Override” mode is
active.
Note: If “Unattended Auto-Lock” mode has been turned on, “Lock-Override” will not override
it; the key will lock itself upon reaching the selected amount of inactivity. If you need the key
to stay unlocked, Enter the Unattended Auto-Lock Feature and set the lock timer to “0” (0 =
OFF; See Page 15.)
To turn Lock-Override Mode off and return to normal operation:
4. Enter the Admin Mode (Press and hold UNLOCK + 0 for ve seconds until the RED LED
blinks. Then enter the Admin code and press the UNLOCK button. The BLUE LED will
glow solidly.)
5. Press and hold 7 + 0 for three seconds. The GREEN LED will blink three times then the
BLUE LED will glow solidly.
6. To verify, unlock the key in User mode and check that the BLUE LED is no longer
blinking.
What is Brute Force Attack?
A brute force attack is a method of defeating a cryptographic scheme by systematically
trying a large number of possibilities; for example, a large number of the possible keys in
a key space in order to decrypt a message. In most schemes, the theoretical possibility
of a brute force attack is recognized, but it is set up in such a way that it would be
computationally infeasible to carry out.
Accordingly, one denition of “breaking” a cryptographic scheme is to nd a method faster
than a brute force attack.
Brute Force Feature
After FIVE tries entering the incorrect user or admin PIN attempts, the keypad will not
respond and LED will turn off. The drive will need to be unplugged from the USB port and
re-plugged.
If the user, unsuccessfully tries to UNLOCK the drive on the 10th try the keypad will lock
and the LED will begin blinking RED quickly. Even after unplugging and re-plugging in the
unit, the drive will remain locked and the LED will continue to blink rapidly.
Here are the steps to allow the user to unlock the keypad for 10 more attempts to
unlock this drive.
1. Unplug the device from the computer
2. Push and hold the number ve key and plug-in the drive
3. The LED will be blinking alternating RED and GREEN rapidly
4. Enter the PIN 5278879 and press UNLOCK.
5. The keypad will unlock and will be in the standby state with the LED solid RED, this will
allow only 10 more attempts
6. After a total of 20 Attempts the drive will remain locked with the LED ashing RED
quickly. You must now go through the reset process and reformat the drive to be able
to use the drive again.
16
17
Page 10
Setting a Self-Destruct PIN
Performing a Complete Reset
For certain users, it’s important to have a “last-resort” level of security where sensitive data
falling into the wrong hands must be avoided. The Secure Key’s Self-Destruct PIN defends
against physically compromising situations by erasing the key’s contents, leaving it to look
as if it never had any data written to it. *USE WITH CAUTION* When this mode is activated
and the key is unlocked with the Self-Destruct PIN, it will effectively perform a crypto-erase
on the key, deleting all of its data. Additionally, the encryption key will be deleted and a new
encryption key will be created to take its place. When this Self-Destruct PIN is deployed,
the key will unlock and the GREEN LED will glow solidly as if the key is being normally
unlocked. The key, however, will need to be partitioned and formatted before it can be used
again. The previous Admin and User codes will be deleted in the crypto-erase and the SelfDestruct PIN will then become the new Admin PIN to unlock the key.
The self-destruct PIN can be set by either the Admin or the User. If the Admin sets the selfdestruct PIN, only the Admin can disable or change the PIN. If the User sets the self-destruct
PIN, both the User and the Admin can change or overwrite the PIN.
Note: The Self-Destruct PIN must be different from the Admin PIN and User PIN.
1. By default, the Self-Destruct feature is disabled. To allow the Secure Key to be set with
a Self-Destruct PIN, Enter the Admin mode. (Hold UNLOCK + 0 for ve seconds – with
RED LED blinking, enter the Admin PIN and press the UNLOCK button.) The BLUE
LED will glow solidly.
2. Press the 7 + 4 buttons together*. The GREEN LED will blink three times and at this
point, the Self Destruct PIN can now be set by the Admin while the Key is in the Admin
mode, or it can be set up at another time by the User (after the Key is unlocked with the
User PIN) with the following steps.
3. Press UNLOCK + 3 for ve seconds. The RED and BLUE LEDs will blink alternately.
4. Enter the Self-Destruct PIN and press UNLOCK. The GREEN LED will blink three times
and then will return to RED and BLUE LEDs blinking alternately.
5. Re-enter the Self-Destruct PIN and press UNLOCK. The GREEN LED will glow solidly
for three seconds and then will return to either the Admin mode (indicated by the BLUE
LED glowing solidly) or the unlocked state if created by User.
*NOTE: To disable / discard a Self-Destruct PIN, Press the 7 + 4 buttons together for
a second or two; successful disablement / removal will be indicated by three RED LED
blinks. To re-enable the Self-Destruct PIN mode, press the 7 + 4 buttons again and
three GREEN LED blinks will indicate that it’s ready to accept a new Self-Destruct PIN.
Repeat steps 3 through 5.
To perform a complete reset of the drive, do the following:
1. Press and hold the LOCK button while you attach the Aegis Fortress to an available
USB port on your computer. The LED will ash RED, GREEN and BLUE alternately.
2. Release the LOCK button.
3. Within ve seconds of releasing the LOCK button, FIRMLY Press and hold
LOCK + UNLOCK + 2 for 10 seconds.
• If successful, the LED will turn Solid GREEN for two seconds, followed by
Solid BLUE and Solid GREEN.
• If unsuccessful, the LED will continue to cycle from RED to GREEN to
BLUE for 30 seconds and then return to Solid RED. To re-start the process.
Remove the USB cable and then repeat step 1.
Initializing and formatting the Aegis Fortress
after a complete reset
A complete reset of the Aegis Fortress will erase all information and partition settings. You
will need to initialize and format the Aegis Fortress.
To initialize your Aegis Fortress, do the following:
1. After a complete reset, attach the Aegis Fortress to the computer.
2. Press UNLOCK + 9. The LED will change to Solid BLUE / Blinking GREEN.
3. Enter the new Admin PIN and press UNLOCK key. If accepted the LED will ash 3
short blinks of the GREEN LED, then return to Solid BLUE and Blinking GREEN.
4. Re-enter the Admin PIN and press the UNLOCK key. If accepted the GREEN LED
will be Solid for 3 seconds.
5. LED will then turn BLUE and remain in Admin mode for 30 seconds or if the LOCK
key is pressed, will return the drive to a standby state.
6. The Admin PIN is now set and will allow access to the drive or the Admin features.
7. To UNLOCK the drive, enter the new PIN and press UNLOCK.
8. Windows 7 and earlier: Right-click My Computer, and then click Manage from the
Windows desktop.
Windows 8: Right click left corner of desktop and select Disk Management.
9. In the Computer Manage window, click Disk Management. In the Disk Management
window, the Aegis Fortress is recognized as an unknown device that is uninitialized
and unallocated.
10. Do the following to make the drive recognized as a basic drive.
• If the Initialize and Convert Disk Wizard window opens, click Cancel, then
initialize the disk manually using the following steps.
a. Right-click Unknown Disk, and then select Initialize Disk.
b. In the Initialize Disk window, click OK.
18
19
Page 11
Initializing and formatting the Aegis Fortress
after a complete reset (cont’d)
Aegis Fortress Setup for Mac OS
®
11. Right-click in the blank area under the Unallocated section, and then select New
Partition. The Welcome to the New Partition Wizard window opens.
12. Click Next.
13. Select Primary partition and click Next.
14. If you need only one partition, accept the default partition size and click Next.
15. Click Next.
16. Create a volume label, select Perform a quick format, and then click Next.
17. Click Finish.
18. Wait until the format process is complete. The Aegis Fortress will be recognized and
it is available for use.
Hibernating, Suspending, or Logging off from the Operating System
Be sure to save and close all the les on your Aegis Fortress before
hibernating, suspending, or logging off from the Windows operating
system.
It is recommended that you lock the Aegis Fortress manually before
hibernating, suspending, or logging off from your system.
Your Aegis Fortress is preformatted in NTFS for Windows. To reformat the
drive to a Mac compatible format please read the below.
Once the drive is unlocked, open Disk Utility from Applications/Utilities/
Disk Utilities.
To format the Aegis Fortress:
1. Select the Aegis Fortress from the list of drives and volumes. Each
drive in the list will display its capacity, manufacturer, and product
name, such as 232.9 Apricorn Fortress.
2. Click the ‘Erase’ tab.
3. Enter a name for the drive. The default name is Untitled. The drive’s
name will eventually appear on the desktop.
4. Select a volume format to use. The Volume Format dropdown
menu lists the available drive formats that the Mac supports. The
recommended format type is ‘Mac OS Extended (Journaled).’
5. Click the ‘Erase’ button. Disk Utility will unmount the volume from the
desktop, erase it, and then remount it on the desktop.
To log off the Aegis Fortress, double-click Safely Remove Hardware on the
Windows desktop and remove the Aegis Fortress from your computer.
Attention: To ensure the data integrity of your Aegis Fortress, be
sure to lock or log off your Aegis Fortress if you are:
• away from your computer
• using the switching user function by sharing a computer with
others
20
21
Page 12
Diagnostic Mode
Troubleshooting / FAQs
The keypad has a manual diagnostic mode built in to verify proper keypad
function. This mode will not allow access to any data or admin function. It
can only be used to identify the rmware level and to test button recognition.
The diagnostic mode is also useful for troubleshooting key issues.
To enter the diagnostic function:
1. From standby mode, press the LOCK + 1 buttons together, release, and
while the RED and BLUE LEDs blink alternately, press and hold the 0
button until all three LEDs illuminate together at once.
2. The LED will ash BLUE for the major and minor revisions and RED LED
to indicate (.) When complete, the LED will return to a solid BLUE LED
(Example: Four BLUE ashes followed by one RED ash followed
by one BLUE ash followed by one RED ash would indicate
version 4.1.)
3. Button presses after the revision will coincide with the number pressed
using the BLUE LED.
4. Example 1 = 1 ash, 2 = 2 ashes, 3 = 3 ashes,…. 0 = 10 ashes
5. Unlock = 11 ashes, Lock = 12 ashes.
6. To Exit the Diagnostic Mode, a power re-set is required. Unplug and
re-plug the USB cable to return to normal operation.
This section contains troubleshooting information for the Aegis Fortress. If
you encounter any of the following problems when using the Aegis
Fortress, refer to the corresponding answers.
Q: What can I do if I forget the User PIN?
A: Use your Admin PIN to enter Admin Mode, and then create another
User PIN in Admin Mode.
Q: What can I do if I forget the Admin PIN?
A: There is no other way to retrieve the Admin PIN except a complete
reset of the Aegis Fortress. After a complete reset, all data will be lost and
you will need to initialize, allocate and format the Aegis Fortress manually.
Q: Why did the operating system not recognize the Aegis Fortress
after I enter the User Mode and completely reset the computer?
A: You need to initialize, allocate and format the Aegis Fortress manually.
For more information, refer to Initializing and formatting the Aegis
Fortress after a complete reset in this manual.
Q: How do I use the Aegis Fortress without a PIN?
A: As a full disk encryption product, the Aegis Fortress can never be
used without a PIN.
22
Q: What encryption algorithm is used in this product?
A: The Aegis Fortress uses AES 256-bit algorithm.
Q: Why could I not initialize, partition or format the Aegis Fortress?
A: Ensure that you have administrator privileges. You will need Admin
privileges to use the Disk Management Utility.
Q: The LED is blinking RED and I can’t enter a code. Why?
A: Somebody has tried to access the drive and the code has been
entered 10 times incorrectly (see Brute Force section of this manual).
23
Page 13
Troubleshooting / FAQs (cont’d)
Quick Reference Guide for
Programming Key Combinations
Q: Why do the LEDs blink Blue, Red and Green after I plug the drive in?
A: When you rst plug the drive in, it does a self-test on the encryption
components of the drive. If any component fails the test, the LED will stop
on RED and the drive will not function.
Q: What is FIPS 140-2?
A: This is a government standard to accredit cryptographic modules. The
government regulates certain industries that collect, store and/or transfer
sensitive data to use security that meets this standard. For a general
explanation: http://en.wikipedia.org/wiki/FIPS_140-2
Q: What kind of speed can be expected out of this drive?
A: USB speed will be affected by a variety of factors (USB type – 1, 2 or
3, Host controller, Driver version, hard drive read/write speeds, Operating
System). On average, if using a USB 3.0 port, speeds should be from
80+ MB/s for a newer rotating drive and 250+ MB/s for a newer SSD
version. If you are experiencing lower than expected speeds, check to
make sure you have the latest host controller driver available. If you are
getting considerably less, make sure that you are plugged into a USB 3
port. USB 3 ports use a blue center contact.
Q: Is there any way to recover my data if I forget the PIN?
A: If an Admin PIN has been previously set, the Admin PIN can be used
to unlock the drive and recover the data. If you forget the PIN and do not
have an Admin PIN, the drive can be re-set so it can be used again, but
the data cannot be recovered.
Standby Mode
• 7+6 = Read-Only On
• 7+9 = Read-Only Off
Cancel +1 then hold 0 = Diagnostic Mode
User Mode
• Unlock + 1 = Enter User PIN (from forced enrollment state)
• Unlock + 3 = Set Self-Destruct PIN
ADMIN Mode
• Unlock + 0 = Enter Admin Mode
• Unlock + 1 = Create User PIN
• Unlock + 2 = not used
• Unlock + 3 = Set Self Destruct PIN Admin or User setup
• Unlock+ 4 = Set Minimum PIN length
• Unlock + 5 = Set Brute Force Attempts
• Unlock + 6 = Auto Lock
• Unlock + 7 = Set Recovery PIN
• Unlock + 8 = 1X Use to Enter Recovery PIN
• Unlock + 9 = Enter / Change Admin PIN
• 7+1 = Turn Lock Override On
• 7+0 = Turn Lock Override Off
• 7+ 4 = Disable / Enable Self-Destruct PIN
Q: Why does the LED indicate an error when I try to change the PIN?
A: PIN requirements for this drive are must meet a minimum security
level. There are several combinations that are not allowed, such as, all
repeating numbers, sequential number going up or down. The PIN must
also be a minimum of 7 digits and cannot be longer than 16 digits.
Q: What are the ECCN and HST codes used for shipping this device
outside the US?
A: ECCN: 5A992A and HTS code 8473.50.3000
24
• 7+6 = Read-Only On
• 7+9 = Read-Only Off
• 7+8 = Erase User and Self-Destruct PIN’s
• 0+1 = Set Forced-Enrollment for User
• 0+3 = Turn On LED Flicker When Entering PIN from Standby
• 0+4 = Turn Off LED Flicker When Entering PIN from Standby
Page 14
Technical Support
Apricorn provides the following helpful resources for you:
1. Apricorn’s Website (http://www.apricorn.com)
This gives you the ability to check for up-to-date information
2. E-mail us at support@apricorn.com
3. Or call the Technical Support Department at 1-800-458-5448
Apricorn’s Technical Support Specialists are available from 8:00
a.m. to 5:00 p.m., Pacic Standard Time Monday through Friday
Warranty and RMA information
Three Year Limited Warranty:
Apricorn offers a 3-year limited warranty on the Aegis Fortress against defects in materials
and workmanship under normal use. The warranty period is effective from the date of
purchase either directly from Apricorn or an authorized reseller.
Disclaimer and terms of the warranties:
THE WARRANTY BECOMES EFFECTIVE ON THE DATE OF PURCHASE AND MUST BE VERIFIED
WITH YOUR SALES RECEIPT OR INVOICE DISPLAYING THE DATE OF PRODUCT PURCHASE.
APRICORN WILL, AT NO ADDITIONAL CHARGE, REPAIR OR REPLACE DEFECTIVE PARTS
WITH NEW PARTS OR SERVICEABLE USED PARTS THAT ARE EQUIVALENT TO NEW IN
PERFORMANCE. ALL EXCHANGED PARTS AND PRODUCTS REPLACED UNDER THIS
WARRANTY WILL BECOME THE PROPERTY OF APRICORN.
THIS WARRANTY DOES NOT EXTEND TO ANY PRODUCT NOT PURCHASED DIRECTLY FROM
APRICORN OR AN AUTHORIZED RESELLER OR TO ANY PRODUCT THAT HAS BEEN DAMAGED
OR RENDERED DEFECTIVE: 1. AS A RESULT OF ACCIDENT, MISUSE, NEGLECT, ABUSE
OR FAILURE AND/OR INABILITY TO FOLLOW THE WRITTEN INSTRUCTIONS PROVIDED IN
THIS INSTRUCTION GUIDE: 2. BY THE USE OF PARTS NOT MANUFACTURED OR SOLD
BY APRICORN; 3. BY MODIFICATION OF THE PRODUCT; OR 4. AS A RESULT OF SERVICE,
ALTERNATION OR REPAIR BY ANYONE OTHER THAN APRICORN AND SHALL BE VOID. THIS
WARRANTY DOES NOT COVER NORMAL WEAR AND TEAR.
NO OTHER WARRANTY, EITHER EXPRESS OR IMPLIED, INCLUDING ANY WARRANTY OR
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, HAS BEEN OR WILL BE
MADE BY OR ON BEHALF OF APRICORN OR BY OPERATION OF LAW WITH RESPECT TO THE
PRODUCT OR ITS INSTALLATION, USE, OPERATION, REPLACEMENT OR REPAIR.
APRICORN SHALL NOT BE LIABLE BY VIRTUE OF THIS WARRANTY, OR OTHERWISE, FOR
ANY INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGE INCLUDING ANY LOSS OF
DATA RESULTING FROM THE USE OR OPERATION OF THE PRODUCT, WHETHER OR NOT
APRICORN WAS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
© Apricorn, Inc. 2016. All rights reserved.
12191 Kirkham Road
Poway, CA, U.S.A. 92064
1-858-513-2000 www.apricorn.com
Loading...