Re: require pin for EFS key access
From: Amit Rahul [MS] (arahul_at_online.microsoft.com)
Date: 03/31/04
- Previous message: Sahil: "Re: CAPICOM error"
- In reply to: David Comma: "Q: require pin for EFS key access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Mar 2004 00:27:10 -0800
I am not sure how big a files you need to keep encrypted but one option you
can look into is to use DPAPI to encrypt/decrypt your data. These APIs
encrypts data using user's crdentials but normally not the optimal solution
for encrypting loads of huge files and folders. These APIs provide a way to
force high protection on encrypted data so that you are required to input
extra password for encrypting and then decrypting data. You can check out
MSDN for CryptProtectData/CryptUnprotectData APIs.
-- Thanks, Amit Rahul [MS] This posting is provided "AS IS" with no warranties, and confers no rights. "David Comma" <dcomma2002@yahoo.com> wrote in message news:cef6b684.0403291415.177764c3@posting.google.com... > Is there a way to require the user to type in a pin separately before > accessing files encrypted with EFS? > I understand that the user's login password is used to encrypt the EFS > private key needed to decrypt the FEK. > But, I want the user to type in a second password before accessing EFS > files on his machine. > > One possible way is if I could set a password on the EFS private key > in the provider. That way an access from the EFS driver will cause the > user to be prompted for this password. I believe this is possible for > keys in general(strong private key protection). > Is there some problem with this approach? > > If this works, I'd greatly appreciate a pointer to the > procedure/source code. > > Thanks, > > David
- Previous message: Sahil: "Re: CAPICOM error"
- In reply to: David Comma: "Q: require pin for EFS key access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
