Re: securing folder on external disk(s)

From: Lionel Fourquaux (use.reply.to_at_no-spam.invalid)
Date: 06/09/04 

Date: Wed, 09 Jun 2004 13:46:37 +0200

Zen Andreas wrote:
> And, if you can delete the directories without permission, I
> think you can move or copy it somewhere else as well (without
> authorisation).

That's not completely true: you can destroy information without being
able to decrypt it. You cannot completely avoid this, since it's
possible to destroy the disk itself (or reformat it).

> Basically I want it to work like a car: if you have the key you
> can drive it else you have to break in with force (but that's
> where the encryption comes in I think).
>
> If, as you advices, I'd use the EFS. Where do I find the right
> key? and is it true where ever I bring the key I can gain access
> on the basis of this key alone?

The key is a self-signed certificate that is generated the first time
you use EFS. It's stored in a secure part of the registry, and tied to
your login account. Without this certificate (precisely, without the
private key), your files are encrypted using very strong cryptographic
algorithms. You can be pretty sure that nobody will be able to decode
them _as long as the private key is unknown_.

You should carefully back up this certificate, including the private
key, since you'll lose it if you reinstall, or even if you use a
password-reset disk. Without it, all your encrypted data will be lost.

Relevant Pages

  • RE: Relative Security Provided by Cached Domain Credentials?
    ... certificates assigned to them, with each certificate having a set number ... smart card management tools which provide private key archival for smart ... AND the cert is also valid for EFS, they likely would be able to do ... What you probably could get to work for local file encryption, ...
    (Focus-Microsoft)
  • Re: Corrupted Admin Profile
    ... > My view on EFS: ... > Do not to use encryption unless you are in a domain and you know ... as well not having created a Recovery Agent (with backup of the ... > Q241201 How to Back Up Your Encrypting File System Private Key ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS Private Keys
    ... It's possible to have a cluster that was in use that couldn't be wiped. ... > syskey was to EFS in W2K, ... >>> the private keys are protected however the key to the private key is ... >>> stronger encryption available for EFSfiles permanently if you don't. ...
    (microsoft.public.win2000.security)
  • Re: Corrupted Admin Profile
    ... > My view on EFS: ... > Do not to use encryption unless you are in a domain and you know ... as well not having created a Recovery Agent (with backup of the ... > Q241201 How to Back Up Your Encrypting File System Private Key ...
    (microsoft.public.windowsxp.security_admin)
  • Re: DRA is Decrypting Files when it shouldnt be!!!
    ... > EFS is allowing the RA to decrypt 200 files that were encrypted BEFORE an RA ... > encryption to get the RA to decrypt encrypted files. ... the default RA certificate was used. ... certificate and private key only when needed). ...
    (microsoft.public.windowsxp.security_admin)