Re: EFS Private Keys Storage

From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 02/28/04 

Date: Fri, 27 Feb 2004 16:37:37 -0800

EFS private keys are stored in a user's application data. I haven't tried
this, but if the user has redirected AppData and the profile is scrubbed
from your Oracle server on logoff you might be able to meet your needs. The
key will exist on the machine at any time that the user is logged on (with
user profile) - I don't know if that matters.

If the database is going to be online all the time there's no way to keep
the private key somewhere else. That's true of EFS or any other kind of
encryption.

EFS doesn't support private keys on smartcards currently. 

-- 
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Choi Wai Kin" <choi4@i-cable.com> wrote in message
news:81a74f41.0402271620.521e29c1@posting.google.com...
> I am currently working on a new project using Oracle database to store
> condifental information.  My boss wants me to use EFS to encrypt the
> data files.  However, according to our department policy, the private
> key used for encrypting condifental must be stored in a different
> machine or in some kind of removable device (not in the database
> server).
>
> If I use a domain accout to encrypt the data files and then run all
> Oracle services on the domain account, is it ture that the private key
> will be stored in the domain controller instead of the local machine
> and the private key will only be retrieved from the domain controller
> when the Oracle services need to access the data file?  And will the
> private key be cached in the local harddisk?
>
> BTW, is it possible to store the private key in a smart card?  If so,
> I wonder if there is any reference or white paper that I can refer to.
>
> Thank you very much.
>
> Regards,
> Wai.
>
> PS: I guess my boss does carry if the data is really secure, and he
> only want to keep sure that we meet the department policy. :-)

Relevant Pages

  • Re: user does not have acces privileges
    ... Well what happens is when you encrypt a file with EFS a certificate and ... private key is created for you and stored in your user profile. ... reinstalled XP if you formatted your system drive then your EFS ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Ntbackup and EFS - unencrypt before backup???
    ... First realize that EFS is a NTFS file system attribute. ... and encrypt your files at the same time. ... user and the certificate and private key is held in their profile. ... > impossible to compress the backup (encrypted data is essentially random ...
    (microsoft.public.windowsxp.security_admin)
  • EFS encrypted data cannot be moved to another standalone computer?
    ... There is no way whatsoever to decrypt an EFS ... What about the computer on which I originally EFS encrypt is unique, ... > certificate and key stored on the DC), that can be used to recover users' ... EFS keeps your private key in cache until you log off. ...
    (microsoft.public.windowsxp.security_admin)
  • EFS encrypted data cannot be moved to another standalone computer?
    ... There is no way whatsoever to decrypt an EFS ... What about the computer on which I originally EFS encrypt is unique, ... > certificate and key stored on the DC), that can be used to recover users' ... EFS keeps your private key in cache until you log off. ...
    (microsoft.public.windowsxp.security_admin)
  • EFS encrypted data cannot be moved to another standalone computer?
    ... There is no way whatsoever to decrypt an EFS ... What about the computer on which I originally EFS encrypt is unique, ... > certificate and key stored on the DC), that can be used to recover users' ... EFS keeps your private key in cache until you log off. ...
    (microsoft.public.windowsxp.security_admin)