From: Steven L Umbach (
Date: 06/08/05

Date: Wed, 8 Jun 2005 00:14:19 -0500

You can not export the private key for the user they must do that
themselves. While the user is logged on have them use the mmc snapin for
certificates for "user" and go to their personal/certificates folder. When
they find their certificate for Encrypted File System [or possibly user
certificate] have them right click the certificate, select all tasks and
export. The certificate used for EFS should have the ability to export their
private key [assuming the private key is present] unless at one time the
user exported and deleted it and then when importing it back into their
computer did not select the option to allow the private key to be exported.
The link below may be of help and see the section for how to backup your
certificate though it shows how to do such via Internet Explorer as another
possible way to do it.--- Steve;EN-US;223316

"Roland Hbner" <Roland> wrote in message
> Hallo,
> I have a Windows 2000 Server with Active Directory and 10 Clients. Now, I
> want to Data encryption on the Server. I have installed on a Windwos 2000
> Server a CA. A User from a Workstation can encryption a File, this is ok.
> The
> User allocate gets the Certificate.
> Therewith, the System very safely the User want to safe the private key
> on
> a Disk.
> But, I cannot export the private key. This function cannot selected.
> What can I do, at the Private key to export?

Relevant Pages

  • Re: ownCloud Unencrypted Private Key Exposure
    ... I have verified that ownCloud 7.0.1 on Debian Wheezy is vulnerable, happily exposing unencrypted 4096 bit RSA private keys in PHP session files upon user login. ... The leaked RSA private key which is used to encrypt/decrypt the key files ... Let's say the user data and file encryption key files are stored in one directory tree which is on "external storage". ... That is highly speculative on my part though and implies a distinction between the provider of the "external storage" and the "server administrator". ...
  • Re: DRA is Decrypting Files when it shouldnt be!!!
    ... > EFS is allowing the RA to decrypt 200 files that were encrypted BEFORE an RA ... > encryption to get the RA to decrypt encrypted files. ... the default RA certificate was used. ... certificate and private key only when needed). ...
  • Re: Private key generation
    ... As I wrote in my first answer to that thread - there are many situations when key pair is generated on trusted server. ... identity based encryption) simply requires generation of private key on server... ... High assurance keys (especially these that afterward are split in multiple shares using secret sharing schemes) may also require use of specialized equipment and computers that runs in a tempest/EM shielded locations. ... Default scenario supported by Microsoft Certificate Server is the most standard CA mode when CA just signs X509 certificate with emedded public keys. ...
  • Re: EFS and DRA. Admin unable to decrypt
    ... >So the certificate is used to identify the user & the ... EFS encryption key, the system will generate one for him. ... file using *his* private key, because his public key was incorporated ... into the public-key encryption of the FEK. ...
  • Key Recovery and Decryption
    ... I had the encryption key backed up on ... and designating a Data Recovery Agent. ... to install the Administrator's Data Recovery Certificate ... corresponding private key but if I try to export this ...