Re: Encryption



Hi Roger

Finally, I am able to open the file. It seems that we have to set the NTFS
permissions to everyone.

Many thanks again for your patience and help.

Richard

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:%23JKVOi2gHHA.4692@xxxxxxxxxxxxxxxxxxxxxxx
Perhaps your most direct route to move forward would then be to
- make sure anything encrypted with the other cert was copied into
a clear, unencrypted form
- export and save the other cert and key pair
- remove the other cert from the account's cert store
- see if things work, and if not yet
remove the copied-in cert/key and then re-add it (do not attempt
to encrypt anything in the meantime, and you will get yet another
EFS cert/key pair generated)
--
Roger
"Richard" <richardbee@xxxxxxxxxxx> wrote in message
news:epHBl%23ugHHA.392@xxxxxxxxxxxxxxxxxxxxxxx
The same account has two certs certified for encryption, one for the
user
and one imported. Which will it use?


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:uyWp5TpgHHA.4596@xxxxxxxxxxxxxxxxxxxxxxx

"Richard" <richardbee@xxxxxxxxxxx> wrote in message
news:uglKd%23mgHHA.4516@xxxxxxxxxxxxxxxxxxxxxxx
Hi Roger

If I encrypt a folder on the copied-to machine, it will use the user
(administrator) cert to encrypt and not the cert that was imported,
right?
So, after I encrypt the folder, I backup the folder to copied-from
machine
and export the key(administrator-copied-to machine) to copied-from
machine
and try to open the folder?


I was assuming you would do that test with the account which
had the cert/key imported, so the same EFS encryption would
be in play, just with reversed file movement.


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:OVT%23IckgHHA.3412@xxxxxxxxxxxxxxxxxxxxxxx
On the copied-to machine, can you encrypt and decrypt?
Can you move an encrypted file the other way, from the
copied-to to the copied-from of prior trial?

Roger

"Richard" <richardbee@xxxxxxxxxxx> wrote in message
news:ufJg0$jgHHA.4892@xxxxxxxxxxxxxxxxxxxxxxx
Hi Roger

I tried all options when importing the key (without password) and
still
can't open the folder.

What can be wrong?

Richard

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:O2SHRlPgHHA.284@xxxxxxxxxxxxxxxxxxxxxxx
copy via ntbackup is good; W2k to W2k is good (note that
XP and W2k do not share common algorithm unless you
take steps to degrade the XP).
The private key import for W2k I do not clearly recall at
this time. With XP one is presented with a choice to have
all accesses for use of the private key to need to prompt,
and that will not work - one has to import so that the key
can be used without user confirmation.
As you have transferred the files in valid fashion between
same OS machines, and assuming NTFS permissions are
not in the way (denial/failure message appears the same),
and you have examined the thumbprints such as with the
efsutil tool, things should be working if the private key
import was done correctly.


"Richard" <richardbee@xxxxxxxxxxx> wrote in message
news:OEIldGMgHHA.4064@xxxxxxxxxxxxxxxxxxxxxxx
Sorry missed a question.

Both are using Win2000 pro. I copied the file over over vpn
using
ntbackup.exe

Richard

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:e4RvlVLgHHA.4552@xxxxxxxxxxxxxxxxxxxxxxx
What operating systems are involved?
How was the copy done?
When the EFS private key was imported into the account's
personal store, did you allow it to be used without prompting?


"Richard" <richardbee@xxxxxxxxxxx> wrote in message
news:u%23eIpN9fHHA.4980@xxxxxxxxxxxxxxxxxxxxxxx
Hi

I encrypted a folder and copied it to another computer. Then
I
exported
the
cert/key to the other computer. On that computer, I imported
the
cert/key
into the personal and trusted store for certificates. I am
not
able
to
read
the file in the folder.

I check the serial # and thumbprint of the both the cert and
it
tallys.

How do I overcome this issue?

Many thanks in advance
Richard






















.