Re: Encrytion Issue

Hi Roger

Brian Komar pointed out the problem in the earlier thread. When we copy the
encrypted file to the server, the file server will quietly decrypt and
encrypt the file again using the server's cert, i think.

Anyway, I copied it straight to the B machine and was able to open it. I
suspect that there is an issue with the certs in my machine. Sometimes it
works and sometimes it doesn't. That the reason I need to find out which
cert it uses to encrypt.

Richard


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:%23dvZuxrkHHA.1240@xxxxxxxxxxxxxxxxxxxxxxx

"Richard" <richardbee@xxxxxxxxxxx> wrote in message
news:u0zJTKekHHA.4936@xxxxxxxxxxxxxxxxxxxxxxx
HI Roger

I read somewhere that the machine will use the cert/key the first time
we
use to encrypt a file. I remember deleting the old key, then when I

Well, ultimately there is a sense in which "the machine" does
everything, but in this case it is better and more accurate to
thing of the account as having/using the cert/key. If one uses
EFS and does not yet have a cert/key in the active profile,
then one is generated for use.


encrypted another file, another key was issued. Would it be using the
first
key to encrypt, while I am exporting the second key?


You would need to use certmgr.msc to see what EFS cert/keys
exist for that account logged into that machine; and use efsinfo.exe
from the support tools to see what cert was used to encrypt something.



"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:OYgzFZdkHHA.4188@xxxxxxxxxxxxxxxxxxxxxxx

"Richard" <richardbee@xxxxxxxxxxx> wrote in message
news:%23DWz6HTkHHA.4112@xxxxxxxxxxxxxxxxxxxxxxx
Hi

I am having some difficulties with efs. I am still working on the
issue
(previous thread with title "Encryption").

I am now trying an ecrypted file within the same domain. I encrypted
a
file
'encrypttest.txt' on A and copied it to a shared directory. I went to
another computer B, tried to open it, access denied.

Then I exported the cert/key from 'A' to the shared directory and
installed
it to 'B'. Tried to open the file but couldn't open it.

What could I be doing wrong?


What NTFS permissions exist on the file once copied to the share?

Does the share to which this was copied exist as actual storage on
A, on B, or on some other machine?

What was done to the "install" of the cert/key at B? (note: one does
not really "install it to 'B'", as B is a machine - one loads the
cert/key
to an account's private store as profiled at B).








.

Relevant Pages

  • Re: Encrytion Issue
    ... I read somewhere that the machine will use the cert/key the first time we ... use to encrypt a file. ... EFS and does not yet have a cert/key in the active profile, ...
    (microsoft.public.win2000.security)
  • Re: Encrytion Issue
    ... I read somewhere that the machine will use the cert/key the first time we ... use to encrypt a file. ... 'encrypttest.txt' on A and copied it to a shared directory. ...
    (microsoft.public.win2000.security)
  • Re: Encryption
    ... - make sure anything encrypted with the other cert was copied into ... If I encrypt a folder on the copied-to machine, ... The private key import for W2k I do not clearly recall at ...
    (microsoft.public.win2000.security)
  • Re: Encryption
    ... - make sure anything encrypted with the other cert was copied into ... If I encrypt a folder on the copied-to machine, ... The private key import for W2k I do not clearly recall at ...
    (microsoft.public.win2000.security)
  • too much encryption
    ... I had no trouble setting up a file server using LUKS to encrypt several physical volumes and LVM to create logical volumes over them so that all the data on the file server is encrypted. ... Even heavy network activity, like when I back up a laptop to the file server, keeps the AMD Athlon 1900+ CPU pegged, although it still seems to be able to keep up with the 100/base-T speeds. ... what I really need is just a network filesystem that never tries to decrypt the stuff it's storing. ...
    (comp.os.linux.security)