Re: An EFS encryption question.

Inline...
"bagassa" <not@xxxxxxxxxxxxx> wrote in message news:eFmgzvUNJHA.2824@xxxxxxxxxxxxxxxxxxxxxxx
Good afternoon Brian,

You raised a good point. Does this mean that the burglar who stole my computer and broke into my account could still read the files, simply because Windows will always make a new certificate ?
No. They would need access to the removed certificate's private key to open previous files


There is no registry change that can stop this automatic generation?
No. You need to read the whitepaper on how EFS works.
You could prevent the creation of self-signed EFS, but the client would still either request a Basic EFS certificate or autoenroll another certificate.



About those smart card readers you mentioned. Where can I get a simple one at a reasonable price ?
You need three things:
1) Smart card
2) Smart card reader
3) Middleware/mini-driver
Google is your friend. Search for Gemalto




Thanks for your time and input, Brian.

Peter

========================================

Not a good idea.
The first time that you forget to import the PKCS#12 before you attempt to access a file, a new EFS certificate will be generated
From that point on, all newly encrypted files will use the new default EFS key
If you want to have the removal of the EFS certificate from software, then I recommend you move to Vista and use a smart-card based EFS certificate

Brian

========================================

What I like to do is lock some of my sensitive files using the windows EFS encryption so that if someone were to steal my computer and somehow hack the password into my account, they still would not be able to read the files.

If I were to:

1. encrypt the files
2. then export the "encrypting file system" certificate from the certificate manager (in the personal folder) to a thumb drive (and a backup drive).
3. delete the certificate managers copy
4. Every time I want to access the files, I plug the thumb drive in, and use it to decrypt the files.

Is this a good way to do it ? Any red flags here ?

Thanks for your time and help

Peter


.

Relevant Pages

  • Re: Security update - encrypted files access problem
    ... If you reset the password for an account using EFS, ... ability to access the encrypted files - you were warned of that when you did it. ... > original certificate and tried to import it. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Security update - encrypted files access problem
    ... If you reset the password for an account using ... >ability to access the encrypted files - you were warned ... >> my second admin account and reset the password. ... >> original certificate and tried to import it. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: [Full-Disclosure] RE: Vulnerability in IBM Windows XP: default hidden Administrator account allo
    ... that account, such as personal certificates, saved passwords, etc., are deleted ... Because this includes the user's EFS certificate, ... either backed up the certificate or created and saved a recovery certificate. ...
    (Full-Disclosure)
  • Re: EFS: Move User+WKS to other forest
    ... can not export my certificate using MMC Certificates (SP1 does not have ... Want to move Workstation to another forest. ... User1@domain1 has encrypted files on D: ... Issue the user a new EFS certificate and have them encryption a new file (establishing the ...
    (microsoft.public.security)
  • How to decrypt EFS-protected restored files?
    ... Imported the EFS certificate used when the files got encrypted. ... describes the steps in restoring EFS-protected files, the order of importing ...
    (alt.computer.security)