Re: Encrypting File System - Exporting Certificates and Keys

From: Roger Abell [MVP] (mvpNOSPAM@asu.edu)
Date: 09/21/02 

From: "Roger Abell [MVP]" <mvpNOSPAM@asu.edu>
Date: Sat, 21 Sep 2002 07:41:48 -0700

You need to copy the pfx file to some external media,
probably more than one copy, and keep this safe - and
remember the password that you have used.
You might want to make an unencrypted copy of your
files, and then experiment in order to get comfortable.
Remove you EFS cert and key. Notice you cannot
access the encrypted data. Now import the cert and
key back into you account. Import into a second
account. Use EFS on a regular basis once you do
have externally stored pfx and a comfort with how
to recover. 

--
Roger Abell
MS MVP (Security, Windows), MCDBA,  MCSE both
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone
"Andrew Arthur" <andrewarthur@palmsoft.ltd.uk> wrote in message
news:44d201c2617a$b82d5c00$2ae2c90a@phx.gbl...
> I have a number of folders that I have set to use EFS.
> To ensure that I can access this data in the event of a
> system failure, reinstall etc., I understand that I need
> to export certificates and private keys.  However, I am
> somewhat confused by what exactly I need to do.
>
> I am running a standalone PC (i.e. not connected to a
> domain or network).  Following the instructions in Win XP
> Pro's Help and Support I have created a MMC with the
> Certificates snap-in.  When logged in under my username I
> can see my personal certificate and have exported this,
> along with the private key to a file.  Is this the only
> thing I need to do to ensure that I will be able to
> access the data in the event of loss of the cert and/or
> key from the computer?  I have read that I should be
> logged on as the local administrator and then export the
> cert and private key.  Do I also need to do this and why?
>
> Any help will be most appreciated.
>
> Regards
>
> Andrew

Relevant Pages

  • Re: EFS data recovery - handholding needed
    ... export your current EFS cert. ... You can test exporting and importing your EFS cert with two user ... find the cert and export it to a PFX file. ... will have private key in it and CER only has public key in it. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Private & Public Key storage location
    ... with that you complete the 'certificate' to have both public and private key ... To view the complete cert, you access the cert mmc, ... its end & send only the public key to the CA along with the other websites ... The CA never know the private key of the website. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Private & Public Key storage location
    ... with that you complete the 'certificate' to have both public and private key ... To view the complete cert, you access the cert mmc, ... its end & send only the public key to the CA along with the other websites ... The CA never know the private key of the website. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Private & Public Key storage location
    ... When you got the server cert file, ... its end & send only the public key to the CA along with the other websites ... The CA never know the private key of the website. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Encryption
    ... - make sure anything encrypted with the other cert was copied into ... If I encrypt a folder on the copied-to machine, ... The private key import for W2k I do not clearly recall at ...
    (microsoft.public.win2000.security)
Quantcast