Re: What am I doing wrong?
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 07/27/03
- Next message: TJ: "removing supervisor password from content filter"
- Previous message: Kevin Davis³: "Re: Annoying Pop Ups"
- In reply to: EFS-wannabe: "EFS: What am I doing wrong?"
- Next in thread: EFS-wannabe: "Re: What am I doing wrong?"
- Reply: EFS-wannabe: "Re: What am I doing wrong?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Jul 2003 19:18:12 -0700
That you do see garbage for the test file on the desktop
shows that you have done the EFS cert/key parts correctly,
although perhaps a little round-about at points (and you have
not mentioned configuring a common data recovery agent).
Are the two machines both XP Pro at the same service level ?
Have you adjusted the encryption algorithms specified to be
used by either system ?
"EFS-wannabe" <nospam@efs.com> wrote in message
news:%23AfIMc7UDHA.2004@TK2MSFTNGP10.phx.gbl...
> OK, here is what I want to do: I want to encrypt some files I have on my
> notebook so that if someone steals it from me, he would not be able to
> read the files. At the same time I want to backup the encrypted files on
> a disc so that if I lose the notebook I would be able to restore the
> encrypted files on my main desktop computer. Both the notebook and
> desktop have Windows XP Pro installed. The system key is enabled on
> both, but currently is stored in the registry. I plan to change this to
> the second syskey option and make it load from a floppy at startup,
> after I make the EFS work.
>
> Here is what I did to test the things:
>
> 1. On the notebook, I created a separate folder named EFS on the C:
> drive, formatted with NTFS. On the advanced properties page of the EFS
> folder I checked the 'Encrypt contents to secure data' checkbox to
> enable EFS.
>
> 2. With Notepad, I created a text file test.txt with the text "test"
> inside, in the EFS folder. Both the EFS folder and the test.txt files
> are now displayed in the green color, indicating they are encrypted. I
> can open test.txt and see the "test" string inside, no problem. So far
> so good.
>
> 3. Then I've exported my encryption certificate to a file on a diskette.
> To do that, I right-clicked on the encrypted file test.txt, selected
> Properties from the shortcut menu, clicked on Advanced, then on Details,
> then on Add..., and I saw the list of certificates (actually, there was
> just one certificate listed, with my login name). So I clicked on View
> Certificate, and then, on the Details page, clicked on Copy to file...
> to open the Certificate Export Wizard. I used the wizard to export the
> certificate into a file on a floppy, and I did select the "Yes, export
> the private key" and "Enable strong encryption" options. That created a
> .pfx file on the floppy, so far so good.
>
> 4. Now I used the built-in Microsoft backup program to backup the
> encrypted test.txt file into a .bkf file, located on another floppy.
>
> As far as the notebook is concerned, I've done all what was required: I
> backed up the encrypted file, as well as my certificate with the private
> key.
>
> Now I want to restore the encrypted file on the desktop computer:
>
> 5. On the desktop computer, I've created its own EFS folder (to enable
> EFS) and created a test file in it, to make XP create the EFS key, etc.
> Then I've imported the certificate from the .pfx file from the floppy.
> Now when I view the certificates through the Control panel, I see two
> certificates, both are marked "for EFS", one of them has the same
> thumbprint as the one on the notebook, so I guess it has been imported
> correctly.
>
> 6. Using the same Microsoft Backup program on the desktop computer, I've
> restored the test.txt file from the .bkf file on floppy into its own
> folder on the C: drive of the desktop computer (formatted with NTFS, of
> course). The restored file is now displayed in green color.
>
> All seems to be working well, except that when I open the test.txt file
> restored on the desktop computer, I don't see the original text "test".
> Instead, it contains some garbage, something like "tÆčk", the same
> length, but wrong characters. When I look into the advanced properties
> of the restored test.txt file, it lists my user account on the desktop
> as the account in the section "Users who can transparently access this
> file". When I click on "Add", I see only one certificate listed, the
> original one, not the imported one. My guess is that when I was
> restoring the file, the backup program decrypted the file with the
> imported certificate, and then re-encrypted it with the local
> certificate, that existed on the desktop computer before I imported the
> certificate from the floppy.
>
> My question is, what did I do wrong? Why the file got corrupted during
> the backup/restore process? What should I have done differently?
>
> Thanks for your advice in advance.
>
> EFS-wannabe
>
- Next message: TJ: "removing supervisor password from content filter"
- Previous message: Kevin Davis³: "Re: Annoying Pop Ups"
- In reply to: EFS-wannabe: "EFS: What am I doing wrong?"
- Next in thread: EFS-wannabe: "Re: What am I doing wrong?"
- Reply: EFS-wannabe: "Re: What am I doing wrong?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
