Re: WinXP Pro Recovery Agent Backup

From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 12/30/03

• Next message: Carey Frisch [MVP]: "Re: Admin Password on Repair CD"
• Previous message: Ben [MSFT]: "RE: Can't Delete account"
• In reply to: jimshu1: "Re: WinXP Pro Recovery Agent Backup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 29 Dec 2003 16:04:07 -0800

Right. The .cer has only the certificate and the .pfx has both the
certificate and the private key. You need to put the .pfx somewhere safe.
Anyone with that private key will be able to decrypt everyone else's files
within the scope of the recovery policy.

After you install the .cer in the recovery policy, you can delete the .cer.
(You can always get the certificate form the .pfx, too.)

-- 
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"jimshu1" <NoWay@att.net> wrote in message
news:OwqvfwiyDHA.3116@TK2MSFTNGP11.phx.gbl...
> Thanks jimshu1!
>
>
> "jimshu1" <NoWay@att.net> wrote in message
> news:O3k%23MYbyDHA.604@tk2msftngp13.phx.gbl...
> > The .pfx file is for data recovery (double click to install) and the
.cer
> > file is for use in the policy (Local Security Settings | Action | Add
Data
> > Recovery Agent)
> >
> > "jimshu1" <NoWay@att.net> wrote in message
> > news:udpY10NyDHA.560@TK2MSFTNGP11.phx.gbl...
> > > To put it simply, what would a person use the .cer Recovery Agent
> > > certificate for.
> > >
> > > "jimshu1" <NoWay@att.net> wrote in message
> > > news:uEwQ35LyDHA.1356@TK2MSFTNGP10.phx.gbl...
> > > > I have made my Administrator account my Recovery Agent for each one
of
> > my
> > > > systems.  The Recovery Agent key was exported and deleted from the
> > > > Administrator account.  I also have backed up the Administrator key
> and
> > > each
> > > > of the Account keys.
> > > >
> > > > My question is: Why do I need both a .pfx and a .cer file when I
> backed
> > up
> > > > and removed the Recovery Agent, and only the .pfx file when backing
up
> > the
> > > > User Account keys?
> > > >
> > > > Thanks for any replies!
> > > >
> > > >
> > >
> > >
> >
> >
>
>

---

• Next message: Carey Frisch [MVP]: "Re: Admin Password on Repair CD"
• Previous message: Ben [MSFT]: "RE: Can't Delete account"
• In reply to: jimshu1: "Re: WinXP Pro Recovery Agent Backup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: PFXExportCertStoreEx ... which contains the actual PFX and write that to the disk. ... methods to export certificate + private key from the IE store. ... (microsoft.public.platformsdk.security) Re: PFXExportCertStoreEx ... or any other methods to export certificate + private key from the IE store. ... used CryptAcquireCertificatePrivateKey to find whether it has the private key. ... The BLOB is a PFX packet which i confirmed using PFXIsPFXBlob. ... (microsoft.public.platformsdk.security) Re: Your digital ID name cannot be found by the underlying security system ... .PFX or otherwise. ... "digital id pin number" along with a link. ... Select the certificate and choose Export. ... In the next page of the dialogue, you should see two radio buttons, one labeled "Yes, export the private key" and the other labeled "No, do not export the provate key". ... (microsoft.public.outlook) Re: Issues with SSL on Win CE 5.0 ... When you say "this worked on a similar platform perfectly well", ... the with .pfx certificate or just with the .cer? ... server certificate you're trying to add is present under ... import the .pfx so that there is no effect of the previous changes. ... (microsoft.public.windowsce.embedded) Re: PFXExportCertStoreEx ... private key itself ... property associated with the certificate *while it is in the store*. ... CertSaveStore(not as PFX as this is going to ... (microsoft.public.platformsdk.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)