Deleting the certificate does not stop decryption!

From: M. Jennings (mjennings_at_-NOTthis-or-dashes-myrealbox.com)
Date: 03/19/05

• Next message: Nepatsfan: "Re: How do I Restrict port access to single IP Address"
• Previous message: craig: "Re: virus problem"
• In reply to: Pat Hoffer [MSFT]: "RE: Doesn't Micrososoft have anything better?"
• Next in thread: Pat Hoffer [MSFT]: "RE: Deleting the certificate does not stop decryption!"
• Reply: Pat Hoffer [MSFT]: "RE: Deleting the certificate does not stop decryption!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 19 Mar 2005 18:14:47 -0300

Pat,

Thanks for your reply.

If you read all of Microsoft's documentation carefully, you will find that the
explanation just is not there. There are plenty of "overviews" that cover the
same information.

Only if I can move the files between different accounts on different
stand-alone computers will I know I understand how EFS works. I have been
unable to do that.

I deleted my personal certificate, but the files in a test directory are still
automatically decrypted. This also shows that I don't understand EFS.

I need to be able to change my logon password without losing my encrypted files.

I don't understand why they say "Recovery Certificate", when supposedly the
Recovery Certificate does not include the private key. With no private key, it
is impossible to decrypt files.

Pat, do a search on EFS in the newsgroups. People are having a very difficult
time with encryption. They are losing files. It is easy to encrypt, and
difficult to know how the encryption works.

Two people have advised me to use non-Microsoft products. People are directing
other people to poorly written and formatted non-Microsoft web pages.

Part of the confusion is obvious from the fact that there are so many web
Microsoft web pages devoted to the same incomplete explanations. EFS is
different between Windows 2000 and Windows XP, but often the web pages refer
to both seemingly indiscriminately. Those who did the writing were confused
about the differences between EFS when connected to a domain, and EFS on a
stand-alone computer.

Michael

_________________________

Pat Hoffer [MSFT] wrote:
> Here's a Microsoft site with information about EFS:
>
> http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
>
> Thanks.
> Pat
>
> "M. Jennings" wrote:
>
>
>>I'm wanting to understand the same issues. Many, many people lose their
>>encrypted files, partly because Microsoft's explanation is so poor.
>>
>>The web site you referenced is very poorly written and formatted. Doesn't
>>Micrososoft have anything better? I notice that that web site is mentioned a lot.
>>
>>Thanks, Michael
>>
>>___________________________
>>
>>Torgeir Bakken (MVP) wrote:
>>
>>>NewComrMSNETFam wrote:
>>>
>>>
>>>>Hi,
>>>>
>>>>Dont ask, I realy don't know but it look like that I cannot open my
>>>>encrypted files.
>>>>This is to say that the assicated user key of the account with the
>>>>problem are misplaced or lost.
>>>>
>>>>Q1) If the key is not lost but missplaced, who can I locate it and
>>>>place it back at the right place?
>>>>Q2) If the key is lost, I have a data and system backup of my machine
>>>>using the "Backup" program. How can I locate and extract from the
>>>>backup the missing key?
>>>
>>>Hi
>>>
>>>If you can restore the user profile folders for the user that
>>>encrypted the files and if you remember the password for the user
>>>when the backup was taken, you might be able to save the files.
>>>
>>>Take a look at this site for more details:
>>>
>>>http://www.beginningtoseethelight.org/efsrecovery/
>>>
>>>
>>>
>>>
>>

---

• Next message: Nepatsfan: "Re: How do I Restrict port access to single IP Address"
• Previous message: craig: "Re: virus problem"
• In reply to: Pat Hoffer [MSFT]: "RE: Doesn't Micrososoft have anything better?"
• Next in thread: Pat Hoffer [MSFT]: "RE: Deleting the certificate does not stop decryption!"
• Reply: Pat Hoffer [MSFT]: "RE: Deleting the certificate does not stop decryption!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: EFS -- Encrypting File System -- File recovery on another computer ... The best web site on this is at www.beginningtoseethelight.org However, ... recovery, you do need to have at least the user profiles from the ... Using any form of encryption is a good way to lose your data forever. ... To recover EFS ... (microsoft.public.security) RE: Protecting sensitive files on a Windows file server ... especially secure (using the file encryption is better though). ... Protecting sensitive files on a Windows file server ... recovery (which can also break EFS) and online password/data recovery ... (Security-Basics) Re: EFS Private Keys ... It's possible to have a cluster that was in use that couldn't be wiped. ... > syskey was to EFS in W2K, ... >>> the private keys are protected however the key to the private key is ... >>> stronger encryption available for EFSfiles permanently if you don't. ... (microsoft.public.win2000.security) Re: Corrupted Admin Profile ... > My view on EFS: ... > Do not to use encryption unless you are in a domain and you know ... as well not having created a Recovery Agent (with backup of the ... > Q241201 How to Back Up Your Encrypting File System Private Key ... (microsoft.public.windowsxp.security_admin) RE: Laptop Security - Microsoft EFS ... In the case of a laptop where the biggest concern is theft, ... As for EFS key theft, that wasn't the point I was trying to emphasize -- the ... crack the encryption, stick a sniffer in there AFTER it's decrypted. ... an additional point of attack -- one that may not make evident the ultimate ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)