Tech Support banner

Status
Not open for further replies.
1 - 11 of 11 Posts

·
Registered
Joined
·
53 Posts
Discussion Starter · #1 ·
Hi, I'm looking to add a measure of encryption protection for sensitive files on my computer. Is Windows' Encryption File System (EFS) worth messing with? Is there a better alternative?

Looking around the web, what I've found so far is:
Encrypting is easy
Decrypting is automatic for the user who created the file

But it seems that if I reinstall Windows, or copy the file to another computer, or pop the HDD into another computer, or the key gets corrupted ... etc. etc. .... the file will be inaccesible unless I previously had backed up the key. I've not been able to find clear instructions how to do that.

Everything I read seems to be talking about a special situation, like
if the computer is on a network, part of a workgroup, or a domain, etc.

I just want to back up the key on a standalone computer so I can access the file myself later in one of the above circumstances.

Can anyone make this more sensible to me, or point me in another direction?

I have XP Pro SP2 on one computer and Windows 2000 SP4 on another one. Also, no one seems to be saying this explicitly, but EFS is contingent on the file system being NTFS, is it not? Some of my partitions are FAT32.

Thanks,
Ted
 

·
Registered
Joined
·
1,097 Posts
pianoman1949 said:
But it seems that if I reinstall Windows, or copy the file to another computer, or pop the HDD into another computer, or the key gets corrupted ... etc. etc. .... the file will be inaccesible unless I previously had backed up the key. I've not been able to find clear instructions how to do that.
Here is how you backup your key..

pianoman1949 said:
I have XP Pro SP2 on one computer and Windows 2000 SP4 on another one. Also, no one seems to be saying this explicitly, but EFS is contingent on the file system being NTFS, is it not? Some of my partitions are FAT32.
You can only use EFS with NTFS. Period.
 

·
Registered
Joined
·
53 Posts
Discussion Starter · #3 ·
Resolution said:
Yes, that is exactly the document I was reading. But as I said, it seems to be talking about computers as part of a domain or workgroup, and therefore I am afraid the instructions might not apply, since my machine is neither. Just standalone. I thought maybe there was another place I should look, or something obvious I am missing.

Thanks
 

·
Registered
Joined
·
53 Posts
Discussion Starter · #6 ·
Resolution said:
Just follow everything from this point down.
Ahh, that helps quite a bit, thanks. But I still don't understand:
1. What a "certificate" is
2. What a "recovery agent" is
3. It's also not obvious how you *use* the backed-up key

But I imagine after I play around with it a little, things will become clearer.
I would definitely test with non-essential files first.

Thanks
 

·
Registered
Joined
·
1,097 Posts
1. Digital Certificate

2. The recovery agent is the person who is authorized to decrypt another user's data. They have a backup copy of the encryption key and can decrypt the files for you if you ever lose your key.

3. You import the key.
 
1 - 11 of 11 Posts
Status
Not open for further replies.
Top