[pianoman1949]

Hi, I'm looking to add a measure of encryption protection for sensitive files on my computer. Is Windows' Encryption File System (EFS) worth messing with? Is there a better alternative?

Looking around the web, what I've found so far is:
Encrypting is easy
Decrypting is automatic for the user who created the file

But it seems that if I reinstall Windows, or copy the file to another computer, or pop the HDD into another computer, or the key gets corrupted ... etc. etc. .... the file will be inaccesible unless I previously had backed up the key. I've not been able to find clear instructions how to do that.

Everything I read seems to be talking about a special situation, like
if the computer is on a network, part of a workgroup, or a domain, etc.

I just want to back up the key on a standalone computer so I can access the file myself later in one of the above circumstances.

Can anyone make this more sensible to me, or point me in another direction?

I have XP Pro SP2 on one computer and Windows 2000 SP4 on another one. Also, no one seems to be saying this explicitly, but EFS is contingent on the file system being NTFS, is it not? Some of my partitions are FAT32.

Thanks,
Ted

 

[Resolution]

But it seems that if I reinstall Windows, or copy the file to another computer, or pop the HDD into another computer, or the key gets corrupted ... etc. etc. .... the file will be inaccesible unless I previously had backed up the key. I've not been able to find clear instructions how to do that.

Here is how you backup your key..

I have XP Pro SP2 on one computer and Windows 2000 SP4 on another one. Also, no one seems to be saying this explicitly, but EFS is contingent on the file system being NTFS, is it not? Some of my partitions are FAT32.

You can only use EFS with NTFS. Period.

 

[pianoman1949]

Here is how you backup your key..

Yes, that is exactly the document I was reading. But as I said, it seems to be talking about computers as part of a domain or workgroup, and therefore I am afraid the instructions might not apply, since my machine is neither. Just standalone. I thought maybe there was another place I should look, or something obvious I am missing.

Thanks

 

[pianoman1949]

You can only use EFS with NTFS. Period.

I thought so; I was just surprised that in everything I found (even Microsoft documents), this was not mentioned anywhere.

 

[Resolution]

Just follow everything from this point down. I suggest you do a test by encrypting a folder so that a certificate can be made. Then you can practice the backup part with that certificate. It's all really simple.

 

[pianoman1949]

Just follow everything from this point down.

Ahh, that helps quite a bit, thanks. But I still don't understand:
1. What a "certificate" is
2. What a "recovery agent" is
3. It's also not obvious how you *use* the backed-up key

But I imagine after I play around with it a little, things will become clearer.
I would definitely test with non-essential files first.

Thanks

 

[Resolution]

1. Digital Certificate

2. The recovery agent is the person who is authorized to decrypt another user's data. They have a backup copy of the encryption key and can decrypt the files for you if you ever lose your key.

3. You import the key.

 

[pianoman1949]

1. Digital Certificate

Ok, thanks. I know about software certificates; I guess I was assuming this was something different.

3. You import the key.

via the same place in IE that you exported it, huh? I see. Thanks.

 

[Squashman]

You could try CryptainerLE.
http://www.cypherix.com/cryptainerle/

 

[pianoman1949]

You could try CryptainerLE.
http://www.cypherix.com/cryptainerle/

Looks very cool, I will try it. Thanks.

 

[Squashman]

Looks very cool, I will try it. Thanks.

Was just over at my friends work today and he is using this.
http://axcrypt.sourceforge.net/