Tech Support Forum banner

Simple but effective file encryption?

1147 Views 10 Replies 3 Participants Last post by  Squashman
Hi, I'm looking to add a measure of encryption protection for sensitive files on my computer. Is Windows' Encryption File System (EFS) worth messing with? Is there a better alternative?

Looking around the web, what I've found so far is:
Encrypting is easy
Decrypting is automatic for the user who created the file

But it seems that if I reinstall Windows, or copy the file to another computer, or pop the HDD into another computer, or the key gets corrupted ... etc. etc. .... the file will be inaccesible unless I previously had backed up the key. I've not been able to find clear instructions how to do that.

Everything I read seems to be talking about a special situation, like
if the computer is on a network, part of a workgroup, or a domain, etc.

I just want to back up the key on a standalone computer so I can access the file myself later in one of the above circumstances.

Can anyone make this more sensible to me, or point me in another direction?

I have XP Pro SP2 on one computer and Windows 2000 SP4 on another one. Also, no one seems to be saying this explicitly, but EFS is contingent on the file system being NTFS, is it not? Some of my partitions are FAT32.

Not open for further replies.
1 - 6 of 11 Posts
Resolution said:
Yes, that is exactly the document I was reading. But as I said, it seems to be talking about computers as part of a domain or workgroup, and therefore I am afraid the instructions might not apply, since my machine is neither. Just standalone. I thought maybe there was another place I should look, or something obvious I am missing.

Resolution said:
You can only use EFS with NTFS. Period.
I thought so; I was just surprised that in everything I found (even Microsoft documents), this was not mentioned anywhere.
Resolution said:
Just follow everything from this point down.
Ahh, that helps quite a bit, thanks. But I still don't understand:
1. What a "certificate" is
2. What a "recovery agent" is
3. It's also not obvious how you *use* the backed-up key

But I imagine after I play around with it a little, things will become clearer.
I would definitely test with non-essential files first.

Resolution said:
Ok, thanks. I know about software certificates; I guess I was assuming this was something different.

Resolution said:
3. You import the key.
via the same place in IE that you exported it, huh? I see. Thanks.
Squashman said:
Looks very cool, I will try it. Thanks.
1 - 6 of 11 Posts
Not open for further replies.