EFS - Private Key - External storage

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hello,

is it possible to place the decryption key for EFS on an external media like
USB-Stick or floppy or CD to use it from there for decryption? Or has it to
be stored on hard disk?

If it could be stored external this would sovle many security problems and
reduce cost of security.
If it doesn't work, who has experience about other directory / file
encryption software working transparent.
I would like to secure e-mail adresses, mails and some more stuff which is
kept in few direcories.
I am not a specialist in security questions, just searching for a solution
for some stand alone laptops.

Who knows and can tell me?


Thanks a lot ahead

Thomas Weigel

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

EFS keys must be stored in hard drive where they are stored (encrypted) in
user's profile. If you use hard to guess passwords (pass-phrases that
consist of more then 14 characters) your keys would be secure...

On Windows XP if e.g. administrator was to force change your password to
gain access to your profile and your private key; he/she would still not
have access to your encrypted files...

EFS:
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

Feel free to post back if you have any additional questions.

Mike

"Thomas Weigel" <entwicklung_nospam__at__octagon_minus_gmbh_dot_de> wrote in
message news:O85wXGYvEHA.3728@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> is it possible to place the decryption key for EFS on an external media
> like
> USB-Stick or floppy or CD to use it from there for decryption? Or has it
> to
> be stored on hard disk?
>
> If it could be stored external this would sovle many security problems and
> reduce cost of security.
> If it doesn't work, who has experience about other directory / file
> encryption software working transparent.
> I would like to secure e-mail adresses, mails and some more stuff which is
> kept in few direcories.
> I am not a specialist in security questions, just searching for a solution
> for some stand alone laptops.
>
> Who knows and can tell me?
>
>
> Thanks a lot ahead
>
> Thomas Weigel
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

EFS does act in transparent fashion.
It does not have a use for email while it is email, but after
archived as sent/received in file it may.

The key cannot be on a removable devise and in use.
The cert/key export file may be stored anywhere, but best
not on a live machine. If I recall correctly, as the most
recent versions of OS readied for release, there were no
external, portable storage cards/devices in wide, cost-effective
use that had sufficient storage size to enable the application
you seem to be after.

The decryption key, when stored on the system, is itself
encrypted in a way that requires both login access to the
account to which it is tied, and knowledge of the system
secrets which are involved its own en/decryption key.

There is probably better research and engineering in EFS
than what you will find in similar third-party capabilities
unless you look at high-dollar spookware.

--
Roger Abell

"Thomas Weigel" <entwicklung_nospam__at__octagon_minus_gmbh_dot_de> wrote in
message news:O85wXGYvEHA.3728@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> is it possible to place the decryption key for EFS on an external media
like
> USB-Stick or floppy or CD to use it from there for decryption? Or has it
to
> be stored on hard disk?
>
> If it could be stored external this would sovle many security problems and
> reduce cost of security.
> If it doesn't work, who has experience about other directory / file
> encryption software working transparent.
> I would like to secure e-mail adresses, mails and some more stuff which is
> kept in few direcories.
> I am not a specialist in security questions, just searching for a solution
> for some stand alone laptops.
>
> Who knows and can tell me?
>
>
> Thanks a lot ahead
>
> Thomas Weigel
>
>