EFS - Private Key - External storage

Archived from groups: microsoft.public.win2000.security (More info?)

Hello,

is it possible to place the decryption key for EFS on an external media like
USB-Stick or floppy or CD to use it from there for decryption? Or has it to
be stored on hard disk?

If it could be stored external this would sovle many security problems and
reduce cost of security.
If it doesn't work, who has experience about other directory / file
encryption software working transparent.
I would like to secure e-mail adresses, mails and some more stuff which is
kept in few direcories.
I am not a specialist in security questions, just searching for a solution
for some stand alone laptops.

Who knows and can tell me?


Thanks a lot ahead

Thomas Weigel
2 answers Last reply
More about private external storage
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi,

    EFS keys must be stored in hard drive where they are stored (encrypted) in
    user's profile. If you use hard to guess passwords (pass-phrases that
    consist of more then 14 characters) your keys would be secure...

    On Windows XP if e.g. administrator was to force change your password to
    gain access to your profile and your private key; he/she would still not
    have access to your encrypted files...

    EFS:
    http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

    Feel free to post back if you have any additional questions.

    Mike

    "Thomas Weigel" <entwicklung_nospam__at__octagon_minus_gmbh_dot_de> wrote in
    message news:O85wXGYvEHA.3728@TK2MSFTNGP12.phx.gbl...
    > Hello,
    >
    > is it possible to place the decryption key for EFS on an external media
    > like
    > USB-Stick or floppy or CD to use it from there for decryption? Or has it
    > to
    > be stored on hard disk?
    >
    > If it could be stored external this would sovle many security problems and
    > reduce cost of security.
    > If it doesn't work, who has experience about other directory / file
    > encryption software working transparent.
    > I would like to secure e-mail adresses, mails and some more stuff which is
    > kept in few direcories.
    > I am not a specialist in security questions, just searching for a solution
    > for some stand alone laptops.
    >
    > Who knows and can tell me?
    >
    >
    > Thanks a lot ahead
    >
    > Thomas Weigel
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    EFS does act in transparent fashion.
    It does not have a use for email while it is email, but after
    archived as sent/received in file it may.

    The key cannot be on a removable devise and in use.
    The cert/key export file may be stored anywhere, but best
    not on a live machine. If I recall correctly, as the most
    recent versions of OS readied for release, there were no
    external, portable storage cards/devices in wide, cost-effective
    use that had sufficient storage size to enable the application
    you seem to be after.

    The decryption key, when stored on the system, is itself
    encrypted in a way that requires both login access to the
    account to which it is tied, and knowledge of the system
    secrets which are involved its own en/decryption key.

    There is probably better research and engineering in EFS
    than what you will find in similar third-party capabilities
    unless you look at high-dollar spookware.

    --
    Roger Abell

    "Thomas Weigel" <entwicklung_nospam__at__octagon_minus_gmbh_dot_de> wrote in
    message news:O85wXGYvEHA.3728@TK2MSFTNGP12.phx.gbl...
    > Hello,
    >
    > is it possible to place the decryption key for EFS on an external media
    like
    > USB-Stick or floppy or CD to use it from there for decryption? Or has it
    to
    > be stored on hard disk?
    >
    > If it could be stored external this would sovle many security problems and
    > reduce cost of security.
    > If it doesn't work, who has experience about other directory / file
    > encryption software working transparent.
    > I would like to secure e-mail adresses, mails and some more stuff which is
    > kept in few direcories.
    > I am not a specialist in security questions, just searching for a solution
    > for some stand alone laptops.
    >
    > Who knows and can tell me?
    >
    >
    > Thanks a lot ahead
    >
    > Thomas Weigel
    >
    >
Ask a new question

Read More

Security External Storage Windows