Get a FREE fully-working copy of Steganos Security Suite 7 (worth £49.99) when you sign up to the Practical PC Newsletter. Windows XP Pro: Using File Encryption - part 5
So your files are nicely encrypted. But what happens if your key becomes lost or corrupt? Dave Cook ends his definitive guide to EFS with an essential recovery tip
So far in our look at the Encrypting File System (EFS) we've concentrated mainly on security issues and how to backup those all important certificates. If you've followed our recommendations to the letter then your encrypted files should be reasonably safe - not only from prying eyes, but from a range of natural and not so natural calamities and disasters.
Moreover, the fact that you can restore (import) your personal encryption certificate and/or the recovery certificate through a wizard-driven interface should provide considerable peace of mind.
But what exactly are the reasons, let alone the procedure, for restoring a certificate? Read on...
Take Two
Basically, there are two main reasons for wanting to restore your personal certificate.
- Your original certificate has become lost or corrupt.
- You want to use your encrypted files on another computer.
Restoring personal and recovery agent certificates are virtually identical. However, you will need to log on as Administrator (on a user account authorised to decrypt files) to restore the recovery agent's certificate.
Importing
The following method describes the process of restoring a personal certificate. Note that you will need the disk which contains your backed up (exported) certificates as described in part three.
- To import the certificate, log on to your user account and open Internet Explorer.
- Select <Tools>, <Internet Options> and click the [Content] tab. Click [Certificates] to open the Certificates dialog box.
- Click [Import] to launch the Certificate Import Wizard, and then click [Next].
- Now enter the path and filename of the encryption certificate you exported in part three. Note that this file will have .pfx extension.
- Alternatively, you can click [Browse] to select the file. However, to see files with the .pfx extension using this method you will need to select Personal Information Exchange in the Files Of Type box. Click [Next].
- Enter the password you provided in part three. Select any other options if they are required, and then click [Next].
- Select Place All Certificates In The Following Store. Click [Browse], and select <Personal>. Click [OK], and then click [Finish].
It's as simple as that! You have just restored your personal certificate.
Worth The Effort
Enabling EFS on your system takes only seconds. But if you've been following our series closely you will no doubt be aware of the additional work involved in protecting those all-important certificates.
Despite all this work, EFS is certainly worth the effort. It will, after all, keep your files secure from all but the most determined and knowledgeable intruder.
For obvious reasons, we won't mention its greatest flaw. Suffice it to say that an unauthorised user equipped with a small screwdriver should never be allowed anywhere near the computer.
The series:
Guide: Windows XP Pro: Using File Encryption - part 1
Guide: Windows XP Pro: Using File Encryption - part 2
Guide: Windows XP Pro: Using File Encryption - part 3
Guide: Windows XP Pro: Using File Encryption - part 4
