exporting certificate/ key for encrypted folder

akiwi · Mar 28, 2005

Hi

I have created a backup of my hard drive using XP backup onto an
external hard drive in a folder that has encryption enabled.

I couldn't follow the info in windows help or on MS website about how
to create a recovery agent - it said "be prepared to supply a user
with a certificate" but gave no information on how to create such a
thing.

From reading past messages on this newsgroup it seems that all you
need to do is use Internet explorer / internet options/ content/
certificates/ personal -> export personal certificate and include the
private key in the .pfx file. Then copy the pfx file to CDROM or
floppy disk.

Is this the correct thing to do?

Can I import this pfx file onto another XP machine without destroying
the existing "personal EFS certificate/key" on that machine?

Thanks for any help.

Graeme

Kerry Brown · Mar 28, 2005

akiwi said:
Hi

I have created a backup of my hard drive using XP backup onto an
external hard drive in a folder that has encryption enabled.

I couldn't follow the info in windows help or on MS website about how
to create a recovery agent - it said "be prepared to supply a user
with a certificate" but gave no information on how to create such a
thing.

From reading past messages on this newsgroup it seems that all you
need to do is use Internet explorer / internet options/ content/
certificates/ personal -> export personal certificate and include the
private key in the .pfx file. Then copy the pfx file to CDROM or
floppy disk.

Is this the correct thing to do?

Can I import this pfx file onto another XP machine without destroying
the existing "personal EFS certificate/key" on that machine?

Thanks for any help.

Search help and support for the cipher command. Cipher /x will export the
certificate. Make sure you test restoring your files before you need to
actually do it. EFS is a major cause of lost data if things are not done
exactly right. Test restoring and reading your files on an another computer.
Make sure both computers are not in the same domain if you are networked. If
you can do this then your data should be safe.

Kerry

akiwi · Mar 28, 2005

Search help and support for the cipher command. Cipher /x will export the
certificate. Make sure you test restoring your files before you need to
actually do it. EFS is a major cause of lost data if things are not done
exactly right. Test restoring and reading your files on an another computer.
Make sure both computers are not in the same domain if you are networked. If
you can do this then your data should be safe.

Help and support makes no mention of a /x switch for the cipher
command. Does the method I posted work?

Graeme

Kerry Brown · Mar 28, 2005

akiwi said:
Help and support makes no mention of a /x switch for the cipher
command. Does the method I posted work?

Graeme

The method you posted should work as well. I used to use that until I found
the cipher command. What version of XP and what service pack level are you
at? Did you try cipher /? at a cmd prompt?

Kerry

akiwi · Mar 29, 2005

On Mon, 28 Mar 2005 14:09:51 -0800, "Kerry Brown"

[snip]

The method you posted should work as well. I used to use that until I found
the cipher command. What version of XP and what service pack level are you
at? Did you try cipher /? at a cmd prompt?

I've found that XP SP1 doesn't list the /x switch for cipher /? but
SP2 does list it. I'll use both for now until I get a chance to check
that they work. Thanks.

Graeme

Kerry Brown · Mar 29, 2005

I've found that XP SP1 doesn't list the /x switch for cipher /? but
SP2 does list it. I'll use both for now until I get a chance to check
that they work. Thanks.

Graeme

Your welcome. Make sure you test recovering encrypted files thoroughly. EFS
is very tricky and a major cause of data loss. Simple things like changing a
password can break it.

Kerry