R
Ridge Cook
To all-
PGP and other programs allow the app to be pointed to different locations
for the private key store, including a floppy/CD/USB token. Thus keeping
the private key off machine for added protection. If you want to decrypt a
PGP message, slip that USB token into the slot and startup the program.
It occurs to me that the very same thing could be done with EFS, *if*
a) the local machine/personal account store can be found
b) the registry can be changed to point to a different location.
Doing this would really enhance data protection on 2k/XP.
The weakness of EFS is , (2k) using a data recovery agent and unlocking the
private keys by a simple account log on; easy enough to hijack if physical
access can be gained.
If that can be changed by moving the certs off machine, then to access a
file, just slip that CD or USB token in to place, attempt to open, the
Registry says- "Look on E:\", it goes to E: and uses the private key there.
Does anyone know where in the Registry the local machine and personal
account certificates are stored and can it redirect cert location?
Thanks
Yours-
Ridge Cook
PGP and other programs allow the app to be pointed to different locations
for the private key store, including a floppy/CD/USB token. Thus keeping
the private key off machine for added protection. If you want to decrypt a
PGP message, slip that USB token into the slot and startup the program.
It occurs to me that the very same thing could be done with EFS, *if*
a) the local machine/personal account store can be found
b) the registry can be changed to point to a different location.
Doing this would really enhance data protection on 2k/XP.
The weakness of EFS is , (2k) using a data recovery agent and unlocking the
private keys by a simple account log on; easy enough to hijack if physical
access can be gained.
If that can be changed by moving the certs off machine, then to access a
file, just slip that CD or USB token in to place, attempt to open, the
Registry says- "Look on E:\", it goes to E: and uses the private key there.
Does anyone know where in the Registry the local machine and personal
account certificates are stored and can it redirect cert location?
Thanks
Yours-
Ridge Cook