EFS uses only the last certificate?

[Ondrej Sevecek]

Hello,
I encrypt some file with EFS. then delete the certificate even with its
private key. then encrypt some new file again = new EFS certificate is
generated.
Then import the old certificate = two valid certificates present.
Encrypt some new file - EFS uses only its last generated certificate.
right?

thanks Ondra.

 

[Steven L Umbach]

I don't know, but I know you can use efsinfo to find out. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;243026
http://is-it-true.org/nt/nt2000/atips/atips24.shtml --- Lots Efs info and
links.

 

[Drew Cooper [MSFT]]

Quick explanation of our algorithm:

EFS keeps a cache of key handles and will try to sue the last key pair that
user used successfully. The cache is cleared on reboot. I don't recall the
cache size (# of users cached) on Win2k.
If we don't have a cached key for the user, we try to use the last cert that
the user successfully used for EFS. We store the cert hash in the registry
(can also be set with the SetUserFileEncryptionKey API). If the registry
value is not present or is not the hash of a valid-for-EFS cert in the
user's Personal store, we enumerate the certs in the store to pick a new
one. If there are no EFS-usable certs in the store, we generate a new one.