Encrytion Issue

[Richard]

Hi

I am having some difficulties with efs. I am still working on the issue
(previous thread with title "Encryption").

I am now trying an ecrypted file within the same domain. I encrypted a file
'encrypttest.txt' on A and copied it to a shared directory. I went to
another computer B, tried to open it, access denied.

Then I exported the cert/key from 'A' to the shared directory and installed
it to 'B'. Tried to open the file but couldn't open it.

What could I be doing wrong?

Any help appreciated. Many thanks in advance.

Richard

 

[Roger Abell [MVP]]

Hi

I am having some difficulties with efs. I am still working on the issue
(previous thread with title "Encryption").

I am now trying an ecrypted file within the same domain. I encrypted a
file
'encrypttest.txt' on A and copied it to a shared directory. I went to
another computer B, tried to open it, access denied.

Then I exported the cert/key from 'A' to the shared directory and
installed
it to 'B'. Tried to open the file but couldn't open it.

What could I be doing wrong?

What NTFS permissions exist on the file once copied to the share?

Does the share to which this was copied exist as actual storage on
A, on B, or on some other machine?

What was done to the "install" of the cert/key at B? (note: one does
not really "install it to 'B'", as B is a machine - one loads the cert/key
to an account's private store as profiled at B).

 

[Richard]

Hi Roger

What NTFS permissions exist on the file once copied to the share?

permissions are set to domain users

Does the share to which this was copied exist as actual storage on A, on

B, or on some other machine?

on the file server

What was done to the "install" of the cert/key at B? (note: one does
not really "install it to 'B'", as B is a machine - one loads the cert/key
to an account's private store as profiled at B).

I right-click on the pfx file from the B machine, click install, and
followed the import procedure. I loaded it to the private store and also to
the trusted root certification authority store.

 

[Richard]

HI Roger

I read somewhere that the machine will use the cert/key the first time we
use to encrypt a file. I remember deleting the old key, then when I
encrypted another file, another key was issued. Would it be using the first
key to encrypt, while I am exporting the second key?

 

[Roger Abell [MVP]]

Hi Roger


permissions are set to domain users

B, or on some other machine?

on the file server

ummm, so that would be neither A nor B, right ?

I right-click on the pfx file from the B machine, click install, and
followed the import procedure. I loaded it to the private store and also
to
the trusted root certification authority store.

So that installed it into that account's profile on that machine

 

[Roger Abell [MVP]]

HI Roger

I read somewhere that the machine will use the cert/key the first time we
use to encrypt a file. I remember deleting the old key, then when I

Well, ultimately there is a sense in which "the machine" does
everything, but in this case it is better and more accurate to
thing of the account as having/using the cert/key. If one uses
EFS and does not yet have a cert/key in the active profile,
then one is generated for use.

encrypted another file, another key was issued. Would it be using the
first
key to encrypt, while I am exporting the second key?

You would need to use certmgr.msc to see what EFS cert/keys
exist for that account logged into that machine; and use efsinfo.exe
from the support tools to see what cert was used to encrypt something.

 

[Richard]

Hi Roger

Brian Komar pointed out the problem in the earlier thread. When we copy the
encrypted file to the server, the file server will quietly decrypt and
encrypt the file again using the server's cert, i think.

Anyway, I copied it straight to the B machine and was able to open it. I
suspect that there is an issue with the certs in my machine. Sometimes it
works and sometimes it doesn't. That the reason I need to find out which
cert it uses to encrypt.

Richard