0

I'm starting to use EFS feature to encrypt several folders of my hard drive, using Right click > Properties > Advanced > Encrypt contents to secure data (see screenshot).

At the end of the process, a wizard suggests that I should save a copy of certificate on a safe place:

enter image description here

But I don't want to rely on a file certificate stored on 1, 2 or even 10 different places, that seems complex. And can lead to catastrophes requiring black magic to recover the files. I would prefer to remember a password (even if it's a long password).

Question: Let's say folder C:\Test is EFS-encrypted on computer A. If I move its hard drive to computer B (example: computer A failure!), how to recover the folder C:\Test , with just a password (and no other complex method like certificates, etc.)?

In other words: can we avoid complex certificates methods (involving certificate files), and use a good (strong) password instead for EFS encryption/decryption?

Improve this question
4
  • A few other answers showing using the certificate to recover EFS-encrypted files on another computer can be tricky: superuser.com/questions/942149/…, superuser.com/questions/649096/…
    – Basj
    Commented Aug 12, 2017 at 23:46
  • And another one: superuser.com/questions/375142/…
    – Basj
    Commented Aug 12, 2017 at 23:47
  • 1
    Import the certificate used to encrypt the files on the other computer. If you don't want to do that, then don't use EFS, because that's what's required
    – Ramhound
    Commented Aug 13, 2017 at 2:03
  • 1
    Can you import/export from another machine or OS, or can that only be done from the OS where the certificate was created?
    – Thufir
    Commented Sep 1, 2018 at 18:49

1 Answer 1

Reset to default
0

After some time spent in this question:

If I move its hard drive to computer B (example: computer A failure!), how to recover the folder C:\Test , with just a password (and no other complex method like certificates, etc.)?

It's impossible. EFS works with certificates, and not just "a password".

We have to backup the .pfx certificate file, and to import it on computer B, before being able to decrypt the files on computer B.

If one day we want to remove the certificate on computer B, here is the solution.

Improve this answer
2
  • I mean, you could convert the .pfx file to hex, and then you have a 'password' to possibly remember. :P
    – matterny
    Commented Oct 27, 2017 at 18:06
  • @matterny that's what I did: I base64d the pfx file and printed it (will be stored by my grandma) ;)
    – Basj
    Commented Oct 27, 2017 at 18:51

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .