To be able to use encrypted files on a computer other than the one the files were encrypted on, authorized administrators need to ensure that the encryption certificate and associated private key are available on the other system. This can be done by manually moving the keys. Before moving keys manually, authorized users should back up encryption certificates and private keys. They can then restore the certificates and keys on a different system.
Back up the encryption certificate and private key as follows:
|
1.
|
Click Start, click Run, type mmc in the Open box, and click OK.
|
|
2.
|
On the Console menu, click Add/Remove snap-ins, and click Add.
|
|
3.
|
Locate the Certificates snap-in, and click Add.
|
|
4.
|
Select My user account and then click Finish. Click Close. Click OK.
|
|
5.
|
Locate the Encrypting File System certificates in the Personal certificate store. Click the + next to Certificates–Current User. Expand the Personal folder. Click Certificates.
|
|
6.
|
Right-click the certificate, click All Tasks, and click Export.
|
|
7.
|
This starts the Certificate Manager Export wizard. Click Next.
|
|
8.
|
Click Yes, export the private key. Click Next.
|
|
9.
|
The export format available is Personal Information Exchange-PKCS#12, or .pfx—personal exchange format. Click Next.
|
|
10.
|
Provide the password to protect the .pfx data. Click Next.
|
|
11.
|
Provide the path and file name where the .pfx data is to be stored. In this case, type c:\mykey. Click Next.
|
|
12.
|
A list of certificates and keys to be exported is displayed. Click Finish to confirm.
|
|
13.
|
Click OK to close the wizard, and close the snap-in.
|
This exports the encryption certificate and private key to a .pfx file that must be backed up securely.
To restore an encryption certificate and private key on a different system do the following:
|
1.
|
Copy the .pfx file to a floppy disk, and take it to the computer on which the encryption certificate and private key are to be imported.
|
|
2.
|
Start the Certificates snap-in by clicking Start, clicking Run, and then typing mmc.
|
|
3.
|
On the Console menu, click Add/Remove snap-ins, and click Add.
|
|
4.
|
Click Certificates, and click Add. Select My user account and then click Finish. Click Close. Click OK.
|
|
5.
|
Right-click Personal store, click All Tasks, and click Import to import the .pfx file.
|
|
6.
|
This starts the Certificate Manager Import wizard. Follow the wizard steps to successfully import the certificate and private key.
|
|
7.
|
Provide the path to the .pfx file. In our example, it is c:\mykey.pfx.
|
|
8.
|
Type the password to unwrap the .pfx data.
|
|
9.
|
Click Place all certificates in the following store, and accept the Personal certificate store. Click Next.
|
|
10.
|
Click Finish, and then click OK to start the import operation. When the import is complete, click OK to close the wizard.
|
Once the same keys available, the user can transparently use encrypted files that may have been backed up on different computer.
Forums
Contact Us
Business Desktop Deployment (BDD) 2007
Windows 2003
Email
Print
Add Comment