Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Laptop Encryption Software
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 5 Mar 2007 16:16:45 -0500

On Mon, 05 Mar 2007 15:23:22 EST, Gary Flynn said:

The one area that could present a problem is that EFS uses a
unique symmetric key for each file and there is no mechanism
that I know of to export those keys. Nor would I want to
try to manage them if I could. I don't even think they're
handled by Microsoft's PKI.

Probably a total non-issue, as long as EFS keeps *one* copy of the symmetric
key in the file metadata (presumably encrypted in such a way that the key can
be decrypted by the user or recovery agent keys), for the exact same reason
that you don't need to escrow an SSL or PGP symmetric session key - it travels
with the data, and if you have the right public/private key pair, you can
recover it.

Did you have a use case in mind where exporting those keys would be useful
in any way?

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]