How EFS Uses PKI
EFS uses public key technology extensively to provide mechanisms for encrypting files for multiple users and for supporting file encryption recovery. In the encryption operation, a user encrypting a file generates a public key pair and obtains a certificate; this certificate is issued by an enterprise certificate authority (CA) in a Windows 2000 domain, but EFS can generate a self-signed certificate for standalone operation. The EFS recovery policy permits a designation of a trusted recovery agent; these agents create a recovery public key pair and are issued an EFS recovery certificate. The enterprise CA issues this certificate, which is published to domain clients with the object group policy.
For each file EFS creates a random ...
Get Microsoft® Windows® 2000 Security Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
