Educause Security Discussion mailing list archives
Re: Laptop Encryption Software
From: Gary Flynn <flynngn () JMU EDU>
Date: Mon, 5 Mar 2007 17:50:18 -0500
Valdis Kletnieks wrote:
On Mon, 05 Mar 2007 15:23:22 EST, Gary Flynn said:The one area that could present a problem is that EFS uses a unique symmetric key for each file and there is no mechanism that I know of to export those keys. Nor would I want to try to manage them if I could. I don't even think they're handled by Microsoft's PKI.Probably a total non-issue, as long as EFS keeps *one* copy of the symmetric key in the file metadata (presumably encrypted in such a way that the key can be decrypted by the user or recovery agent keys), for the exact same reason that you don't need to escrow an SSL or PGP symmetric session key - it travels with the data, and if you have the right public/private key pair, you can recover it. Did you have a use case in mind where exporting those keys would be useful in any way?
I can think of a couple: 1. The copy on disk stored with a file gets corrupted ( affects only one file ). 2. The file encryption keys cannot be decrypted because the user/recovery agent account keys are unavailable due to loss, corruption, maliciousness, etc. ( affects all files whose symmetric encryption keys are protected by that user/recovery agent account key. ) I think the situation is different than SSL because the SSL symmetric key and session are not persistent while the file encryption key and file data are persistent. There would be no reason to want to archive or access the SSL symmetric key except for troubleshooting or malicious purposes. On the other hand, there would be value for an organization to be able to access a backup of the file encryption keys should the originals become unavailable. They'd need to do so to recover the files. When you refer to PGP, do you mean the file encryption product or the mail encryption product? If the latter email product, the situation is similar, though not identical, to SSL. The symmetric session key is used for a transient mail message. If you're referring to PGP file encryption, I'd expect key escrow issues to be similar to EFS. You'd certainly want to escrow the user's private key. If symmetric encryption keys are uniquely stored in the files then there is no escrow in case of a problem without the ability to export and manage those keys. I guess its how deep one wants to go with key escrow and recovery capabilities and that, in turn, depends upon how valuable the data is. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Re: Laptop Encryption Software, (continued)
- Re: Laptop Encryption Software Pace, Guy (Feb 26)
- Re: Laptop Encryption Software Joel Rosenblatt (Feb 26)
- Re: Laptop Encryption Software Mclaughlin, Kevin L (mclaugkl) (Feb 26)
- Re: Laptop Encryption Software Lovaas,Steven (Feb 26)
- Re: Laptop Encryption Software Walter E. Petruska (Feb 28)
- Re: Laptop Encryption Software Sadler, Connie (Mar 05)
- Re: Laptop Encryption Software Gary Flynn (Mar 05)
- Re: Laptop Encryption Software Lovaas,Steven (Mar 05)
- Re: Laptop Encryption Software Gary Flynn (Mar 05)
- Re: Laptop Encryption Software Valdis Kletnieks (Mar 05)
- Re: Laptop Encryption Software Gary Flynn (Mar 05)