Educause Security Discussion mailing list archives
Re: Laptop Encryption Software
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 5 Mar 2007 16:16:45 -0500
On Mon, 05 Mar 2007 15:23:22 EST, Gary Flynn said:
The one area that could present a problem is that EFS uses a unique symmetric key for each file and there is no mechanism that I know of to export those keys. Nor would I want to try to manage them if I could. I don't even think they're handled by Microsoft's PKI.
Probably a total non-issue, as long as EFS keeps *one* copy of the symmetric key in the file metadata (presumably encrypted in such a way that the key can be decrypted by the user or recovery agent keys), for the exact same reason that you don't need to escrow an SSL or PGP symmetric session key - it travels with the data, and if you have the right public/private key pair, you can recover it. Did you have a use case in mind where exporting those keys would be useful in any way?
Attachment:
_bin
Description:
Current thread:
- Re: Laptop Encryption Software, (continued)
- Re: Laptop Encryption Software Julian Thompson (Feb 26)
- Re: Laptop Encryption Software Pace, Guy (Feb 26)
- Re: Laptop Encryption Software Joel Rosenblatt (Feb 26)
- Re: Laptop Encryption Software Mclaughlin, Kevin L (mclaugkl) (Feb 26)
- Re: Laptop Encryption Software Lovaas,Steven (Feb 26)
- Re: Laptop Encryption Software Walter E. Petruska (Feb 28)
- Re: Laptop Encryption Software Sadler, Connie (Mar 05)
- Re: Laptop Encryption Software Gary Flynn (Mar 05)
- Re: Laptop Encryption Software Lovaas,Steven (Mar 05)
- Re: Laptop Encryption Software Gary Flynn (Mar 05)
- Re: Laptop Encryption Software Valdis Kletnieks (Mar 05)
- Re: Laptop Encryption Software Gary Flynn (Mar 05)