Educause Security Discussion mailing list archives

Re: Laptop Encryption Software

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 5 Mar 2007 16:16:45 -0500

On Mon, 05 Mar 2007 15:23:22 EST, Gary Flynn said:

The one area that could present a problem is that EFS uses a
unique symmetric key for each file and there is no mechanism
that I know of to export those keys. Nor would I want to
try to manage them if I could. I don't even think they're
handled by Microsoft's PKI.


Probably a total non-issue, as long as EFS keeps *one* copy of the symmetric
key in the file metadata (presumably encrypted in such a way that the key can
be decrypted by the user or recovery agent keys), for the exact same reason
that you don't need to escrow an SSL or PGP symmetric session key - it travels
with the data, and if you have the right public/private key pair, you can
recover it.

Did you have a use case in mind where exporting those keys would be useful
in any way?

Attachment: _bin
Description:

Current thread:

Re: Laptop Encryption Software, (continued)
- Re: Laptop Encryption Software Julian Thompson (Feb 26)
- Re: Laptop Encryption Software Pace, Guy (Feb 26)
- Re: Laptop Encryption Software Joel Rosenblatt (Feb 26)
- Re: Laptop Encryption Software Mclaughlin, Kevin L (mclaugkl) (Feb 26)
- Re: Laptop Encryption Software Lovaas,Steven (Feb 26)
- Re: Laptop Encryption Software Walter E. Petruska (Feb 28)
- Re: Laptop Encryption Software Sadler, Connie (Mar 05)
- Re: Laptop Encryption Software Gary Flynn (Mar 05)
- Re: Laptop Encryption Software Lovaas,Steven (Mar 05)
- Re: Laptop Encryption Software Gary Flynn (Mar 05)
- Re: Laptop Encryption Software Valdis Kletnieks (Mar 05)
- Re: Laptop Encryption Software Gary Flynn (Mar 05)