Pages on EFS at Stanford

• Windows Desktop File Encryption with EFS
• How to Encrypt a File
• How to Back-up Your Keys and Certificates
• How to Remove a Recovery Key From Your Computer
• How to Import Your Certificate and Keys
• Practice Recovery Procedures
• Data Recovery Agent Information

Related Pages

• Stanford Data Classification Guidelines
• HelpSU for EFS
• ISO—PC File Encryption

• Information Security Office
• Secure Computing
• Windows Desktop File Encryption with EFS
• How to Back-up Your Keys and Certificates

How to Back-up Your Keys and Certificates

How to Back-up Your Keys and Certificates

It is important to back-up your EFS certificate and keys in the event your user account profile is deleted or becomes corrupted. You should back up your certificate and keys to an external storage media (floppy, USB mini drive) and lock it away.

1. Launch the Microsoft Internet Explorer web browser.
   
   
2. From the Tools menu, click Internet Options.
   
   
3. On the Content tab, in the Certificates section, click Certificates.
   
   
4. The Personal tab comes up by default. There may be more than one certificate present. Select each certificate until Encrypting File System appears in the Certificate Intended Purposes field.
   
   
5. Click the Export button to start the Certificate Export Wizard.
   
   
6. Click Next.
   
   
7. Select Yes to export the private key, and then click Next.
   
   
8. With the Personal Information Exchange radio button selected, click the Enable strong protection checkbox. Click Next.
   
   
9. You will be prompted to set a password to protect your private key. Use a password that you will be able to easily remember. Type the password in the Password field. Do not forget this password. Retype the password in the Confirm Password field and click Next.
   
   
10. On the File to Export screen, click the Browse button to specify where you want to save the certificate and key into a single file with a .pfx extension. Choose the path to your storage media (such as a floppy disk or USB mini drive).
    
    
11. Name the file something you will recognize in the future and click the Next button.
    
    
12. Click Finish.
    
    
    The Certificate Export Confirmation box appears.
    
    
13. Click OK.
14. Click the Close button in the Certificate window.
15. Click OK on the Internet Options window.
16. Remove the media and place in safe storage.

Video Helplet

To see the backing up your certificates and keys, view this video helplet.

If There's No Back-up...

If you did not back-up your keys, or if there is a problem with your back-up, your DRA can still recover your files. Submit a HelpSU request for assistance. Additionally, if you have permitted other users to EFS share your encrypted files, those users can recover your data.