August 2000
Intermediate to advanced
800 pages
21h 5m
English
Content preview from Microsoft® Windows® 2000 Security HandbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
How EFS Uses PKI
EFS uses public key technology extensively to provide mechanisms for encrypting files for multiple users and for supporting file encryption recovery. In the encryption operation, a user encrypting a file generates a public key pair and obtains a certificate; this certificate is issued by an enterprise certificate authority (CA) in a Windows 2000 domain, but EFS can generate a self-signed certificate for standalone operation. The EFS recovery policy permits a designation of a trusted recovery agent; these agents create a recovery public key pair and are issued an EFS recovery certificate. The enterprise CA issues this certificate, which is published to domain clients with the object group policy.
For each file EFS creates a random ...