Getting the Most from Microsoft Window's Encrypted File System
- Certificates, Public Key Infrastructure, and Encryption
- Encrypting Files and Folders with EFS
- The Need for Speed
- The Keys to EFS
- Rules To Remember
Microsoft's Encrypted File System (EFS) provides an easy way to secure your work from prying eyes. EFS uses a combination of public key encryption, public key infrastructure, and a fast encryption algorithm to protect files and folders on Windows 2000, 2003, and XP systems. (I'll explain all these terms in a minute.) The result is fast, secure, reliable, and recoverable protection for files and folders on Windows systems.
Certificates, Public Key Infrastructure, and Encryption
Unless you've been living in a cave and running Windows 3.1, you've undoubtedly heard of public key encryption. However, to understand how EFS works, you have to understand how a public key infrastructure works, since that's the basis of Microsoft's approach to encryption.
Public key cryptography relies on two keys to encode and decode information:
- The public key is just what the name implies—public. It's made available to anyone who wants it.
- The private key, on the other hand, is closely guarded.
A public key system encrypts with the public key and decrypts with the private key. The two, called a key pair, are mathematically related, but the keys are chosen so that deriving one from the other is so difficult as to be effectively impossible. (Unfortunately, this has the side-effect of making the process of encryption and decryption computationally intensive as well.)
One key in each pair, the public key, is published. Anyone can use it to encrypt a message to the key's owner. However, only the key's owner can read the message, because it must be decrypted with the other key—the private key.
There are two big advantages to public key cryptography:
- There's no need to provide the message sender with secret information to encode the message. Most other cryptographic systems, called private key systems, need a way to send the key over a secure channel so the sender can put the message in code.
- By combining the sender's private key and the message in a specified manner, the sender can generate a digital signature that can be used not only to verify the sender (without compromising the sender's private key), but also to demonstrate that the message has not been tampered with.
But public key cryptography doesn't completely do away with the need for a secure communication channel. To make public key cryptography truly public, you need a secure way of exchanging public keys. Otherwise users can be tricked by phony public keys. This is a much easier problem than exchanging secret keys, but in essence you've got to be sure that the public key you've received is actually from the purported sender.
That's the purpose of the public key infrastructure (PKI). One of the most common methods of establishing a PKI is by setting up a hierarchy of Certificate Authorities (CA), which issue special keys called certificates that verify the identity of the parties. Each CA in the hierarchy can issue a certificate guaranteeing the identity of a user, and all the other Certificate Authorities in the hierarchy will accept those certificates because they trust the issuing CA. If you can trust the Certificate Authority, you can trust the public keys they authenticate.