Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Encryption Question 1

Status
Not open for further replies.

lancekidd

Technical User
Jan 26, 2009
55
US
I wanted to see if someone who has really played around with Windows file encryption could help me understand it a little better. I have Windows 7 Pro and the ability to encrypt files, but I'm confused a little as to how portable the files are.

Is it true that encrypted files can only be opened on the machine they were encrypted on? I tested it out by putting an encrypted file on a flash drive that was formatted with the NTFS and it wouldn't let me open it and didn't give me an option to import my certificate, so am I correct on that?

Also, if someone did a drag and drop of one your encrypted files to a drive that was not formatted with NTFS, is it true that the file loses its encryption?

I'm just curious as to how risky it is if you were to have a hard drive or mobo failure, especially if it's true that encrypted files can only be viewed on that machine.

Any advice will be appreciated :) Thanks!
 
I think this page should answer most of your questions:
BitLocker Drive Encryption in Windows 7: Frequently Asked Questions

Encrypted files can only be opened on a machine that has the correct decryption key installed. Keys are unique so you'd have to manually copy the key to other machines if you wanted to share files (although see BitLocker To go).

If someone copied an encrypted file to an unencrypted drive they'd just have a file that couldn't be read on any machine that didn't have the decryption key installed. Having said that, if they had access to your PC and were able to drag & drop files, they'd be able to unencrypt them first too.

If you use BitLocker you really need to store a backup of your key somewhere so you could recover your data in the event of catastrophe (assuming the drive was still readable).

Regards

Nelviticus
 
you could put the key on a thumb drive, that way you would always have it with you when needed.
 
I don't think the OP is using Bitlocker, just NTFS's EFS

>Is it true that encrypted files can only be opened on the machine they were encrypted on?

As long as they remain encrypted (and you are not in a domain and not using PKI), that's basically true.

However, files and folders are decrypted before being copied to a volume formatted with another file system, like FAT32. And when encrypted files are copied over the network (using the SMB/CIFS protocol), the files are decrypted before they are sent over the network.

 
Thanks for the answers. I have exported and backed up my encryption key. I'm glad to know that I can indeed view encrypted files on another machine if I import my key on the machine that I need to view them.

The only thing I don't like about Windows Encryption is that, as strongm said, files are decrypted before being transferred to a volume that isn't formatted with NTFS.

I've heard a lot about BitLocker, so I'm going to check it out just for the heck of it.

Thanks again!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top