1 / 7

Encrypted File System Key Recovery

Encrypted File System Key Recovery . Philip Noble (520) 538-7608 or DSN 879-7608, philip.e.noble.civ@mail.mil U.S. Army Information Systems Engineering Command Fort Huachuca, AZ 85613-5300 27 Jul 11. The Problem:.

prem
Télécharger la présentation

Encrypted File System Key Recovery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Encrypted File System Key Recovery Philip Noble (520) 538-7608 or DSN 879-7608, philip.e.noble.civ@mail.mil U.S. Army Information Systems Engineering Command Fort Huachuca, AZ 85613-5300 27 Jul 11

  2. The Problem: The introduction of Microsoft’s Encrypted File System has been a boon to file-level security within the DoD. If a laptop is lost, critical data such as HIPAA or PII is not readily recoverable by the finder provided the sensitive data was previously encrypted with either EFS or Bit Locker. Certain versions of the current Army operating system appear to be configured to require the use of the user’s Common Access Card (CAC) to encrypt the symmetrical session key that physically encrypts the user’s files. When the user has to get a new CAC, they discover that the files are no longer accessible. Even after the user’s old Email Encryption key is recovered, the user cannot recover the encrypted files because the user cannot use a software private key because of security settings.

  3. The Solution: • The solution is to either: • Install the software private key on a hardware token • Request the responsible Key Recovery Agent decrypt the symmetrical key for the user • Change the security settings to allow the use of a software private key. • The simplest choice is to permit the use of a Software private Key The following slides identify the procedure to enable the use of a software key to recover encrypted files.

  4. Software EFS Recovery http://technet.microsoft.com/en-us/library/cc749610(WS.10).aspx Microsoft Technet discusses the Group Policy Object that controls the use of hardware and software keys for EFS. Use the Group Policy Management Console (gpedit.msc) or the Local Group Policy Editor (secpol.msc) to configure the EFS options. To view or change the options, expand the Public Key Policies node, right-click Encrypting File System, and then click Properties. The Policy in question is: Require a smart card for EFS - If enabled, software certificates cannot be used for EFS. Set this policy to disabled for use of a soft certificate to recover an EFS file system.

  5. Software EFS Recovery Additional Notes: 1. After the setting is applied, the user may need to run "gpupdate.exe /force" or reboot the platform to inherit the new configuration. 2. The setting should only be temporarily modified for recovery purposes and then reset to require smart cards. 3. There is also a known issue with some versions of the enpasflt.dll and the import of the soft recovery certs.

  6. Software EFS Recovery • To open encrypted files stored on a system partition after re-installing the operating system, • follow the steps below to re-install your original certificate and key. • Save the recovered Encryption key from the DISA ARA website • Open Certificate Manager by clicking the Start button , typing certmgr.msc into the Search box, and then pressing ENTER.‌ • Click the Personal folder. • Click the Action menu, point to All Tasks, and then click Import. This opens the Certificate Import wizard. • Click Next. • Type the location of the file that contains the certificate, or click Browse and navigate to the file's location, and then click Next. • If you have navigated to the right location but don't see the certificate you are importing, then, in the list next to the File name box, click Personal Information Exchange. • Type the password, select the Mark this key as exportable check box, and then click Next. • Note • Do not enable strong private key protection. • Click Place all certificates in the following store, confirm that the Personal store is indicated, click Next, and then click Finish. • After you import the certificate, shut down and restart your computer (not a reboot), you should have access to the encrypted files.

  7. POC for Additional Information Philip E. Noble USAISEC Information Assurance and Security Engineering Directorate (IASED) DSN 879-7608 CML 520-538-7608 FAX DSN 879-8709 CML 520-538-8709 philip.e.noble.civ@mail.mil philip.noble@us.army.smil.mil philip.noble@conus.army.smil.mil

More Related