I am new to WIndows EFS and find it very useful except with a problem, can't access those files in another Windows PC. I find some tutorials on how to access them in other windows PCs(1, 2). After reading them, I have some questions:
- After importing the Encryption key to other pc to access the encrypted files in that PC, will the key be stored in that system forever?
- If the above is true, will they be able to access other encrypted files I give to them after that?
Best Answer
Well, as long as their Windows account exists, and as long as they don't delete the key (e.g. via the Certificate Manager,
certmgr.msc). Aside from that, it does not have any self-destruct date.Yes. (So, in general, it is fairly stupid to give someone else your own EFS key.)
Instead, remember that these keys are like SSL certificates, with a public half & a private half. Under Properties → Advanced there is a list of all users who should have access. So you could import someone else's public key (the certificate), and add it to the list for your files.