I'm starting to use EFS feature to encrypt several folders of my hard drive, using Right click > Properties > Advanced > Encrypt contents to secure data (see screenshot).
At the end of the process, a wizard suggests that I should save a copy of certificate on a safe place:
But I don't want to rely on a file certificate stored on 1, 2 or even 10 different places, that seems complex. And can lead to catastrophes requiring black magic to recover the files. I would prefer to remember a password (even if it's a long password).
Question: Let's say folder C:\Test is EFS-encrypted on computer A. If I move its hard drive to computer B (example: computer A failure!), how to recover the folder C:\Test , with just a password (and no other complex method like certificates, etc.)?
In other words: can we avoid complex certificates methods (involving certificate files), and use a good (strong) password instead for EFS encryption/decryption?
Best Answer
After some time spent in this question:
It's impossible. EFS works with certificates, and not just "a password".
We have to backup the
.pfxcertificate file, and to import it on computer B, before being able to decrypt the files on computer B.If one day we want to remove the certificate on computer B, here is the solution.