A few days ago I explained how Windows XP, Windows 7 and Windows 8 users could easily encrypt files and folders using the built-in windows encryption files service called EFS.
Although everything is simple and automatic when using EFS, there is a chance you could lose access to your encrypted data if the EFS certificates become corrupted or you change your password using Admin tools vs. the standard password change tool. To protect yourself from this, today I’ll explain how to backup your EFS Private Key Certificates.
Note: Although the screenshots below are taken from my Windows 8 desktop, the process is exactly the same from a Windows 7 desktop.
How to Backup your EFS Private Key Certificate
Open Internet Explorer and Click the Tools icon (ALT+X) on the Internet Explorer toolbar and click Internet Options.
Click the Content tab.
Click the Certificates.
Click the EFS Certificate you want to backup / export and click Export.
The Certificate Export Wizard will open. Click Next.
Select the Radio Button to export your private key and click Next.
Leave the next screen with defaults. Click Next.
Type a Secure password or passphrase you won’t forget… and click Next.
Note: This password will be needed to later import the EFS Private key. This password is not recoverable so don’t lose it.
Type a name for the Certificate and Click Next.
Note: When I backup my EFS private keys, I name the Cert based on the machine and store the certificate in my Dropbox folder to back it up in the event of a hard drive crash. You can never be to safe with encryption keys…
Click Finish to complete the backup.
As I’ve said dozens of times, security is all about layers. The more layers you implement, the more secure your environment will be. With this in mind, encryption is just 1 layer you should implement on your PC. For a more complete guide on good computer security, be sure to read my 10 Step Security Guide.