CAA: Christian Anime Alliance

A bunch of years back I'd discovered that with Windows XP I could set 'Encrypt' and 'Compress' attributes for files. I thought this was cool since by compressing old video footage I could shrink down the space it needed. And I used the 'Encrypt' attribute on my writings folder. It really wasn't necessary 'cause who was really going to poke around in my writings, but I guess I thought it was cool.

Well, last Sunday I got some weird problem that caused most programs to freeze up when trying to access the Internet (Firefox, Outlook Express, MSN, Filezilla, etc). I puzzled away for some time and then finally repartitioned the partition with Windows XP Pro and reinstalled it. All my data is on a second hard drive so I wasn't worried about that. Soon I had a squeaky clean system again, running nice and fast. I installed my programs and I was off and running on Monday evening. I thought I'd work on one of my stories while I was waiting for something to download. By Wordpad said that it couldn’t open the file. I was like, "Say what...?" I tried some other files in the folder (all with green filenames, showing they were encrypted) and I couldn't open any of them. My joy at having a new system was rapidly replaced with horror.

I did a bunch of research online and discovered that Windows XP's Encrypting File System was working precisely the way it was supposed it. I never backed up any of my user profile stuff 'cause I didn't need any of it (or so I thought). My private key was well and truly gone. I considered looking into the possibility of recovering the partition and perhaps getting a hold of the files from the previous system but it didn't seem likely at all. I'm not sure quite how I'd even start...

Thankfully I managed to find copies of most of my writing online or on other computers. Still I lost my entire most recent story (not that long, but still it hurts). And I lost a big chunk of an old, unfinished piece, which I think I would have a hard time reconstructing from memory.

What really toasted my oats about this whole thing was that Windows XP gives no warning whatsoever when one encrypts files. I read the notes on EFS that I found in the XP Help and Support Center and they likewise give no warning that if the user profile is deleted the encrypted files are virtually useless. OK, so I guess I could have backed up my user stuff or read up on EFS but there was never any indication that there was anything to worry about. Maybe I'm just slow. Anyway, I won't be using EFS again! And I ordered a Comstar 320GB external hard drive today. Time for a regular backup routine.

Yeah. Don't do that again. Just because it says you can and has no warning messages next to it doesn't mean you should.

Yeah. That's what happens with Encrypted files in XP.

When you encrypt a file, it can only be opened by the computer that encrypted the file because it creates a "key". Reinstalling XP recreates the "key" which the file you encrypted doesn't recognize. It's as though you tried opening the file on another computer.

In computers with a "Trusted Computing Module" and Vista, it does the same thing, except the key is stored in hardware. You can't back it up.

I now understand roughly how EFS works. I guess I just got used to Windows' myriad warning messages preventing people from doing anything too stupid without knowing about it. But hey, you live and you learn.

With proper key backup/recovery agents, EFS can be very useful. When you're doing things on your own, though, you have to remember that the files are encrypted.

There's a reason why it's hidden behind that "advanced" button.

Kaligraphic wrote:With proper key backup/recovery agents, EFS can be very useful. When you're doing things on your own, though, you have to remember that the files are encrypted.

It is a nice system for sure. Secure and very easy to use.

Kaligraphic wrote:There's a reason why it's hidden behind that "advanced" button.

All the fun stuff is behind the 'Advanced' button! ß-)