decrypting email in pst file with efs data recovery certificate???

P

philipingrandisson

(Excuse my english, i'm french)

I wish to encrypt my mail communication between the users in my internal
network. I use my certificate autority to distribute users certificates who
their allows to make it.

I noticed during my tests that it’s not possible to use my efs recovery
agent to decrypt the coded emails which is in the ,PST files of my users. How
may I get back these important emails in case of needs?

thanks
 
B

Brian Komar

S/MIME is not EFS! An EFS Recovery agent certificate has absolutely no
access to encrypted emails.
The only way you are going to be able to recover email is to implement Key
Escrow.
This requires the use of version 2 certificate templates, and an enterprise
CA running on Windows Server 2003 Enterprise Edition.

Brian
"philipingrandisson" <philipingrandisson@discussions.microsoft.com> wrote in
message news:3FBCC384-C8F3-46A6-90B3-259191860FA7@microsoft.com...
> (Excuse my english, i'm french)
>
> I wish to encrypt my mail communication between the users in my internal
> network. I use my certificate autority to distribute users certificates
> who
> their allows to make it.
>
> I noticed during my tests that it’s not possible to use my efs recovery
> agent to decrypt the coded emails which is in the ,PST files of my users.
> How
> may I get back these important emails in case of needs?
>
> thanks
>
 
P

philipingrandisson

Re: decrypting email in pst file with efs data recovery certificat

yes, i have an entreprise CA running on my network and it running on windows
server 2003 entreprise R2.

Did you have a procedure to do this and to explain key Escrow?

thanks.

"Brian Komar" wrote:

> S/MIME is not EFS! An EFS Recovery agent certificate has absolutely no
> access to encrypted emails.
> The only way you are going to be able to recover email is to implement Key
> Escrow.
> This requires the use of version 2 certificate templates, and an enterprise
> CA running on Windows Server 2003 Enterprise Edition.
>
> Brian
> "philipingrandisson" <philipingrandisson@discussions.microsoft.com> wrote in
> message news:3FBCC384-C8F3-46A6-90B3-259191860FA7@microsoft.com...
> > (Excuse my english, i'm french)
> >
> > I wish to encrypt my mail communication between the users in my internal
> > network. I use my certificate autority to distribute users certificates
> > who
> > their allows to make it.
> >
> > I noticed during my tests that it’s not possible to use my efs recovery
> > agent to decrypt the coded emails which is in the ,PST files of my users.
> > How
> > may I get back these important emails in case of needs?
> >
> > thanks
> >
>
 
B

Brian Komar

Re: decrypting email in pst file with efs data recovery certificat

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/kyacws03.mspx
Brian

"philipingrandisson" <philipingrandisson@discussions.microsoft.com> wrote in
message news:1AC2307F-1F51-4DD1-848E-0BE992C6BACC@microsoft.com...
> yes, i have an entreprise CA running on my network and it running on
> windows
> server 2003 entreprise R2.
>
> Did you have a procedure to do this and to explain key Escrow?
>
> thanks.
>
> "Brian Komar" wrote:
>
>> S/MIME is not EFS! An EFS Recovery agent certificate has absolutely no
>> access to encrypted emails.
>> The only way you are going to be able to recover email is to implement
>> Key
>> Escrow.
>> This requires the use of version 2 certificate templates, and an
>> enterprise
>> CA running on Windows Server 2003 Enterprise Edition.
>>
>> Brian
>> "philipingrandisson" <philipingrandisson@discussions.microsoft.com> wrote
>> in
>> message news:3FBCC384-C8F3-46A6-90B3-259191860FA7@microsoft.com...
>> > (Excuse my english, i'm french)
>> >
>> > I wish to encrypt my mail communication between the users in my
>> > internal
>> > network. I use my certificate autority to distribute users certificates
>> > who
>> > their allows to make it.
>> >
>> > I noticed during my tests that it’s not possible to use my efs recovery
>> > agent to decrypt the coded emails which is in the ,PST files of my
>> > users.
>> > How
>> > may I get back these important emails in case of needs?
>> >
>> > thanks
>> >
>>
 
You must log in or register to reply here.

Similar threads

F
Decrypting file is impossible
Replies
0
Views
64
F.Z1
F
H
How do I get in contact with a data support agent?
Replies
0
Views
92
HackedbyChina
H
P
Windows Vista; Backup EFS Certificates and Recovery Keys; Signing in to backup failure
Replies
0
Views
294
Peony Lothran
P
D
Windows Vista; Backup EFS Certificates and Recovery Keys; Signing in to backup failure
Replies
0
Views
331
Donnamira Fairbairn
D
B
Encrypting File System (EFS) BackUp question
Replies
0
Views
157
Benny W
B
Back
Top Bottom