decrypting email in pst file with efs data recovery certificate???

decrypting email in pst file with efs data recovery certificate???
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
decrypting email in pst file with efs data recovery certificate??? philipingrandis 10-21-2007
Posted by =?Utf-8?B?cGhpbGlwaW5ncmFuZGlz on October 21, 2007, 9:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
(Excuse my english, i'm french)

I wish to encrypt my mail communication between the users in my internal
network. I use my certificate autority to distribute users certificates who
their allows to make it.

I noticed during my tests that it’s not possible to use my efs recovery
agent to decrypt the coded emails which is in the ,PST files of my users. How
may I get back these important emails in case of needs?

thanks


Posted by Brian Komar on October 22, 2007, 8:11 am
If you were  Registered and logged in, you could reply and use other advanced thread options
S/MIME is not EFS! An EFS Recovery agent certificate has absolutely no
access to encrypted emails.
The only way you are going to be able to recover email is to implement Key
Escrow.
This requires the use of version 2 certificate templates, and an enterprise
CA running on Windows Server 2003 Enterprise Edition.

Brian
> (Excuse my english, i'm french)
>
> I wish to encrypt my mail communication between the users in my internal
> network. I use my certificate autority to distribute users certificates
> who
> their allows to make it.
>
> I noticed during my tests that it’s not possible to use my efs recovery
> agent to decrypt the coded emails which is in the ,PST files of my users.
> How
> may I get back these important emails in case of needs?
>
> thanks
>


Posted by =?Utf-8?B?cGhpbGlwaW5ncmFuZGlz on October 22, 2007, 8:22 am
If you were  Registered and logged in, you could reply and use other advanced thread options
yes, i have an entreprise CA running on my network and it running on windows
server 2003 entreprise R2.

Did you have a procedure to do this and to explain key Escrow?

thanks.

"Brian Komar" wrote:

> S/MIME is not EFS! An EFS Recovery agent certificate has absolutely no
> access to encrypted emails.
> The only way you are going to be able to recover email is to implement Key
> Escrow.
> This requires the use of version 2 certificate templates, and an enterprise
> CA running on Windows Server 2003 Enterprise Edition.
>
> Brian
> > (Excuse my english, i'm french)
> >
> > I wish to encrypt my mail communication between the users in my internal
> > network. I use my certificate autority to distribute users certificates
> > who
> > their allows to make it.
> >
> > I noticed during my tests that it’s not possible to use my efs recovery
> > agent to decrypt the coded emails which is in the ,PST files of my users.
> > How
> > may I get back these important emails in case of needs?
> >
> > thanks
> >
>

Posted by Brian Komar on October 22, 2007, 10:55 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/kyacws03.mspx
Brian

> yes, i have an entreprise CA running on my network and it running on
> windows
> server 2003 entreprise R2.
>
> Did you have a procedure to do this and to explain key Escrow?
>
> thanks.
>
> "Brian Komar" wrote:
>
>> S/MIME is not EFS! An EFS Recovery agent certificate has absolutely no
>> access to encrypted emails.
>> The only way you are going to be able to recover email is to implement
>> Key
>> Escrow.
>> This requires the use of version 2 certificate templates, and an
>> enterprise
>> CA running on Windows Server 2003 Enterprise Edition.
>>
>> Brian
>> in
>> > (Excuse my english, i'm french)
>> >
>> > I wish to encrypt my mail communication between the users in my
>> > internal
>> > network. I use my certificate autority to distribute users certificates
>> > who
>> > their allows to make it.
>> >
>> > I noticed during my tests that it’s not possible to use my efs recovery
>> > agent to decrypt the coded emails which is in the ,PST files of my
>> > users.
>> > How
>> > may I get back these important emails in case of needs?
>> >
>> > thanks
>> >
>>


Similar ThreadsPosted
Encrypted Data Recovery Agents August 25, 2006, 3:17 pm
System Crash and Data Recovery August 14, 2007, 9:53 pm
EFS File Recovery June 14, 2006, 5:33 pm
Decrypting a small byte string w/ CryptDecrypt December 22, 2007, 1:10 pm
Recovery policy contains invalid recovery cert July 28, 2006, 12:59 pm
Digital Certificate for Outlook 2007 Email encryption and signing October 9, 2007, 7:33 pm
How do get the Certificate info from at .cat file April 14, 2007, 4:30 pm
Certificate export to a pfx-file with certmgr.exe January 11, 2007, 8:14 am
Certificate request file syntex for critical extensions February 27, 2008, 12:29 pm
Re: what does the "Microsoft data access" "remote data services" add-in do? October 18, 2007, 3:17 am

The site map in XML format XML site map

Contact Us | Privacy Policy