What is a backup of your file encryption key in Windows Vista?
In this article I will show you how to backup your file encryption key in Windows Vista. Instead of jumping directly to the ‘how’ in the next section, unless you are very comfortable with terms in relation to Public Key Infrastructure (PKI), you may want to read this introduction as it will lay the foundation for successfully backing up your file encryption key.
Encrypting File System (EFS) in Windows Vista and previous versions of Microsoft Windows operating systems handles your encrypted files by a digital certificate and a private key.
The EFS digital certificate is an object which binds together your identity and your public key of the private/public keypair. Such a certificate, which could also validate a service or device, is signed by Windows acting as the issuing authority, and valid till a predefined point in time; in Vista, by default, your EFS certificate is valid long enough to outlive you.
The EFS private key is used for decryption purposes, and protected by a password. If for one reason or another the private key of your Windows Vista gets lost or corrupted there is NO WAY of recovering your encrypted data should you not have a backup of your private key. Along the same lines is it crucial that you remember its password.
Although less optimal, it is possible to have more than one certificate and thus, private keys with identical or different passwords. Therefore, when you backup your file encryption key in Windows Vista you save a file containing at least one certificate, and, with method 1 shown below, automatically your associated password-protected private key(s).