Successive EFS Certificate and Private Key Exporting Files Different

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Eric - 19 Dec 2003 21:28 GMT

I have been testing EFS and its recovery as throughly as
possible before implementing it, and I ran into an
unexpected condition.

If I successively export the same unchanged certificate
and private key to two different .pfx files, the files are
the same length but do not compare equal. I don't know if
this is because the .pfx files are date/time stamped or
because of the Strong Encryption (iteration count) used
during the export.

I tried to do a Knowledge Base search but was unable to
find any information of why this is happening or even if
doing successive exports possibly invalidates previously
exported .pfx data.

My questions are:
1. Are all of the successively exported (from an unchanged
certificate) .pfx files valid to use for recovery or just
the most recently exported one?
2. Is there any way to compare the "live" EFS certificate
and private key to a .pfx file without having to import
the information?
3. What/where is an explanation for the significance of
the Strong Encryption "iteration count"?

Reply to this Message

David Cross [MS] - 20 Dec 2003 16:30 GMT

1. all are valid.

2. not against a pfx file, no.

3. it is really a cryptographic technique to prevent brute force attacks
against the encrypted file

you will not see the same exact file every time, otherwise it would be
subject to various cryptographic attacks.

Signature

David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

> I have been testing EFS and its recovery as throughly as
> possible before implementing it, and I ran into an
[quoted text clipped - 21 lines]
> 3. What/where is an explanation for the significance of
> the Strong Encryption "iteration count"?

Reply to this Message