Como posso transferir um certificado de uma conta para outra no Windows?

2

Para encurtar a história, eu tenho um arquivo de configuração para uma ferramenta que contém informações confidenciais e o cliente quer que elas sejam criptografadas. Eu quero usar o EFS para isso, mas há um problema: a conta fazendo a instalação (e assim a criptografia) não pode ser o mesmo executando a ferramenta (o porque não são importantes neste momento), então aqui está a minha pergunta:

Existe uma maneira de transferir um certificado usado para descriptografia de um usuário para outro no mesmo computador no Windows Server 2012?

Obrigado antecipadamente

    
por Teocali 03.07.2014 / 14:20

1 resposta

3

A maneira mais fácil de fazer o que você deseja, provavelmente fazer uso da opção de Compartilhamento de Arquivos Criptografados presente para Arquivos criptografados por EFS .

You can enable EFS file sharing in an encrypted file’s advanced properties, which you can access from the Advanced button on the General tab of a file’s properties. Before you can share an encrypted file, the file must obviously be encrypted. If a file is encrypted, you will notice that the Details button in the file’s Advanced properties is available. Pressing this button brings up the “Encryption Details for…” dialog box. (By the way, in Windows Vista this dialog box is titled “User Access to”). From this dialog box you can share an encrypted file with other users. The sharing of an EFS encrypted file is not an explicit privilege of the user account that encrypted the file and shared it with another user. For example, Jan may have encrypted the file and decided to share it with Katrien. Katrien on her turn may then have decided to share it with Wim. The only condition is that the user that you want to give access to an encrypted file has a valid EFS certificate that's stored either in the local certificate store on your PC or in Active Directory (if your machine is joined to an AD domain).

Como alternativa, sim, é possível "compartilhar" o certificado EFS de um usuário com outro usuário - copiando-o entre os armazenamentos de certificados pessoais dos usuários.

From the Select User dialog box, you can access the EFS user certificates that are stored in the Other People and Trusted People certificate containers of your personal certificate store. The Trusted People is a new XP and Windows 2003 certificate container. It contains the EFS certificates of all users that have ever encrypted a file from a particular machine. If your machine is a member of a Windows AD domain, you'll notice that the Find User… button is enabled. Pressing this button lets you access the EFS user certificates that are published in AD. Note that the EFS “Select User” dialog box will display only the valid EFS certificates. This means that the certificate must have the “Encrypting File System” purpose enabled in its properties, and also that the certificate must be valid and should not have expired. If you want to share encrypted files with people whose EFS certificate is not available in one of the above repositories, you can always import it manually into AD or your certificate store.

    
por 03.07.2014 / 14:25