Microsoft Windows Security - Easily Generate A New Encryption Key To Replace One That's Been Compromised (Microsoft Windows XP/Server 2003)


As you know, the Encrypting File System (EFS) can protect your data from unauthorized access by encrypting it at the file or folder level. You can easily encrypt your files or folders through the Microsoft Windows GUI.


Under the hood, however, EFS is a bit more complicated. It's based on encryption keys that are in turn based on digital certificates. The first time a user attempts to encrypt a file or folder, the system automatically issues an EFS certificate for that user.


But, what if the user's encryption key is compromised? Fortunately, there's a way to generate a new key, using the cipher.exe utility included with Microsoft Windows XP and Server 2003.


To generate a new encryption key, log in using the user account that requires the new key. Then, at the command prompt, enter cipher /k. In a moment, you should see a message notifying you of the thumbprint information for the new encryption certificate. It's that easy!

Go back