Encrypting CDRW

LiamC

Storage Is My Life
Joined
Feb 7, 2002
Messages
2,016
Location
Canberra
Is their a(n) (easy) way to encrypt/otherwise render unreadable a CDRW by someone other than the person who wrote it under XP?
 

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
As far as I know there is no way to password protect a CD, however you can use a container like PGP, zip, RAR, etc to password protect individual folders or files.

But this relies on the necessary program being installed on the end user's machine. You could easily burn a copy of PGP tools, RAR, zip, etc with the CD. That should take care of most cases.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,656
Location
I am omnipresent
Website
s-laker.org
You should be able to use EFS. You'll have to encrypt the files/folders first on an NTFS partition, but they don't lose their encrypted status for being put on other media.

You'll want to export and store your Encryption certificate on some kind of removable media, and I suppose also carry it around a floppy or a thumb drive, so you can read your CD someplace besides your PC.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,656
Location
I am omnipresent
Website
s-laker.org
The basic rule of thumb with EFS is don't mess with it.
I'm not aware of a program that can easily break EFS-based file encryption, so if you encrypt something and lose the recovery keys, you're SOL.

EFS is a feature of NTFS.
A file can't be encrypted and compressed using NTFS builtin compression simultaneously.

You can make a folder (generally a better idea than a single file) encrypted by using the Advanced button on the "General" properties sheet for that file/folder.
Doing so puts the folder/file in a state where it can only be read by the user who encrypted the file, and by designated Key Recovery Agents. Under XP and 2003 Server you can also click the "details" button to pass the recovery key on to other users.

By default, the designated Key Recovery Agent is the Local Administrator account (for standalone PCs) or the Domain Administrator account (for PCs belonging to a domain; note that this isn't the "domain admins" local group). This key is tagged to that, specific account. If you encrypt a file in one domain and your computer moves to another, the new domain admin won't have your old EFS key.
By the same token, and this is where idiots get in trouble, if you encrypt something and then reload windows on your standalone windows PC, unless you backed your key up on removable media, you've just lost the ability to view your encrypted files. Whoops.

To back up an EFS key, log in or runas as Administrator (literal "administrator") and run secpol.msc (or go to administrative tools and do "Local Security Policies"), or dompol.msc (admin tools: domain security policies).
Expand Public Key Policies and then Encrypted Data blahblah.
You'll see all the EFS keys that have been generated on your PC/domain. Right click, choose "All Tasks > Export" to save the key elsewhere. There are a couple different Key formats, but the default is x.509. Click next a few more times and your key will be backed up to a file. You may at that point delete your stored key if you want.

To restore a key, log in as Administrator or whoever your Key Recovery Agent is, and double-click on the .PFX file from your backed-up key. This will start a key import wizard that will ultimately allow you to open someone else's encrypted file.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
Thanks, Merc. Real-world experience is priceless! I appreciate the insights you've shared. I'm saving this thread.
 

MaxBurn

Storage Is My Life
Joined
Jan 20, 2004
Messages
3,245
Location
SC
Heh, I ran into the encrypted file system with one customer I was doing a backup with. Their computer completely died (caps on the motherboard) I did a little research and tinkered around with it and finally had to just put the drive in another computer and reactivate windows. I don't know what you would do if you had damaged system files and couldn't boot.
 
Top