Hard disk encryption
Note | |
Malfunctions Do not encrypt the entire system partition, Windows system files or the TwinCAT folder. This can lead to malfunctions. |
The purpose of hard disk encryption is to prevent unauthorized access to stored data.
There are several methods for encrypting data on storage media. One approach encrypts certain data (e.g. Microsoft EFS), others an entire partition.
An important aspect is key management:
- Who should be allowed access?
- What authentication options are there? (USB token, PIN, password, user name + password, etc.)
- How are the keys managed?
In any case, the data is unprotected once it is decrypted and used.
Activating EFS
- 1. Right-click a folder or file and select Properties from the context menu that opens.
- 2. Open the General tab and click Advanced.
- 3. To encrypt the folder or file, select the Encrypt contents to secure data check box.
- If this is the first data encrypted in this way, Windows automatically creates an EFS certificate in the local certificate store. Make sure the certificate is saved, because otherwise it is impossible to restore the data (see Saving the certificate).
Saving the certificate
- 1. Launch certmgr.msc.
- 2. Click Add, select My user account and click Finish.
- 3. Expand the "Personal" folder and click Certificates
- You should see a certificate with "Encrypting File System" as the "Intended Purpose".
- 4. To save the certificate, right-click on the certificate and select All Tasks > Export.
- 5. Select Export Private Key.
- 6. Select Personal Information Exchange, Include all certificates… and Enable strong protection.
- 7. Specify a password to protect the certificate. This certificate is required later for the import.
- 8. Specify the path under which the certificate is to be saved. Save the certificate in another secure location.