A:
Yes, starting with Windows Server 2008 and Windows Vista, Microsoft supports storage of the EFS private key on a user’s smart card. Microsoft provides
a Group Policy Object (GPO setting that will require the use of a smart card for EFS. You can find this setting in the properties of the Encrypting
File System container in the Computer ConfigurationWindows SettingsSecurity SettingsPublic Key Policies folder.
As Figure 1 shows, the Encrypting File System Properties dialog box includes the Create caching-capable user key from smart card configuration
option. This setting lets the administrator select either the cached or non-cached mode of operation for the EFS private key storage on smart cards.
Figure 1: The Encrypting File System Properties dialog box (Click image for larger view
Non-cached mode means that all EFS decryption operations that require the user’s private key are done on the smart card. Cached mode means that Windows
automatically derives a special symmetric key from the user’s private key and caches it in protected system memory on the computer, not on the smart
card. Cached mode implies that all standard EFS operations that normally involve the user’s private key are replaced with symmetric cryptographic
operations that use the special symmetric key.
Cached mode positively impacts EFS performance when using smart cards for private key storage because EFS doesn’t need to call on the smart card
processor for every EFS encryption or decryption operation. Cached mode also eliminates the need to keep the user’s smart card plugged in to the smart
card reader. You can enable the EFS cached mode of operation for the EFS private key storage on smart cards by selecting the Create caching-capable user key from smart card option on the General tab in the EFS properties dialog box, as Figure 1 shows.
Читать полностью или написать коммент.. Про установку спутниковых тарелок в Московской областиhttp://tarelka-tv.ru/
Комментариев нет:
Отправить комментарий