How to generate a stronger EFS Certificate for file encryption

Jorg Smash 1

If I use the built-in certificate creation tool in Windows 10, for EFS certificates, I can generate certificates for my user account, but they are created with a SHA-1 hashing algorithm. I tried searching online but couldn't find anything.

Can I use the built-in windows certificate creation tool to create a self-signed certificate that uses a SHA-256 hashing algorithm? I want to use the certificate to encrypt files on my HDD.

Daisy Zhou 22,476 Reputation points Microsoft Vendor

2021-06-10T05:12:40.397+00:00

Hello @Jorg Smash ,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Daisy Zhou 22,476 Reputation points Microsoft Vendor

2021-06-21T03:25:57.983+00:00

Hello @Jorg Smash ,
I just want to confirm the current situations.
Please feel free to let us know if you need further assistance.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

7 answers

Daisy Zhou 22,476 Reputation points Microsoft Vendor

2021-06-17T02:28:51.52+00:00

Hello @Jorg Smash ,

Thank you for posting here.

You can try standalone CA, since Standalone CA do not require Active Directory domain.

Difference between Microsoft ADCS Standalone CA and Enterprise CA
https://serverfault.com/questions/826444/difference-between-microsoft-adcs-standalone-ca-and-enterprise-ca/826624

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Hope the information is helpful.

Should you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Gyula Szegedi 0 Reputation points

2023-03-13T02:04:04.8266667+00:00

This article is a bit old but I might have some useful info to this.

Your issue gave me an idea and I was playing around with certificates. Using openssl I generated much more sophisticated key pairs and I was able to use that key to encrypt folders/files. To make it more secure, I uploaded the private keys and certificates to my Yubikey 5C and whenever I had to get access to the encrypted files, the hardware key must have been inserted (and also touched in my case).

I can put some details here if anyone is interested in it.
Please sign in to rate this answer.
Scott Dafoe 0 Reputation points

2024-07-19T22:35:22.52+00:00

Could your provide details on how you accomplished this? I created a cert with openssl but was not able to select it when managing certs for EFS after importing it.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

How to generate a stronger EFS Certificate for file encryption

7 answers

Your answer