After adding Attachment Windows 7 asks to Backup EFS Key

Hi,

yesterday I added an Attachment to a Login entry. After that, I did open the Attachment in 1Password and a Windows Tool pops up and ask me to save an EFS Key. I did cancel this popup window.

Today I did restart my Computer and the Windows EFS tool did start again via Autostart and was shown in my Windows Systray.

I found another discussion from 2014 which describes the same issue, but the discussion has also been closed:
https://discussions.agilebits.com/discussion/32553/windows-asking-to-backup-encrypting-file-system

My Question: Why did this Windows tool pops up and how can I prevent, that this tool will start again after a restart of my notebook?
Where do you store the encrypted temp files during opening process of an encrypted attachment?

Thanks a lot.

Regards

Finke


1Password Version: 4.6.0.592
Extension Version: Not Provided
OS Version: Windows 7 / Windows 10
Sync Type: Not Provided

Comments

  • MikeT
    edited November 2015

    Hi @Finke03,

    If you close the pop-up, Windows will continue to remind you until you save the encryption key. The reason for this persistence is that if you don't back up this encryption key, there is no way to restore any encrypted content on your drive that you choose to encrypt with Windows' Encrypting File System feature. 1Password does not use this feature for its own encryption but it does use this for storing your decrypted content in a separate location when needed, such as viewing your attachments temporarily.

    We've described this in more details in our guide here, but basically, when you view your attachment in 1Password, we export it to your user's temp folder ( C:\Users\your-name\AppData\Local\Temp) and encrypt it with Windows' encrypted file system. As soon as you terminate the program, we clear the data.

  • Finke03
    Finke03
    Community Member

    Hi MikeT,

    thanks a lot for your fast response, but I have some problems to understand this.
    What do you mean with "there is no way to restore from your backups" and "All encrypted contents would be unusable without this key"?
    I thought that my Attachments are included in the 1P Vault and encrypted with my Masterpassword? Which Backup do you mean? Why it's necessary to save another key? I only want to use these attachments via 1P and the possibility to export from 1P if necessary. In addition I thought the Attachments will be decrypted and saved unencrypted by an export?

  • MikeT
    edited November 2015

    Hi @Finke03,

    You are correct, your attachments inside 1Password are encrypted and stored within your data folder, and they're encrypted by your master password. You can back up as much as you want and export using just your 1Password master password. I am referring to your general Windows data that is not limited to 1Password.

    The Windows's Encrypting File System is a feature of Windows that allow you to encrypt your files and folders using Windows and Windows provide you with your own EFS encryption keys. That's what you're seeing in that popup to back up, it is the same key for all files and folders that is encrypted by EFS on your local drive only.

    1Password happens to use EFS temporarily when you view your attachments, we do this because we do not have the capability of rendering your encrypted attachments into something you can use, they're just random data to us. For you to render the files into something usable, you have to use your own program to view the files and the way this works, is that the files has to be decrypted then exported outside of 1Password first into a temporary directory, so you can open it with your programs. To maintain the security of your attachments, we encrypt that temporary folder with Windows' EFS service, this is an external feature provided by Windows, not us.

    Any files or folders you ask Windows to encrypt will be encrypted by Windows's EFS service, which has its own EFS encryption keys. If you back up your drive with a software, these encrypted content cannot be used on another computer (if something happens to your PC for an example) without having a copy of these keys. These are the backups I am referring to and I apologize I wasn't clear before.

  • Finke03
    Finke03
    Community Member

    Hi @MikeT,

    thanks a lot for clarification!
    Now it clear for me and I know what's behind EFS in work together with 1P.

    Regards
    Finke

  • I'm glad I was able to clarify it for you and you're welcome! If you have questions about 1Password or security, don't hesitate to ask us here.

This discussion has been closed.