With the popularity of Win 2000/XP, the NTFS partition format has gradually become popular. Many friends use the EFS (Encrypting File System) that comes with Win 2000/XP to encrypt some important data. However, if there is no personal encryption certificate and key file backed up after reinstalling the system, the encrypted file will not be accessible (including copying), or even deleted (can only be deleted by formatting). Therefore, the backup and recovery of digital certificates is very important. 1. Back up the digital certificate. Type “MMC” in “Start → Run”, open “Console”, click “File → Add/Remove Snap-in”, then click “Add”, double-click in the “Management Unit” column. Certificate, the Certificate Management Unit window pops up; if you log in as a non-administrator user, the Certificate will be automatically loaded; if you are logged in as an administrator, click My User Account, and then click Finish. Going back to the "console root node", the general personal certificate will be placed under the "personal" and "trusted person" branches, so to back up the digital certificate you need to go to these branches to view or find. Select a certificate and in the "Expected Purpose" column in the right pane, you can learn the purpose of issuing a certificate, such as "File Encryption System". Right-click the certificate, select "All Tasks → Export", open the "Certificate Export Wizard", and follow the prompts. Tip: 1. It is recommended to select "No, don't export private key" in the "Export private key" window (this option is only displayed when the private key is marked as exportable and can be used with a private key, such as the digital certificate of the file encryption system). . Otherwise, you will need to enter a password to protect the private key, so you will need to provide it when you restore this certificate. 2. If you only need to back up the digital certificate of the file encryption system, you can use the "Certificate Purpose" view mode (check "Certificate - Current User", click "View → Options", and select "Certificate Purpose" in the "View Mode" column. The item can be selected; then select the "Encrypting File System" branch in the "Console Root Node" window, find the corresponding encrypted file digital certificate in the right window, and export directly as described above. 3. If you just want to export the current user's own certificate (instead of managing all kinds of certificates as an administrator), you can click "Tools→Internet Options" in IE, enter the "Contents" tab, click the "Certificate" button, in Select the certificate you want to export in the Certificates window that opens, and then export as described above. A quick way to do this is to select the certificate you want to export and drag it directly into the folder where the certificate is stored. Second, restore the digital certificate 1. Directly open the "Certificate - Current User" branch, select the logical storage area to be imported into the certificate (view mode is "logical certificate storage"), such as "personal", right click, select "all tasks" →Import, open the Certificate Import Wizard and follow the prompts to complete the certificate import. If you are importing a certificate with a protected password, you will also need to enter the appropriate password. Of course, we can also operate in IE, click "Tools → Internet Options", enter the "Content" tab, click the "Certificate" button, and then import the corresponding digital certificate. 2. Specify the recovery agent to open "Control Panel → Administrative Tools → Local Security Policy", right click on "Public Key Policy → Encrypting File System", select "Add Data Recovery Agent", and "Recovery Agent Wizard" Select the user who is the agent or the CER file for the user with a failback certificate. When recovering encrypted data, first log in to the computer as the user who is designated as the data recovery agent, import the certificate of the agent user with the fault recovery function into the computer (the specific import method is the same as above), and then the data (file or file) that needs to be restored. Right click on the folder, select "Properties", click "Advanced" in the "General" tab, cancel the "Encrypt content to protect data" check box to restore the encrypted data. What is a digital certificate? A digital certificate, also known as a CA certificate (referred to as a certificate), is actually a long string of codes, including the name and related information of the certificate applicant, the public key of the applicant, the digital signature of the CA that issued the certificate, and the validity period of the certificate. The content is usually saved on the computer hard disk or IC card. The digital certificate is generally issued by the CA certification center to prove the unique correspondence between the certificate body (the “certificate applicant” is the “certificate subject” after obtaining the certificate issued by the CA certification center) and the public key contained in the certificate. Because the encryption process is irreversible and can only be decrypted with a private key, the management of digital certificates is especially important. In practice, a method of backing up or specifying a certificate recovery agent is generally adopted.