To be able to decrypt a removable storage file if the user forgets the password or the password is lost.
Follow the steps below in order to create certificate to use it during the RS client package creation.
=>Install and configure CA(Enterprise Root CA) on a 2003 or 2008 server.
Now create the Removable storage client package. In the Removable Storage Installation Settings –Encryption Method, select A password or A password and/or one or more certificates.
How to decrypt a file using a certificate which has been encrypted with a password by the user?
Steps to test the decryption of a file using a certificate if a user forgets the password or the password is lost.
Install the removable storage client package created using a recovery certificate. After rebooting the client, plug a usb/thumb drive, copy a file on to the USB from the local drive of the machine. Set a password for the file when prompted.
Note : In case a default password is set, there will no password prompt.
Now on another machine (a non RS client), plug the same usb to access the file which has been encrypted with a password.
Open the removable storage access utility, and you will find a red lock on the file as the file is encrypted.
In order to access the file you would need the .PFX certificate installed on the machine. Copy the .PFX certificate (which you have saved on the server) on to the Non RS client (the machine on which you are trying to decrypt the file).
Install or import the certificate, enter the password, Automatically select the certificate store based on the type of certificate and click on Finish.
Once you have installed the certificate, now open the removable storage access utility again, and this time you would see a yellow lock, which means you can access it.