Use a smart card for file encryption

If you use a smart card with your computer, you can add an encryption certificate to it so that you can use it to encrypt files. To make sure you can always access your encrypted data, you should create a recovery certificate and store it on removable media, such as a CD or USB flash drive. For more information, see Create a recovery certificate for encrypted files.

To use your smart card for file encryption

  1. Attach a smart card reader to your computer, and then insert the smart card.

  2. Open User Accounts by clicking the Start button Picture of the Start button, clicking Control Panel, clicking User Accounts and Family Safety (or clicking User Accounts, if you are connected to a network domain), and then clicking User Accounts.

  3. In the left pane, click Manage your file encryption certificates. This opens the wizard to change the certificate associated with your encryption key.

  4. In the Encrypting File System wizard, click Next.

    Show all

    If your smart card already contains a certificate for file encryption

    1. Click Use this certificate, and then click Select certificate.

    2. In the Select the certificate you want to use dialog box, click the encryption certificate that's on the smart card, and then click OK.

    3. Type the smart card PIN when prompted, and then click OK.

    4. Make sure the smart card certificate appears in the Certificate details, and then click Next.

    5. You can update your encrypted folders and files with the smart card certificate now or later. Either click the folders you want to update, or select the I'll update my encrypted files later check box, and then click Next.

    6. Type the PIN if it's requested, and then click OK.

      If you are changing the smart card you use to encrypt files, insert the new card and type the PIN first, and then insert the old card and type the PIN. Follow the instructions in the dialog box.

    If your smart card does not contain a certificate for file encryption

    1. Click Create a new certificate, and then click Next.

    2. Click the type of certificate you want to create.

    3. Type the smart card PIN when prompted, click OK, and then click Next.

    4. You can update your encrypted folders and files with the smart card certificate now or later. Either click the folders you want to update, or select the I'll update my encrypted files later check box, and then click Next.

    5. Type the PIN if it's requested, and then click OK.

      If you are changing the smart card you use to encrypt files, insert the new card and type the PIN first, and then insert the old card and type the PIN. Follow the instructions in the dialog box.

Note

  • If you choose to update files that were encrypted with a previous smart card, you will be prompted for that card and the PIN during the update process. If you don't have the old card, you can skip the files and continue updating all other files.