EFS Decryption - Lost Certificate

  • Thread starter Thread starter amitava.bhattacharyya@gmail.com
  • Start date Start date
A

amitava.bhattacharyya@gmail.com

Guest
Hi,

Sometime back, I had encrypted a folder on my hard drive. In between,
I changed my password. Obviously, I was denied access to those files
thereafter. So I went back and restored my previous password. Still, I
can't access the files. However, when I check Advanced Properties >
Encryption Attribute Details, my username is shown in the list of
users who have transparent access to the file(s). To add to my woes, I
didn't make a backup of the encryption certificate, and XP has no
default recovery agent, as I learned later.
Is there any way to recover these files? Or are they gone for good?

TIA!
 
Re: EFS Decryption - Lost Certificate

amitava.bhattacharyya@gmail.com wrote:
> Hi,
>
> Sometime back, I had encrypted a folder on my hard drive. In between,
> I changed my password. Obviously, I was denied access to those files
> thereafter. So I went back and restored my previous password. Still, I
> can't access the files. However, when I check Advanced Properties >
> Encryption Attribute Details, my username is shown in the list of
> users who have transparent access to the file(s). To add to my woes, I
> didn't make a backup of the encryption certificate, and XP has no
> default recovery agent, as I learned later.
> Is there any way to recover these files? Or are they gone for good?

You can check with Elcomsoft to see if their program can recover your
encrypted files:

http://www.elcomsoft.com/aefsdr.html

If it can, pay for the program and chalk this one up to a relatively
inexpensive learning experience about how important it is to Back Stuff
Up. If the Elcomsoft program can't recover your files, then you are SOL.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
 
Re: EFS Decryption - Lost Certificate

Hi!

Thanks for the quick response. I downloaded the trial version and
tried, but it stops ~56% into scanning C: drive for keys. Without
that, and even with my password (as I have come to expect by now :)),
it shows the files as not decrypt-able.
Guess I have to file this as a learning experience. Thankfully I had a
few of the files on a pen drive.

Thanks!

On Dec 28, 2:55 pm, Malke <notrea...@invalid.invalid> wrote:
> amitava.bhattachar...@gmail.com wrote:
> > Hi,
>
> > Sometime back, I had encrypted a folder on my hard drive. In between,
> > I changed my password. Obviously, I was denied access to those files
> > thereafter. So I went back and restored my previous password. Still, I
> > can't access the files. However, when I check Advanced Properties >
> > Encryption Attribute Details, my username is shown in the list of
> > users who have transparent access to the file(s). To add to my woes, I
> > didn't make a backup of the encryption certificate, and XP has no
> > default recovery agent, as I learned later.
> > Is there any way to recover these files? Or are they gone for good?
>
> You can check with Elcomsoft to see if their program can recover your
> encrypted files:
>
> http://www.elcomsoft.com/aefsdr.html
>
> If it can, pay for the program and chalk this one up to a relatively
> inexpensive learning experience about how important it is to Back Stuff
> Up. If the Elcomsoft program can't recover your files, then you are SOL.
>
> Malke
> --
> Elephant Boy Computerswww.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
 
Re: EFS Decryption - Lost Certificate

If you really have changed the password back to what it was,
in the same way (reset rather than change with providing of
the old and the new), then perhaps you just have an extra EFS
certificate that is now in the way.
If you start / run certmgr.msc and look in the Personal cert
store how many EFS certificates do you see?
If more than one then you need to get the newer one out of the way.
However, having a newer one means that you probably encrypted
something after you had changed the password (and that would now
be inaccessible due to the changed password). So, first you need
to figure what the newer cert controls access to and get that in the
clear unencrypted (change password back and then decrypt).
Then for safety export the newer certificate. After that, delete the
newer and change your password back to what was correct for
the older certificate.
In the future, change (not reset) your password so that this does
not happen.

Roger

<amitava.bhattacharyya@gmail.com> wrote in message
news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
> Hi,
>
> Sometime back, I had encrypted a folder on my hard drive. In between,
> I changed my password. Obviously, I was denied access to those files
> thereafter. So I went back and restored my previous password. Still, I
> can't access the files. However, when I check Advanced Properties >
> Encryption Attribute Details, my username is shown in the list of
> users who have transparent access to the file(s). To add to my woes, I
> didn't make a backup of the encryption certificate, and XP has no
> default recovery agent, as I learned later.
> Is there any way to recover these files? Or are they gone for good?
>
> TIA!
 
Re: EFS Decryption - Lost Certificate

The Personal Certificate Manager shows two certificates. efsinfo also
verifies that the currently installed key fingerprint is different
from the key fingerprint in the encrypted files. Since I hadn't
encrypted anything since that unfortunate episode, I exported the
newer certificate and deleted it. Then to be doubly sure, I went to
User Options (as far as I remember, I used the User Options last time
too) and changed my password (to what it already is), logged off, and
logged in. Still no success :(
Windows complains that the private key associated with the older
certificate can't be found. I guess that is the reason why I'm having
no success, although why this should be so is beyond me.
Thanks for the help!

On Dec 28, 8:42 pm, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
> If you really have changed the password back to what it was,
> in the same way (reset rather than change with providing of
> the old  and the new), then perhaps you just have an extra EFS
> certificate that is now in the way.
> If you start / run  certmgr.msc  and look in the Personal cert
> store how many EFS certificates do you see?
> If more than one then you need to get the newer one out of the way.
> However, having a newer one means that you probably encrypted
> something after you had changed the password (and that would now
> be inaccessible due to the changed password).  So, first you need
> to figure what the newer cert controls access to and get that in the
> clear unencrypted (change password back and then decrypt).
> Then for safety export the newer certificate.  After that, delete the
> newer and change your password back to what was correct for
> the older certificate.
> In the future, change (not reset) your password so that this does
> not happen.
>
> Roger
>
> <amitava.bhattachar...@gmail.com> wrote in message
>
> news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
>
> > Hi,
>
> > Sometime back, I had encrypted a folder on my hard drive. In between,
> > I changed my password. Obviously, I was denied access to those files
> > thereafter. So I went back and restored my previous password. Still, I
> > can't access the files. However, when I check Advanced Properties >
> > Encryption Attribute Details, my username is shown in the list of
> > users who have transparent access to the file(s). To add to my woes, I
> > didn't make a backup of the encryption certificate, and XP has no
> > default recovery agent, as I learned later.
> > Is there any way to recover these files? Or are they gone for good?
>
> > TIA!
 
Re: EFS Decryption - Lost Certificate

Since you have now established that the cert used does
match the fingerprint of the files, and since it is not likely
that you intentionally removed the private key, the message
seems to me to be indicating that the account password is
not right (i.e. not reset to what it was the last time something
was decrypted or the last time it was set via change with use
of the old pwd).


<amitava.bhattacharyya@gmail.com> wrote in message
news:e7837c40-2e4c-4daa-97fb-113c23f3f9d3@t1g2000pra.googlegroups.com...
The Personal Certificate Manager shows two certificates. efsinfo also
verifies that the currently installed key fingerprint is different
from the key fingerprint in the encrypted files. Since I hadn't
encrypted anything since that unfortunate episode, I exported the
newer certificate and deleted it. Then to be doubly sure, I went to
User Options (as far as I remember, I used the User Options last time
too) and changed my password (to what it already is), logged off, and
logged in. Still no success :(
Windows complains that the private key associated with the older
certificate can't be found. I guess that is the reason why I'm having
no success, although why this should be so is beyond me.
Thanks for the help!

On Dec 28, 8:42 pm, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
> If you really have changed the password back to what it was,
> in the same way (reset rather than change with providing of
> the old and the new), then perhaps you just have an extra EFS
> certificate that is now in the way.
> If you start / run certmgr.msc and look in the Personal cert
> store how many EFS certificates do you see?
> If more than one then you need to get the newer one out of the way.
> However, having a newer one means that you probably encrypted
> something after you had changed the password (and that would now
> be inaccessible due to the changed password). So, first you need
> to figure what the newer cert controls access to and get that in the
> clear unencrypted (change password back and then decrypt).
> Then for safety export the newer certificate. After that, delete the
> newer and change your password back to what was correct for
> the older certificate.
> In the future, change (not reset) your password so that this does
> not happen.
>
> Roger
>
> <amitava.bhattachar...@gmail.com> wrote in message
>
> news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
>
> > Hi,
>
> > Sometime back, I had encrypted a folder on my hard drive. In between,
> > I changed my password. Obviously, I was denied access to those files
> > thereafter. So I went back and restored my previous password. Still, I
> > can't access the files. However, when I check Advanced Properties >
> > Encryption Attribute Details, my username is shown in the list of
> > users who have transparent access to the file(s). To add to my woes, I
> > didn't make a backup of the encryption certificate, and XP has no
> > default recovery agent, as I learned later.
> > Is there any way to recover these files? Or are they gone for good?
>
> > TIA!
 
Re: EFS Decryption - Lost Certificate

Did any of the certificates in the certificate manager have a thumbprint
that matches the thumbprint reported by EFSINFO?
Brian

<amitava.bhattacharyya@gmail.com> wrote in message
news:e7837c40-2e4c-4daa-97fb-113c23f3f9d3@t1g2000pra.googlegroups.com...
The Personal Certificate Manager shows two certificates. efsinfo also
verifies that the currently installed key fingerprint is different
from the key fingerprint in the encrypted files. Since I hadn't
encrypted anything since that unfortunate episode, I exported the
newer certificate and deleted it. Then to be doubly sure, I went to
User Options (as far as I remember, I used the User Options last time
too) and changed my password (to what it already is), logged off, and
logged in. Still no success :(
Windows complains that the private key associated with the older
certificate can't be found. I guess that is the reason why I'm having
no success, although why this should be so is beyond me.
Thanks for the help!

On Dec 28, 8:42 pm, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
> If you really have changed the password back to what it was,
> in the same way (reset rather than change with providing of
> the old and the new), then perhaps you just have an extra EFS
> certificate that is now in the way.
> If you start / run certmgr.msc and look in the Personal cert
> store how many EFS certificates do you see?
> If more than one then you need to get the newer one out of the way.
> However, having a newer one means that you probably encrypted
> something after you had changed the password (and that would now
> be inaccessible due to the changed password). So, first you need
> to figure what the newer cert controls access to and get that in the
> clear unencrypted (change password back and then decrypt).
> Then for safety export the newer certificate. After that, delete the
> newer and change your password back to what was correct for
> the older certificate.
> In the future, change (not reset) your password so that this does
> not happen.
>
> Roger
>
> <amitava.bhattachar...@gmail.com> wrote in message
>
> news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
>
> > Hi,
>
> > Sometime back, I had encrypted a folder on my hard drive. In between,
> > I changed my password. Obviously, I was denied access to those files
> > thereafter. So I went back and restored my previous password. Still, I
> > can't access the files. However, when I check Advanced Properties >
> > Encryption Attribute Details, my username is shown in the list of
> > users who have transparent access to the file(s). To add to my woes, I
> > didn't make a backup of the encryption certificate, and XP has no
> > default recovery agent, as I learned later.
> > Is there any way to recover these files? Or are they gone for good?
>
> > TIA!
 
Re: EFS Decryption - Lost Certificate

Sorry for the late reply (year end celebrations :))!

Yes, the older certificate's thumbprint matches the thumbprint in the
encrypted files. When I double click on that certificate, in the
General Tab it says "You have a private key that corresponds to this
certificate." However, if I try to export it, I get the warning that
only the certificate can be exported, since the associated private key
can't be found.

Guess I am screwed :)

On Dec 29 2007, 10:37 pm, "Brian Komar"
<brian.ko...@nospam.identit.ca> wrote:
> Did any of the certificates in the certificate manager have a thumbprint
> that matches the thumbprint reported by EFSINFO?
> Brian
>
> <amitava.bhattachar...@gmail.com> wrote in message
>
> news:e7837c40-2e4c-4daa-97fb-113c23f3f9d3@t1g2000pra.googlegroups.com...
> The Personal Certificate Manager shows two certificates. efsinfo also
> verifies that the currently installed key fingerprint is different
> from the key fingerprint in the encrypted files. Since I hadn't
> encrypted anything since that unfortunate episode, I exported the
> newer certificate and deleted it. Then to be doubly sure, I went to
> User Options (as far as I remember, I used the User Options last time
> too) and changed my password (to what it already is), logged off, and
> logged in. Still no success :(
> Windows complains that the private key associated with the older
> certificate can't be found. I guess that is the reason why I'm having
> no success, although why this should be so is beyond me.
> Thanks for the help!
>
> On Dec 28, 8:42 pm, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
>
> > If you really have changed the password back to what it was,
> > in the same way (reset rather than change with providing of
> > the old and the new), then perhaps you just have an extra EFS
> > certificate that is now in the way.
> > If you start / run certmgr.msc and look in the Personal cert
> > store how many EFS certificates do you see?
> > If more than one then you need to get the newer one out of the way.
> > However, having a newer one means that you probably encrypted
> > something after you had changed the password (and that would now
> > be inaccessible due to the changed password). So, first you need
> > to figure what the newer cert controls access to and get that in the
> > clear unencrypted (change password back and then decrypt).
> > Then for safety export the newer certificate. After that, delete the
> > newer and change your password back to what was correct for
> > the older certificate.
> > In the future, change (not reset) your password so that this does
> > not happen.
>
> > Roger
>
> > <amitava.bhattachar...@gmail.com> wrote in message
>
> >news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
>
> > > Hi,
>
> > > Sometime back, I had encrypted a folder on my hard drive. In between,
> > > I changed my password. Obviously, I was denied access to those files
> > > thereafter. So I went back and restored my previous password. Still, I
> > > can't access the files. However, when I check Advanced Properties >
> > > Encryption Attribute Details, my username is shown in the list of
> > > users who have transparent access to the file(s). To add to my woes, I
> > > didn't make a backup of the encryption certificate, and XP has no
> > > default recovery agent, as I learned later.
> > > Is there any way to recover these files? Or are they gone for good?
>
> > > TIA!
 
Re: EFS Decryption - Lost Certificate

And yeah, a very happy new year!

On Jan 1, 1:19 am, amitava.bhattachar...@gmail.com wrote:
> Sorry for the late reply (year end celebrations :))!
>
> Yes, the older certificate's thumbprint matches the thumbprint in the
> encrypted files. When I double click on that certificate, in the
> General Tab it says "You have a private key that corresponds to this
> certificate." However, if I try to export it, I get the warning that
> only the certificate can be exported, since the associated private key
> can't be found.
>
> Guess I am screwed :)
>
> On Dec 29 2007, 10:37 pm, "Brian Komar"
>
> <brian.ko...@nospam.identit.ca> wrote:
> > Did any of the certificates in the certificate manager have a thumbprint
> > that matches the thumbprint reported by EFSINFO?
> > Brian
>
> > <amitava.bhattachar...@gmail.com> wrote in message
>
> >news:e7837c40-2e4c-4daa-97fb-113c23f3f9d3@t1g2000pra.googlegroups.com...
> > The Personal Certificate Manager shows two certificates. efsinfo also
> > verifies that the currently installed key fingerprint is different
> > from the key fingerprint in the encrypted files. Since I hadn't
> > encrypted anything since that unfortunate episode, I exported the
> > newer certificate and deleted it. Then to be doubly sure, I went to
> > User Options (as far as I remember, I used the User Options last time
> > too) and changed my password (to what it already is), logged off, and
> > logged in. Still no success :(
> > Windows complains that the private key associated with the older
> > certificate can't be found. I guess that is the reason why I'm having
> > no success, although why this should be so is beyond me.
> > Thanks for the help!
>
> > On Dec 28, 8:42 pm, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
>
> > > If you really have changed the password back to what it was,
> > > in the same way (reset rather than change with providing of
> > > the old and the new), then perhaps you just have an extra EFS
> > > certificate that is now in the way.
> > > If you start / run certmgr.msc and look in the Personal cert
> > > store how many EFS certificates do you see?
> > > If more than one then you need to get the newer one out of the way.
> > > However, having a newer one means that you probably encrypted
> > > something after you had changed the password (and that would now
> > > be inaccessible due to the changed password). So, first you need
> > > to figure what the newer cert controls access to and get that in the
> > > clear unencrypted (change password back and then decrypt).
> > > Then for safety export the newer certificate. After that, delete the
> > > newer and change your password back to what was correct for
> > > the older certificate.
> > > In the future, change (not reset) your password so that this does
> > > not happen.
>
> > > Roger
>
> > > <amitava.bhattachar...@gmail.com> wrote in message
>
> > >news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
>
> > > > Hi,
>
> > > > Sometime back, I had encrypted a folder on my hard drive. In between,
> > > > I changed my password. Obviously, I was denied access to those files
> > > > thereafter. So I went back and restored my previous password. Still, I
> > > > can't access the files. However, when I check Advanced Properties >
> > > > Encryption Attribute Details, my username is shown in the list of
> > > > users who have transparent access to the file(s). To add to my woes, I
> > > > didn't make a backup of the encryption certificate, and XP has no
> > > > default recovery agent, as I learned later.
> > > > Is there any way to recover these files? Or are they gone for good?
>
> > > > TIA!
 

Similar threads

A
All files encrypted by .vyb extension
Replies
0
Views
171
AnandKumar_9
A
O
Windows 10 EFS encryption - general question
Replies
0
Views
87
oddstan
O
P
Login, AES Encryption and Decryption with SQL Server and Visual Studio C#
Replies
0
Views
275
paoloam.roxas
P
B
Windows 10 Bitlocker decryption paused at 73.1% and stuck
Replies
0
Views
212
Bacinsky
B
H
Windows 10 How to decrypt EFS encrypted folder in window 10 after deleting and installing window 10 and also lossed certificate and password?
Replies
0
Views
108
HF 1_
H
Back
Top