Suddenly cannot access encrypted files

C

Camp Goodrich

I am using Windows Vista Business SP2.


I encrypt many finance-related files--Quicken files, spreadsheets, statements, etc. I could access all these files yesterday until yesterday evening when I attempted an upgrade of Quicken. It failed a couple times, but I finally got it to upgrade. After that, I could no longer open any of my encrypted files, including the Quicken files.


Bear with me while I provide all the detail that I have.


When I first used encryption back in 2010, I created backups of the certificates for my user account (Jim), where I store the files, and the Administrator account.


When I look at the certificates in the Jim certificate store, I see two EFS certificates. One dates back to 2010. The other dates to yesterday. Windows nagged me to create a backup of the EFS certificate (presumably the new one), which I did do. When I attempt to back up the old Jim certificate, I can't include the private key--Windows says it is missing. The private key is not missing from the new Jim certificate. I attempted to restore the backup of the old Jim certificate but (worst luck!) I can't remember or find any record of the password for the .pfx file.


Using the crypt command on a sample file, I get the following information:


C:\Users\Jim\Documents\financial>cipher /c "investment comparison.xls"

Listing C:\Users\Jim\Documents\financial\
New files added to this directory will be encrypted.

E investment comparison.xls
Users who can decrypt:
Ramsey\Jim [Jim(Jim@Ramsey)]
Certificate thumbprint: 944B 1E10 65BA 82B0 6905 BF93 BDFB 107C 9F6F 4761

Recovery Agents:
Administrator
Certificate thumbprint: 3CDD E687 124A FB75 3FAC 5B4A 9E14 3A7A 9F7B 00E4

Key information cannot be retrieved.

The specified file could not be decrypted.

C:\Users\Jim\Documents\financial>


The certificate thumbprint for Jim matches the old Jim certificate in the certificate store.


Seeing the recovery agent certificate for Administrator gave me hope. Unfortunately, the thumbprint for that certificate does NOT match the thumbprint for the Administrator EFS certificate in the Administrator certificate store (which dates to 2010), and I was not able to decrypt the file when logged in as Administrator.


Accessing encrypted files is not my only problem. All of a sudden I can't start Outlook under my Jim account. Outlook can't open my OST file. The file is not encrypted. I am able to access the file by running scanpst on it.


I suspect registry corruption due to the failed Quicken upgrades. I have tried running System Restore on successively earlier restore points, all created before the problem started. This does not fix the problem or even remove the newly-created Jim certificate.


Any suggestions? As you can imagine, the financial files are very important.


Thanks.

Continue reading...
 
Back
Top Bottom