EFS Decryption - Lost Certificate

  • Thread starter amitava.bhattacharyya@gmail.com
  • Start date
A

amitava.bhattacharyya@gmail.com

Hi,

Sometime back, I had encrypted a folder on my hard drive. In between,
I changed my password. Obviously, I was denied access to those files
thereafter. So I went back and restored my previous password. Still, I
can't access the files. However, when I check Advanced Properties >
Encryption Attribute Details, my username is shown in the list of
users who have transparent access to the file(s). To add to my woes, I
didn't make a backup of the encryption certificate, and XP has no
default recovery agent, as I learned later.
Is there any way to recover these files? Or are they gone for good?

TIA!
 
M

Malke

amitava.bhattacharyya@gmail.com wrote:
> Hi,
>
> Sometime back, I had encrypted a folder on my hard drive. In between,
> I changed my password. Obviously, I was denied access to those files
> thereafter. So I went back and restored my previous password. Still, I
> can't access the files. However, when I check Advanced Properties >
> Encryption Attribute Details, my username is shown in the list of
> users who have transparent access to the file(s). To add to my woes, I
> didn't make a backup of the encryption certificate, and XP has no
> default recovery agent, as I learned later.
> Is there any way to recover these files? Or are they gone for good?

You can check with Elcomsoft to see if their program can recover your
encrypted files:

http://www.elcomsoft.com/aefsdr.html

If it can, pay for the program and chalk this one up to a relatively
inexpensive learning experience about how important it is to Back Stuff
Up. If the Elcomsoft program can't recover your files, then you are SOL.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
 
A

amitava.bhattacharyya@gmail.com

Hi!

Thanks for the quick response. I downloaded the trial version and
tried, but it stops ~56% into scanning C: drive for keys. Without
that, and even with my password (as I have come to expect by now :)),
it shows the files as not decrypt-able.
Guess I have to file this as a learning experience. Thankfully I had a
few of the files on a pen drive.

Thanks!

On Dec 28, 2:55 pm, Malke <notrea...@invalid.invalid> wrote:
> amitava.bhattachar...@gmail.com wrote:
> > Hi,
>
> > Sometime back, I had encrypted a folder on my hard drive. In between,
> > I changed my password. Obviously, I was denied access to those files
> > thereafter. So I went back and restored my previous password. Still, I
> > can't access the files. However, when I check Advanced Properties >
> > Encryption Attribute Details, my username is shown in the list of
> > users who have transparent access to the file(s). To add to my woes, I
> > didn't make a backup of the encryption certificate, and XP has no
> > default recovery agent, as I learned later.
> > Is there any way to recover these files? Or are they gone for good?
>
> You can check with Elcomsoft to see if their program can recover your
> encrypted files:
>
> http://www.elcomsoft.com/aefsdr.html
>
> If it can, pay for the program and chalk this one up to a relatively
> inexpensive learning experience about how important it is to Back Stuff
> Up. If the Elcomsoft program can't recover your files, then you are SOL.
>
> Malke
> --
> Elephant Boy Computerswww.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
 
R

Roger Abell [MVP]

If you really have changed the password back to what it was,
in the same way (reset rather than change with providing of
the old and the new), then perhaps you just have an extra EFS
certificate that is now in the way.
If you start / run certmgr.msc and look in the Personal cert
store how many EFS certificates do you see?
If more than one then you need to get the newer one out of the way.
However, having a newer one means that you probably encrypted
something after you had changed the password (and that would now
be inaccessible due to the changed password). So, first you need
to figure what the newer cert controls access to and get that in the
clear unencrypted (change password back and then decrypt).
Then for safety export the newer certificate. After that, delete the
newer and change your password back to what was correct for
the older certificate.
In the future, change (not reset) your password so that this does
not happen.

Roger

<amitava.bhattacharyya@gmail.com> wrote in message
news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
> Hi,
>
> Sometime back, I had encrypted a folder on my hard drive. In between,
> I changed my password. Obviously, I was denied access to those files
> thereafter. So I went back and restored my previous password. Still, I
> can't access the files. However, when I check Advanced Properties >
> Encryption Attribute Details, my username is shown in the list of
> users who have transparent access to the file(s). To add to my woes, I
> didn't make a backup of the encryption certificate, and XP has no
> default recovery agent, as I learned later.
> Is there any way to recover these files? Or are they gone for good?
>
> TIA!
 
A

amitava.bhattacharyya@gmail.com

The Personal Certificate Manager shows two certificates. efsinfo also
verifies that the currently installed key fingerprint is different
from the key fingerprint in the encrypted files. Since I hadn't
encrypted anything since that unfortunate episode, I exported the
newer certificate and deleted it. Then to be doubly sure, I went to
User Options (as far as I remember, I used the User Options last time
too) and changed my password (to what it already is), logged off, and
logged in. Still no success :(
Windows complains that the private key associated with the older
certificate can't be found. I guess that is the reason why I'm having
no success, although why this should be so is beyond me.
Thanks for the help!

On Dec 28, 8:42 pm, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
> If you really have changed the password back to what it was,
> in the same way (reset rather than change with providing of
> the old  and the new), then perhaps you just have an extra EFS
> certificate that is now in the way.
> If you start / run  certmgr.msc  and look in the Personal cert
> store how many EFS certificates do you see?
> If more than one then you need to get the newer one out of the way.
> However, having a newer one means that you probably encrypted
> something after you had changed the password (and that would now
> be inaccessible due to the changed password).  So, first you need
> to figure what the newer cert controls access to and get that in the
> clear unencrypted (change password back and then decrypt).
> Then for safety export the newer certificate.  After that, delete the
> newer and change your password back to what was correct for
> the older certificate.
> In the future, change (not reset) your password so that this does
> not happen.
>
> Roger
>
> <amitava.bhattachar...@gmail.com> wrote in message
>
> news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
>
> > Hi,
>
> > Sometime back, I had encrypted a folder on my hard drive. In between,
> > I changed my password. Obviously, I was denied access to those files
> > thereafter. So I went back and restored my previous password. Still, I
> > can't access the files. However, when I check Advanced Properties >
> > Encryption Attribute Details, my username is shown in the list of
> > users who have transparent access to the file(s). To add to my woes, I
> > didn't make a backup of the encryption certificate, and XP has no
> > default recovery agent, as I learned later.
> > Is there any way to recover these files? Or are they gone for good?
>
> > TIA!
 
R

Roger Abell [MVP]

Since you have now established that the cert used does
match the fingerprint of the files, and since it is not likely
that you intentionally removed the private key, the message
seems to me to be indicating that the account password is
not right (i.e. not reset to what it was the last time something
was decrypted or the last time it was set via change with use
of the old pwd).


<amitava.bhattacharyya@gmail.com> wrote in message
news:e7837c40-2e4c-4daa-97fb-113c23f3f9d3@t1g2000pra.googlegroups.com...
The Personal Certificate Manager shows two certificates. efsinfo also
verifies that the currently installed key fingerprint is different
from the key fingerprint in the encrypted files. Since I hadn't
encrypted anything since that unfortunate episode, I exported the
newer certificate and deleted it. Then to be doubly sure, I went to
User Options (as far as I remember, I used the User Options last time
too) and changed my password (to what it already is), logged off, and
logged in. Still no success :(
Windows complains that the private key associated with the older
certificate can't be found. I guess that is the reason why I'm having
no success, although why this should be so is beyond me.
Thanks for the help!

On Dec 28, 8:42 pm, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
> If you really have changed the password back to what it was,
> in the same way (reset rather than change with providing of
> the old and the new), then perhaps you just have an extra EFS
> certificate that is now in the way.
> If you start / run certmgr.msc and look in the Personal cert
> store how many EFS certificates do you see?
> If more than one then you need to get the newer one out of the way.
> However, having a newer one means that you probably encrypted
> something after you had changed the password (and that would now
> be inaccessible due to the changed password). So, first you need
> to figure what the newer cert controls access to and get that in the
> clear unencrypted (change password back and then decrypt).
> Then for safety export the newer certificate. After that, delete the
> newer and change your password back to what was correct for
> the older certificate.
> In the future, change (not reset) your password so that this does
> not happen.
>
> Roger
>
> <amitava.bhattachar...@gmail.com> wrote in message
>
> news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
>
> > Hi,
>
> > Sometime back, I had encrypted a folder on my hard drive. In between,
> > I changed my password. Obviously, I was denied access to those files
> > thereafter. So I went back and restored my previous password. Still, I
> > can't access the files. However, when I check Advanced Properties >
> > Encryption Attribute Details, my username is shown in the list of
> > users who have transparent access to the file(s). To add to my woes, I
> > didn't make a backup of the encryption certificate, and XP has no
> > default recovery agent, as I learned later.
> > Is there any way to recover these files? Or are they gone for good?
>
> > TIA!
 
B

Brian Komar

Did any of the certificates in the certificate manager have a thumbprint
that matches the thumbprint reported by EFSINFO?
Brian

<amitava.bhattacharyya@gmail.com> wrote in message
news:e7837c40-2e4c-4daa-97fb-113c23f3f9d3@t1g2000pra.googlegroups.com...
The Personal Certificate Manager shows two certificates. efsinfo also
verifies that the currently installed key fingerprint is different
from the key fingerprint in the encrypted files. Since I hadn't
encrypted anything since that unfortunate episode, I exported the
newer certificate and deleted it. Then to be doubly sure, I went to
User Options (as far as I remember, I used the User Options last time
too) and changed my password (to what it already is), logged off, and
logged in. Still no success :(
Windows complains that the private key associated with the older
certificate can't be found. I guess that is the reason why I'm having
no success, although why this should be so is beyond me.
Thanks for the help!

On Dec 28, 8:42 pm, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
> If you really have changed the password back to what it was,
> in the same way (reset rather than change with providing of
> the old and the new), then perhaps you just have an extra EFS
> certificate that is now in the way.
> If you start / run certmgr.msc and look in the Personal cert
> store how many EFS certificates do you see?
> If more than one then you need to get the newer one out of the way.
> However, having a newer one means that you probably encrypted
> something after you had changed the password (and that would now
> be inaccessible due to the changed password). So, first you need
> to figure what the newer cert controls access to and get that in the
> clear unencrypted (change password back and then decrypt).
> Then for safety export the newer certificate. After that, delete the
> newer and change your password back to what was correct for
> the older certificate.
> In the future, change (not reset) your password so that this does
> not happen.
>
> Roger
>
> <amitava.bhattachar...@gmail.com> wrote in message
>
> news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
>
> > Hi,
>
> > Sometime back, I had encrypted a folder on my hard drive. In between,
> > I changed my password. Obviously, I was denied access to those files
> > thereafter. So I went back and restored my previous password. Still, I
> > can't access the files. However, when I check Advanced Properties >
> > Encryption Attribute Details, my username is shown in the list of
> > users who have transparent access to the file(s). To add to my woes, I
> > didn't make a backup of the encryption certificate, and XP has no
> > default recovery agent, as I learned later.
> > Is there any way to recover these files? Or are they gone for good?
>
> > TIA!
 
A

amitava.bhattacharyya@gmail.com

Sorry for the late reply (year end celebrations :))!

Yes, the older certificate's thumbprint matches the thumbprint in the
encrypted files. When I double click on that certificate, in the
General Tab it says "You have a private key that corresponds to this
certificate." However, if I try to export it, I get the warning that
only the certificate can be exported, since the associated private key
can't be found.

Guess I am screwed :)

On Dec 29 2007, 10:37 pm, "Brian Komar"
<brian.ko...@nospam.identit.ca> wrote:
> Did any of the certificates in the certificate manager have a thumbprint
> that matches the thumbprint reported by EFSINFO?
> Brian
>
> <amitava.bhattachar...@gmail.com> wrote in message
>
> news:e7837c40-2e4c-4daa-97fb-113c23f3f9d3@t1g2000pra.googlegroups.com...
> The Personal Certificate Manager shows two certificates. efsinfo also
> verifies that the currently installed key fingerprint is different
> from the key fingerprint in the encrypted files. Since I hadn't
> encrypted anything since that unfortunate episode, I exported the
> newer certificate and deleted it. Then to be doubly sure, I went to
> User Options (as far as I remember, I used the User Options last time
> too) and changed my password (to what it already is), logged off, and
> logged in. Still no success :(
> Windows complains that the private key associated with the older
> certificate can't be found. I guess that is the reason why I'm having
> no success, although why this should be so is beyond me.
> Thanks for the help!
>
> On Dec 28, 8:42 pm, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
>
> > If you really have changed the password back to what it was,
> > in the same way (reset rather than change with providing of
> > the old and the new), then perhaps you just have an extra EFS
> > certificate that is now in the way.
> > If you start / run certmgr.msc and look in the Personal cert
> > store how many EFS certificates do you see?
> > If more than one then you need to get the newer one out of the way.
> > However, having a newer one means that you probably encrypted
> > something after you had changed the password (and that would now
> > be inaccessible due to the changed password). So, first you need
> > to figure what the newer cert controls access to and get that in the
> > clear unencrypted (change password back and then decrypt).
> > Then for safety export the newer certificate. After that, delete the
> > newer and change your password back to what was correct for
> > the older certificate.
> > In the future, change (not reset) your password so that this does
> > not happen.
>
> > Roger
>
> > <amitava.bhattachar...@gmail.com> wrote in message
>
> >news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
>
> > > Hi,
>
> > > Sometime back, I had encrypted a folder on my hard drive. In between,
> > > I changed my password. Obviously, I was denied access to those files
> > > thereafter. So I went back and restored my previous password. Still, I
> > > can't access the files. However, when I check Advanced Properties >
> > > Encryption Attribute Details, my username is shown in the list of
> > > users who have transparent access to the file(s). To add to my woes, I
> > > didn't make a backup of the encryption certificate, and XP has no
> > > default recovery agent, as I learned later.
> > > Is there any way to recover these files? Or are they gone for good?
>
> > > TIA!
 
A

amitava.bhattacharyya@gmail.com

And yeah, a very happy new year!

On Jan 1, 1:19 am, amitava.bhattachar...@gmail.com wrote:
> Sorry for the late reply (year end celebrations :))!
>
> Yes, the older certificate's thumbprint matches the thumbprint in the
> encrypted files. When I double click on that certificate, in the
> General Tab it says "You have a private key that corresponds to this
> certificate." However, if I try to export it, I get the warning that
> only the certificate can be exported, since the associated private key
> can't be found.
>
> Guess I am screwed :)
>
> On Dec 29 2007, 10:37 pm, "Brian Komar"
>
> <brian.ko...@nospam.identit.ca> wrote:
> > Did any of the certificates in the certificate manager have a thumbprint
> > that matches the thumbprint reported by EFSINFO?
> > Brian
>
> > <amitava.bhattachar...@gmail.com> wrote in message
>
> >news:e7837c40-2e4c-4daa-97fb-113c23f3f9d3@t1g2000pra.googlegroups.com...
> > The Personal Certificate Manager shows two certificates. efsinfo also
> > verifies that the currently installed key fingerprint is different
> > from the key fingerprint in the encrypted files. Since I hadn't
> > encrypted anything since that unfortunate episode, I exported the
> > newer certificate and deleted it. Then to be doubly sure, I went to
> > User Options (as far as I remember, I used the User Options last time
> > too) and changed my password (to what it already is), logged off, and
> > logged in. Still no success :(
> > Windows complains that the private key associated with the older
> > certificate can't be found. I guess that is the reason why I'm having
> > no success, although why this should be so is beyond me.
> > Thanks for the help!
>
> > On Dec 28, 8:42 pm, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
>
> > > If you really have changed the password back to what it was,
> > > in the same way (reset rather than change with providing of
> > > the old and the new), then perhaps you just have an extra EFS
> > > certificate that is now in the way.
> > > If you start / run certmgr.msc and look in the Personal cert
> > > store how many EFS certificates do you see?
> > > If more than one then you need to get the newer one out of the way.
> > > However, having a newer one means that you probably encrypted
> > > something after you had changed the password (and that would now
> > > be inaccessible due to the changed password). So, first you need
> > > to figure what the newer cert controls access to and get that in the
> > > clear unencrypted (change password back and then decrypt).
> > > Then for safety export the newer certificate. After that, delete the
> > > newer and change your password back to what was correct for
> > > the older certificate.
> > > In the future, change (not reset) your password so that this does
> > > not happen.
>
> > > Roger
>
> > > <amitava.bhattachar...@gmail.com> wrote in message
>
> > >news:566b4e3c-aa00-4209-9b28-3dd93588fa85@s12g2000prg.googlegroups.com...
>
> > > > Hi,
>
> > > > Sometime back, I had encrypted a folder on my hard drive. In between,
> > > > I changed my password. Obviously, I was denied access to those files
> > > > thereafter. So I went back and restored my previous password. Still, I
> > > > can't access the files. However, when I check Advanced Properties >
> > > > Encryption Attribute Details, my username is shown in the list of
> > > > users who have transparent access to the file(s). To add to my woes, I
> > > > didn't make a backup of the encryption certificate, and XP has no
> > > > default recovery agent, as I learned later.
> > > > Is there any way to recover these files? Or are they gone for good?
>
> > > > TIA!
 
You must log in or register to reply here.

Similar threads

J
Encrypted Files moved to FAT32 Data Locker/Iron Key drive inaccessible
Replies
0
Views
20
JamesMeaney
J
Y
How to access Bitlocker encrypted files after Win11 system resest?
Replies
0
Views
52
Yupeng Wang
Y
S
How do I decrypt files without the certificate?
Replies
0
Views
49
SunBen
S
J
Poweroutage during Bitlocker decryption, now I cannot access the drive, any ideas?
Replies
0
Views
32
Jon Torstein Bakken
J
J
Bitlocker asking for password on each boot / restart
Replies
0
Views
33
James_humphrey1981
J
Back
Top Bottom