encryption--I have the 'key' but can't open the 'lock'

Discussion in 'Windows XP Security' started by Guest, Nov 21, 2005.

  1. Guest

    Guest Guest

    I'm having a fight with encryption . . . I have the certificate and matching
    key for the encrypted files. I select a file, right-click 'properties', click
    'advanced', unselect 'encrypt', and get an "Error 5" message.

    Initially I was getting a message telling me that the certificate was not in
    the "Trusted Root Certification Store", so I added the requisite 'snap-in',
    exported the certificate from Console Root\Certificates - Local
    Computer\Trusted People\Certificates and imported it to Console
    Root\Certificates - Local Computer\Trusted Root Certification
    Authorities\Certificates. The red 'x' that was on the certificate (found by
    double-clicking the Certificate, on the General tab) disappeared. The
    certificate "is intended for the following purpose(s): allows data on disk to
    be encrypted; all issuance policies."

    I was elated with my progress! Until I tried to unencrypt again . . . I
    right-click a file, click 'properties', click 'advanced', and click
    'details', but my certificate is not listed among the "Users who can
    transparently access this file"--there's only User(User@DIRECTOR). I click
    "Add" and my key appears in the "select the user's certificate with whom you
    want to share the access" window, I select it and click OK and it is added to
    the "Users who can transparently access this file" window. I click OK and get
    the EFSADU error "Error in adding new user(s). Error code 5."

    Is there any way to set my key as the 'default' certificate (so that it
    would show up in the "Users who can transparently access this file" list)? If
    not, is there another folder in the Certificates console that my certificate
    should be imported into so that it can be "added"?

    Thanks for your help,

    Paul

    PS I've got 'ownership' rights to all the folders in question, so I don't
    think that's the issue.
    PPS The Administrator 'User account' name has been changed since the files
    were encrypted. Would that have any affect?
     
    Guest, Nov 21, 2005
    #1
    1. Advertisements

  2. Guest

    Guest Guest

    If you have it, import the .pfx file for "User(User@DIRECTOR)" into your
    Personal certificates store and that will give you access to the file. Since
    the User@DIRECTOR certificate is the only certificate listed on the file, you
    must have that certificate installed in order to decrypt the file. The .pfx
    file will have both the certificate and decryption key.

    Thanks.
    Pat
    --
    This posting is provided "AS IS" with no warranties, and confers no rights.


    "stumped" wrote:

    > I'm having a fight with encryption . . . I have the certificate and matching
    > key for the encrypted files. I select a file, right-click 'properties', click
    > 'advanced', unselect 'encrypt', and get an "Error 5" message.
    >
    > Initially I was getting a message telling me that the certificate was not in
    > the "Trusted Root Certification Store", so I added the requisite 'snap-in',
    > exported the certificate from Console Root\Certificates - Local
    > Computer\Trusted People\Certificates and imported it to Console
    > Root\Certificates - Local Computer\Trusted Root Certification
    > Authorities\Certificates. The red 'x' that was on the certificate (found by
    > double-clicking the Certificate, on the General tab) disappeared. The
    > certificate "is intended for the following purpose(s): allows data on disk to
    > be encrypted; all issuance policies."
    >
    > I was elated with my progress! Until I tried to unencrypt again . . . I
    > right-click a file, click 'properties', click 'advanced', and click
    > 'details', but my certificate is not listed among the "Users who can
    > transparently access this file"--there's only User(User@DIRECTOR). I click
    > "Add" and my key appears in the "select the user's certificate with whom you
    > want to share the access" window, I select it and click OK and it is added to
    > the "Users who can transparently access this file" window. I click OK and get
    > the EFSADU error "Error in adding new user(s). Error code 5."
    >
    > Is there any way to set my key as the 'default' certificate (so that it
    > would show up in the "Users who can transparently access this file" list)? If
    > not, is there another folder in the Certificates console that my certificate
    > should be imported into so that it can be "added"?
    >
    > Thanks for your help,
    >
    > Paul
    >
    > PS I've got 'ownership' rights to all the folders in question, so I don't
    > think that's the issue.
    > PPS The Administrator 'User account' name has been changed since the files
    > were encrypted. Would that have any affect?
     
    Guest, Nov 22, 2005
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Actually, it's the OTHER certificate that I want to be recognised. I don't
    really care about the "User(User@DIRECTOR)" one, since the files were not
    encrypted with it. They WERE encrypted with my certificate, but now I cannot
    add mine to the list of 'users who can transparently access files' without
    getting "Error 5" . . . Thanks for trying, though,

    Paul


    "Pat Hoffer [MSFT]" wrote:

    > If you have it, import the .pfx file for "User(User@DIRECTOR)" into your
    > Personal certificates store and that will give you access to the file. Since
    > the User@DIRECTOR certificate is the only certificate listed on the file, you
    > must have that certificate installed in order to decrypt the file. The .pfx
    > file will have both the certificate and decryption key.
    >
    > Thanks.
    > Pat
    > --
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    > "stumped" wrote:
    >
    > > I'm having a fight with encryption . . . I have the certificate and matching
    > > key for the encrypted files. I select a file, right-click 'properties', click
    > > 'advanced', unselect 'encrypt', and get an "Error 5" message.
    > >
    > > Initially I was getting a message telling me that the certificate was not in
    > > the "Trusted Root Certification Store", so I added the requisite 'snap-in',
    > > exported the certificate from Console Root\Certificates - Local
    > > Computer\Trusted People\Certificates and imported it to Console
    > > Root\Certificates - Local Computer\Trusted Root Certification
    > > Authorities\Certificates. The red 'x' that was on the certificate (found by
    > > double-clicking the Certificate, on the General tab) disappeared. The
    > > certificate "is intended for the following purpose(s): allows data on disk to
    > > be encrypted; all issuance policies."
    > >
    > > I was elated with my progress! Until I tried to unencrypt again . . . I
    > > right-click a file, click 'properties', click 'advanced', and click
    > > 'details', but my certificate is not listed among the "Users who can
    > > transparently access this file"--there's only User(User@DIRECTOR). I click
    > > "Add" and my key appears in the "select the user's certificate with whom you
    > > want to share the access" window, I select it and click OK and it is added to
    > > the "Users who can transparently access this file" window. I click OK and get
    > > the EFSADU error "Error in adding new user(s). Error code 5."
    > >
    > > Is there any way to set my key as the 'default' certificate (so that it
    > > would show up in the "Users who can transparently access this file" list)? If
    > > not, is there another folder in the Certificates console that my certificate
    > > should be imported into so that it can be "added"?
    > >
    > > Thanks for your help,
    > >
    > > Paul
    > >
    > > PS I've got 'ownership' rights to all the folders in question, so I don't
    > > think that's the issue.
    > > PPS The Administrator 'User account' name has been changed since the files
    > > were encrypted. Would that have any affect?
     
    Guest, Nov 23, 2005
    #3
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shaik Mahabu SUbhani

    Exception while installing passport encryption key

    Shaik Mahabu SUbhani, Sep 9, 2003, in forum: Windows XP Security
    Replies:
    0
    Views:
    179
    Shaik Mahabu SUbhani
    Sep 9, 2003
  2. Mikal Rabanus

    XP Pro Encryption [Private Key Export]

    Mikal Rabanus, Feb 18, 2004, in forum: Windows XP Security
    Replies:
    2
    Views:
    212
    Drew Cooper [MSFT]
    Feb 20, 2004
  3. Guest

    ENCRYPTION KEY DISK - LOST DATA

    Guest, Jul 28, 2004, in forum: Windows XP Security
    Replies:
    8
    Views:
    230
    Guest
    Jul 29, 2004
  4. encryption key

    , Sep 22, 2004, in forum: Windows XP Security
    Replies:
    1
    Views:
    208
    Lanwench [MVP - Exchange]
    Sep 22, 2004
  5. Guest

    Find Encryption Key File

    Guest, Apr 11, 2006, in forum: Windows XP Security
    Replies:
    5
    Views:
    432
    Steven L Umbach
    Apr 18, 2006
Loading...

Share This Page