can't copy encrypted files

[arkein]

Hello,

Is there any way to copy or decrypt encrypted files if I've got the
encryption key and can access the HD contents but I'm not the designated
decryption agent and can't log on to the account that owns the encrypted
files?

I can't log on to windows in normal or safe mode because of a corrupt boot
volume. running chkdsk, fixboot and fixmbr in the recovery console did not
fix the problem, so no way to log in to my account.

I can access my hard disk contents by running ubuntu live cd. I have even
set up a network between the faulty machine running ubuntu, as server, and
another machine running XP. But I can't access or copy the encrypted files
either in ubuntu or through the network from the client machine running XP. I
get an access denied message.

I've tried taking ownership of the files from the client, but access is
still denied. I've tried backing the files up to the client using the windows
backup application from the client, but access is still denied.

I can't run the cipher command to decrypt the files since I can't log on to
my account even in safe mode with command prompt. The blue screen of death
gets me first. I can only log on with my password using recovery console, but
for some stupid reason, recovery console does not allow cipher commands...

the irony is that I have the encryption certificate backed up in the client
machine!

All I want to do is copy my encrypted files over to the client machine and
decrypt themthere using my key.

Any suggestions?

Thanks in advance.
arkein

 

[David H. Lipman]

From: "arkein" <[email protected]>

| Hello,

| Is there any way to copy or decrypt encrypted files if I've got the
| encryption key and can access the HD contents but I'm not the designated
| decryption agent and can't log on to the account that owns the encrypted
| files?

| I can't log on to windows in normal or safe mode because of a corrupt boot
| volume. running chkdsk, fixboot and fixmbr in the recovery console did not
| fix the problem, so no way to log in to my account.

| I can access my hard disk contents by running ubuntu live cd. I have even
| set up a network between the faulty machine running ubuntu, as server, and
| another machine running XP. But I can't access or copy the encrypted files
| either in ubuntu or through the network from the client machine running XP. I
| get an access denied message.

| I've tried taking ownership of the files from the client, but access is
| still denied. I've tried backing the files up to the client using the windows
| backup application from the client, but access is still denied.

| I can't run the cipher command to decrypt the files since I can't log on to
| my account even in safe mode with command prompt. The blue screen of death
| gets me first. I can only log on with my password using recovery console, but
| for some stupid reason, recovery console does not allow cipher commands...

| the irony is that I have the encryption certificate backed up in the client
| machine!

| All I want to do is copy my encrypted files over to the client machine and
| decrypt themthere using my key.

| Any suggestions?

| Thanks in advance.
| arkein

Here is my suggestion...

Put the drive in a USB enclosure that is either USB to SATA or USB to IDE [depending on
the hard disk type].

Have the user who owns the Encryption Certificate logon to the replacement PC making sure
that that user is using the same Encryption Certificate that was used to encrypt the
files.

Connect the drive enclosure, with the affected hard disk, to the USB port of the
repacement PC and through the user's account transfer the files over to that user's
profile.

 

[arkein]

Thanks Dave (if I may),

I've been thinking that slaving the HD to the other machine as you suggest
might be the only solution left, unless a miracle happens and I somehow
manage to log on.

I did manage a miraculous logon yesterday after manually replacing my
registry files with recovery backups and an interrupted 10 hour chkdsk scan,
during which I was able to decrypt a good number of files, but that ugly BSOD
came back to haunt me again and won't let me back in. I think my HD might be
dying.

Oh well, maybe I'll just sacrifice those last files to the evil blue XP
demon and format the HD hoping its not a hardware failure...

From: "arkein" <[email protected]>

| Hello,

| Is there any way to copy or decrypt encrypted files if I've got the
| encryption key and can access the HD contents but I'm not the designated
| decryption agent and can't log on to the account that owns the encrypted
| files?

| I can't log on to windows in normal or safe mode because of a corrupt boot
| volume. running chkdsk, fixboot and fixmbr in the recovery console did not
| fix the problem, so no way to log in to my account.

| I can access my hard disk contents by running ubuntu live cd. I have even
| set up a network between the faulty machine running ubuntu, as server, and
| another machine running XP. But I can't access or copy the encrypted files
| either in ubuntu or through the network from the client machine running XP. I
| get an access denied message.

| I've tried taking ownership of the files from the client, but access is
| still denied. I've tried backing the files up to the client using the windows
| backup application from the client, but access is still denied.

| I can't run the cipher command to decrypt the files since I can't log on to
| my account even in safe mode with command prompt. The blue screen of death
| gets me first. I can only log on with my password using recovery console, but
| for some stupid reason, recovery console does not allow cipher commands...

| the irony is that I have the encryption certificate backed up in the client
| machine!

| All I want to do is copy my encrypted files over to the client machine and
| decrypt themthere using my key.

| Any suggestions?

| Thanks in advance.
| arkein

Here is my suggestion...

Put the drive in a USB enclosure that is either USB to SATA or USB to IDE [depending on
the hard disk type].

Have the user who owns the Encryption Certificate logon to the replacement PC making sure
that that user is using the same Encryption Certificate that was used to encrypt the
files.

Connect the drive enclosure, with the affected hard disk, to the USB port of the
repacement PC and through the user's account transfer the files over to that user's
profile.

 

[Twayne]

Hello,

Is there any way to copy or decrypt encrypted files if I've got the
encryption key and can access the HD contents but I'm not the
designated decryption agent and can't log on to the account that owns
the encrypted files?

I can't log on to windows in normal or safe mode because of a corrupt
boot volume. running chkdsk, fixboot and fixmbr in the recovery
console did not fix the problem, so no way to log in to my account.

I can access my hard disk contents by running ubuntu live cd. I have
even set up a network between the faulty machine running ubuntu, as
server, and another machine running XP. But I can't access or copy
the encrypted files either in ubuntu or through the network from the
client machine running XP. I get an access denied message.

I've tried taking ownership of the files from the client, but access
is still denied. I've tried backing the files up to the client using
the windows backup application from the client, but access is still
denied.

I can't run the cipher command to decrypt the files since I can't log
on to my account even in safe mode with command prompt. The blue
screen of death gets me first. I can only log on with my password
using recovery console, but for some stupid reason, recovery console
does not allow cipher commands...

the irony is that I have the encryption certificate backed up in the
client machine!

All I want to do is copy my encrypted files over to the client
machine and decrypt themthere using my key.

Any suggestions?

Thanks in advance.
arkein

Can't be done unless you find an agent with the recovery keys or have
your own set of recovery keys. Otherwise it wouldn't be very useful
encryption now, would it? Only the person who did the encryption and/or
a designated, verified agent with the right credentials can access those
files. Read Help and Support for full info about it.

 

[Twayne]

Thanks Dave (if I may),

I've been thinking that slaving the HD to the other machine as you
suggest might be the only solution left, unless a miracle happens and
I somehow manage to log on.

I did manage a miraculous logon yesterday after manually replacing my
registry files with recovery backups and an interrupted 10 hour
chkdsk scan, during which I was able to decrypt a good number of
files, but that ugly BSOD came back to haunt me again and won't let
me back in. I think my HD might be dying.

Oh well, maybe I'll just sacrifice those last files to the evil blue
XP demon and format the HD hoping its not a hardware failure...

Hello,

Is there any way to copy or decrypt encrypted files if I've got the
encryption key and can access the HD contents but I'm not the
designated decryption agent and can't log on to the account that
owns the encrypted files?

I can't log on to windows in normal or safe mode because of a
corrupt boot volume. running chkdsk, fixboot and fixmbr in the
recovery console did not fix the problem, so no way to log in to my
account.

I can access my hard disk contents by running ubuntu live cd. I
have even set up a network between the faulty machine running
ubuntu, as server, and another machine running XP. But I can't
access or copy the encrypted files either in ubuntu or through the
network from the client machine running XP. I get an access denied
message.

I've tried taking ownership of the files from the client, but
access is still denied. I've tried backing the files up to the
client using the windows backup application from the client, but
access is still denied.

I can't run the cipher command to decrypt the files since I can't
log on to my account even in safe mode with command prompt. The
blue screen of death gets me first. I can only log on with my
password using recovery console, but for some stupid reason,
recovery console does not allow cipher commands...

the irony is that I have the encryption certificate backed up in
the client machine!

All I want to do is copy my encrypted files over to the client
machine and decrypt themthere using my key.

Any suggestions?

Thanks in advance.
arkein

Here is my suggestion...

Put the drive in a USB enclosure that is either USB to SATA or USB
to IDE [depending on the hard disk type].

Have the user who owns the Encryption Certificate logon to the
replacement PC making sure that that user is using the same
Encryption Certificate that was used to encrypt the files.

Connect the drive enclosure, with the affected hard disk, to the USB
port of the repacement PC and through the user's account transfer
the files over to that user's profile.

Any chance you can "extend" the drive's cables enough to get it into a
bath of ice? BE SURE TO ENCLOSE IT IN A WATERTIGHT CONTAINER!
Or, try freezing it for 24 hours and then quickly install it and try
to get at the files you want. AGAIN, BE SURE IT'S IN A SEALED CONTAINER
OR CONDENSATION WILL CREATE PROBLEMS!
Best if you can mount the disk outside the case away from the heat
sources inside, so it will warm up more slowly. You may gain anything
from a minute or so to an hour of useful drive time to do the work you
need to do. There is probably about a 90% chance the freezing bit will
work; depend on the specific problem with the drive.

I know it sounds silly, but that method will often revive a hard
drive long enough to pull data off it. If you have the exported key
those files were encrypted WITH, from the original machine they were
encrypted ON, the freezing method has a good chance of working. But any
other combination of events, e.g. not the same key as when they were
encrypted, not the same machine, etc., the game is over. You will not
be able to recover them. Period. From your comments though it sounds
like you might ahve the key you need; you just have to get the drive to
live long enough to get the files off it.

HTH

 

[arkein]

Thanks for your input Twayne,

Ok. When I encrypted the files I didn't designate the user account on the
other networked pc as an authorised recovery agent. So that means by default
the only account authorised to recover the files is the very user account
that made the encryption, since it is also the administrator account. At the
time I wasn't aware about the need to set a certified decryption agent,
thinking that backing up my encryption certificate was enough. lesson learned.

I've heard about the ice bath method before, and thanks for reminding me. I
just might try that as a last resort. The machine is a lapto though. So I'll
have to take it out, put it in a ziplock bag and chuck it in the freezer for
24 hours and then reinstall it into the laptop.

I can still access almost all of my unencrypted files. I only had a handfull
of files giving me a read-write error and was denied access only to the few
remaining encrypted files.

I'm not sure whether the problem was caused by system files becoming
corrupted by a registry clean I did just before the problem occurred, or if
its because my hard disk is physically damaged. I'm also getting weird
display artefacts... little discolored dots appearing randomly as soon as the
bios starts up and increasing in number as the computer heats up. Also, in
recovery console mode, the random letters in the text is getting
discolored/switched to another letter. I'm hoping that is caused by corrupted
system files and not a damaged video card...

I ran a couple of diagnostics and they seem to be indicating something is
physically wrong with the drive...

I think most of the encrypted files I'm trying to access were backed up at
some point in the past. I'm looking for them in my old backup cds. If I find
them, I'll just format the drive and reinstall windows, and that'll tell me
if I need to get a new hard drive or not.

thanks for your input guys!

 

[Twayne]

Thanks for your input Twayne,

Ok. When I encrypted the files I didn't designate the user account on
the other networked pc as an authorised recovery agent. So that means
by default the only account authorised to recover the files is the
very user account that made the encryption, since it is also the
administrator account. At the time I wasn't aware about the need to
set a certified decryption agent, thinking that backing up my
encryption certificate was enough. lesson learned.

Ah! Yes, your encryption key (not sure what you mean by certification)
is exactly what you need, assuming the files were encrypted under that
key and not a different one (different user account). It sounds to me
like you have what you need! The "agent" business is a safety thing
where someone OTHER than you can also share the accesses; not necessary.
Companies set up agents in case an employee leaves, isn't available,
things like that. You ARE the encryptor, so your backed up key should
be what you need.

I've heard about the ice bath method before, and thanks for reminding
me. I just might try that as a last resort. The machine is a lapto
though. So I'll have to take it out, put it in a ziplock bag and
chuck it in the freezer for 24 hours and then reinstall it into the
laptop.

Yes, it's best as a last resort. Sometimes the cold can be the final
straw and isntead of fixing it, will kill it the rest of the way. It

I can still access almost all of my unencrypted files. I only had a
handfull of files giving me a read-write error and was denied access
only to the few remaining encrypted files.

¿¿ I didn't get that before. That sounds a lot like data corruption
rather than a drive problem. "rw" problems on only certain files
doesn't sound like a drive problem to me, based on that information by
itself.
-- Have you run chkdsk /r? This should be a next to last resort, too
since in extreme circumstances it can again render a drive unusable,
although it doesn't sound like your problems are great enough to cause
that.
With /r if it finds data in a sector that's gone bad it'll make
multiple tries to read the data, compare the tries, look for enough
similarity to call it "good" data, and will write that data to another,
good sector and update the location tables accordingly, making the file
recoverable. Problem is, if it guesses wrong, the file is then forever
unencryptable.
-- Every drive manufactuer makes a test program for their disks to
judge the disk's health that's much better than anything XP has and is
non-destructive. I think I'd run that if you haven't already, and see
what it says about the drive. Now it doesn't sound like a drive
problem, actually.

I'm not sure whether the problem was caused by system files becoming
corrupted by a registry clean I did just before the problem occurred,
or if its because my hard disk is physically damaged.

What "registry cleaner" did you run? Does it have an "undo" feature?
If so, what happens if you undo everything? That might get you back
those files? Some "cleaners" are OK, some, well, not very good.

I'm also

getting weird display artefacts... little discolored dots appearing
randomly as soon as the bios starts up and increasing in number as
the computer heats up. Also, in recovery console mode, the random
letters in the text is getting discolored/switched to another letter.
I'm hoping that is caused by corrupted system files and not a damaged
video card...

Woof: Back burner for now I think; not likely connected directly with
your major issue?

I ran a couple of diagnostics and they seem to be indicating
something is physically wrong with the drive...

That's where the mfg test app comes in: Much more reliable and made for
the drive it's testing. Always much better than any other diags which
have to be a one size fits all type.

I think most of the encrypted files I'm trying to access were backed
up at some point in the past. I'm looking for them in my old backup
cds. If I find them, I'll just format the drive and reinstall
windows, and that'll tell me if I need to get a new hard drive or not.

Mmm, probably, since you said you have the encryption key you might be
able to do it on a different machine, too. Like I said, as long as it's
the right encryption key for the encryption that happened (only you as a
user on one account, not a mix of accounts).

Best of luck;

Keep us up to date - you've goe me pretty curious now. Sounds like you
might be fighting multiple problems and that always makes the job
tougher. Pary for it to be SW<g>.

HTH

 

[David]

Hi - I have much the same problem - but I think I have access to all the
people/logons/etc for the party who apparently inadvertently encrypted the
files rather than merely compressing them - BUT - how can I identify that
party and relevant certificates etc .... Cheers ... David

 

[Twayne]

From the computer itself, I doubt you can unless someone set up an audit
trail of all the accesses etc, which would be pretty unusual. AFAIK
you'll just have to ask around until you find the person and hope they
remember it.

MS encryption is good but they sure did a lousy job of documenting it.