can't decrypt EFS encrypted files

[NTex]

Greetings everyone,

I have a serious problem, I had encripted files using EFS of Windows XP SP1,
then later on I had troubles with access them, then a friend of mine
converted the partition NTFS to FAT32 and then again to NTFS (using
Partition Magic 7) with a hope that the files would lose their information
that were encripted but, this only made the things worst because, now XP
doesn't recognized them as encripted and they still are encripted, after
this I soon discovered that is possible to create Recovery Agent from a file
with the cipher command - ex. "cipher /r:example.txt", with this certificate
generated by this cipher util, I created a agent user recovery but, since
the XP doesn't know this files are encripted, I tried to force a decrypt
using cipher - "cipher /d /f /a example.txt" - but, still doesn't work,
anyone can help with this huge problem, this files are very important to me,
please. Thanks in advance.

NTex

 

[Carey Frisch [MVP]]

Your friend should not have converted your NTFS drive
to FAT32. Sorry, your encrypted files are now corrupt
and unrecoverable.

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993

Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a
reinstall of Windows XP.

See if the following articles help in any way:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/tr...chnet/prodtechnol/winxppro/deploy/CryptFS.asp

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default.aspx?scid=kb;en-us;329741


--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

---------------------------------------------------------------------------------------------


| Greetings everyone,
|
| I have a serious problem, I had encripted files using EFS of Windows XP SP1,
| then later on I had troubles with access them, then a friend of mine
| converted the partition NTFS to FAT32 and then again to NTFS (using
| Partition Magic 7) with a hope that the files would lose their information
| that were encripted but, this only made the things worst because, now XP
| doesn't recognized them as encripted and they still are encripted, after
| this I soon discovered that is possible to create Recovery Agent from a file
| with the cipher command - ex. "cipher /r:example.txt", with this certificate
| generated by this cipher util, I created a agent user recovery but, since
| the XP doesn't know this files are encripted, I tried to force a decrypt
| using cipher - "cipher /d /f /a example.txt" - but, still doesn't work,
| anyone can help with this huge problem, this files are very important to me,
| please. Thanks in advance.
|
| NTex
|
|

 

[Jupiter Jones [MVP]]

Are you sure it is not an Ownership issue:
http://support.microsoft.com/?kbid=308421

If the files are encrypted.
If you did not back-up the encryption key or the Recovery Agent and
are not on a domain, the files are as good as gone.
This must be accomplished while you have access to the files.
If you have not already done so, it is now to late.

If you can restore the original profile (not recreate) and know the
password, you may be able to recover the data.
Recreating profiles and passwords is irrelevant.
Contact Microsoft if you can restore the profile.
Or:
http://www.beginningtoseethelight.org/efsrecovery/index.php

EFS is very good at what it does and there is no back door.
Read and understand these links before using EFS to keep from
permanently losing your data:
http://www.microsoft.com/windowsxp/pro/techinfo/administration/recovery/default.asp
(58 pages)
http://support.microsoft.com/?id=223316

 

[NTex]

Uh Oh, now I'm really worry, but the Windows XP it's the same instalation,
he only messed with a secondary partition with PM7 where are the files
stored, it's still the same instalation and the same users on the local
system, so I supposed it's still possible to something ?

 

[NTex]

Sadly it's, one point files on this moment are encripted but Windows doesn't
know that because of that little trick with PM7,
Second point, It's the same Windows instalation, all the users are the same,
so is it possible to create a key to recover files even with that little
problem mention before ?

 

[Aaron]

Unfortunately you are now dead in the water after the
whole NTFS/FAT32/NTFS thing. This took an already
encrypted set of files and twisted them into garbage. I am
in the same boat, well not the same boat but the same
lake. I lost my keys and did not back them up. However, I
can at least have the hope that someday someone with a lot
more time and brains than me will break the code.

Maybe if you backed up the folder (full) before you
changed formats? Otherwise I am afraid the others are
right.

 

[Jupiter Jones [MVP]]

Sadly, I believe the files were destroyed by the file conversion.
There is a myth on the net that doing just that will decrypt the data.
If it were that simple EFS would be worthless.

EFS is such that if something goes wrong, the data is effectively
destroyed as opposed to decrypted for a thief.
This is another reason for back-ups in a secure location appropriate
to the importance of the data..

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://dts-l.org/index.html

 

[Roger Abell]

There is a bit that indicates the files are encrypted
that was lost during the third-party filesystem hacking.
Until this bit is restored you have no hope of using
XP native interfaces to decrypt the files.
However, if you do not have the types of things outlined
in the posts of others, even after the files were returned
to a whole state you would not be able to decrypt them.

 

[dietmar.schmidt]

-----Original Message-----
Sadly, I believe the files were destroyed by the file conversion.
There is a myth on the net that doing just that will decrypt the data.
If it were that simple EFS would be worthless.

EFS is such that if something goes wrong, the data is effectively
destroyed as opposed to decrypted for a thief.
This is another reason for back-ups in a secure location appropriate
to the importance of the data..

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/se tup.asp
http://dts-l.org/index.html

Sadly it's, one point files on this moment are

encripted but Windows
doesn't

know that because of that little trick with PM7,
Second point, It's the same Windows instalation, all

the users are
the same,

so is it possible to create a key to recover files even

with that
little

problem mention before ?


"Jupiter Jones [MVP]" <[email protected]>

escreveu na
mensagem Recovery Agent
and recreate) and know
the

http://www.microsoft.com/windowsxp/pro/techinfo/administra tion/recovery/default.asp

http://www.microsoft.com/windowsxp/pro/using/newsgroups/set
up.asp using EFS of
Windows a friend of
mine again to NTFS
(using worst

because,

are

encripted,

user recovery
but, still

doesn't

.

 

[NTex]

And how can I restore that bit that says the files are encrypted, without
encrypting them again ? I can try that because I have the same instalation
of Windows and Users, so I think I well may give a shot, it can't go worst
than this. Thanks in advance...

 

[Roger Abell]

And how can I restore that bit that says the files are encrypted, without
encrypting them again ? I can try that because I have the same instalation
of Windows and Users, so I think I well may give a shot, it can't go worst
than this. Thanks in advance...

I do not know how. But, I do know that encrypting
them is not what you want to do, as that will get the
bit set, but it also will apply a new encryption of the
already encrypted data.