EFS, Decrypting files with the encrypt attribute not set

M

mscotgrove

Via data recovery one can get a file that is encrypted, but the
attribute in the directory shows that it is not encrypted. The only
command I can find for setting attribute SetFileAttributes does not
allow changing of this flag.

If one creates a new file with encryption attribute, it will encrypt
the new file, ie double encryption.

I can see two options

1) Modify the MFT on the disk directly. Possible, but not a nice thing
to do.

2) Read the file, and use XP decryption routines. This would be nicest
solution, but can anyone advise me on which set of routines work with
standard encrypted files. I am assuming access to the relevant keys.

Is there a third solution? I am happy/expecting to do low level
programming to resolve the problem.

Michael
 
S

Steven L Umbach

You might try using the cipher command and efsinfo is helpful also in
determining what users/RA/certificates are associated with the EFS file. You
can't "double encrypt" an EFS file though users/RA can be added as users
that can decrypt the file if they have the proper certificates/EFS private
key. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Decrypting files 6
Decrypting files when encryption certificate is missing 2
Continuing Problems decrypting EFS objects 1
Encrypting Remote Files with EFS 4
EFS and certificate revocation list 1
How to decrypt files that has EFS encryption 2
Looking for Microsoft EFS update or replacment product 4
Decrypting Files 3

Top