Lost Access to Encrypted Files on XP Reload

[Guest]

I have reloaded XP Pro on my computer due to being unable to boot the computer.

The machine is up and running and I'm able to take control of the encrypted
files.

Is there a mechanism to use the old account password and the associated
certificates to decrypt these files? Or are they toast?

Of course I religiously backed up my files but the back ups are also
encrypted.

Thanks,

James

 

[GreenieLeBrun]

I have reloaded XP Pro on my computer due to being unable to boot the
computer.

The machine is up and running and I'm able to take control of the
encrypted
files.

Is there a mechanism to use the old account password and the associated
certificates to decrypt these files? Or are they toast?

Of course I religiously backed up my files but the back ups are also
encrypted.

Thanks,

James

Did you create a recovery agent and export your private key? If no then they
are toast.

The Encrypting File System
http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx

Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316/en-us

How to back up the recovery agent Encrypting File System (EFS) private key
in Windows Server 2003, in Windows 2000, and in Windows XP
http://support.microsoft.com/kb/241201

 

[Shenan Stanley]

I have reloaded XP Pro on my computer due to being unable to boot
the computer.

The machine is up and running and I'm able to take control of the
encrypted files.

Is there a mechanism to use the old account password and the
associated certificates to decrypt these files? Or are they toast?

Of course I religiously backed up my files but the back ups are also
encrypted.

Did you backup the certificates often?
Do you have these backups?

Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316

Why you must back up your certificates
------------------------------------------------------
Because there is no way to recover data that has been encrypted with a
corrupted or missing certificate, it is critical that you back up the
certificates and store them in a secure location. You can also specify a
recovery agent. This agent can restore the data. The recovery agent's
certificate serves a different purpose than the user's certificate.

How to back up your certificate
-------------------------------------------
To back up your certificates, follow these steps:

1. Start Microsoft Internet Explorer.
2. On the Tools menu, click Internet Options.
3. On the Content tab, in the Certificates section, click Certificates.
4. Click the Personal tab.

Note There may be several certificates present, depending on whether you
have installed certificates for other purpose.

5. Select one certificate at a time until the Certificate Intended Purposes
field shows Encrypting File System. This is the certificate that was
generated when you encrypted your first folder.
6. Click Export to start the Certificate Export Wizard, and then click Next.
7. Click Yes, export the private key to export the private key, and then
click Next.
8. Click Enable Strong protection, and then click Next.
9. Type your password. (You must have a password to protect the private
key.)
10. Specify the path where you want to save the key. You can save the key to
a floppy disk, another location on the hard disk, or a CD. If the hard disk
fails or is reformatted, the key and the backup will be lost. (If you back
up the key to a floppy disk or CD, you must store that disk or CD in a
secure location.)
11. Specify the destination, and then click Next.

 

[Patrick Keenan]

I have reloaded XP Pro on my computer due to being unable to boot the
computer.

The machine is up and running and I'm able to take control of the
encrypted
files.

Is there a mechanism to use the old account password and the associated
certificates to decrypt these files? Or are they toast?

Yes. You import the certificates that you exported when you invoked
encryption. The password is a lot less important.

Of course I religiously backed up my files but the back ups are also
encrypted.

Thanks,

James

If you didn't export or don't have the exported account credentials, or have
a recovery agent, or if the exported credentials are corrupt, the answer is
simple and you can't get around it: the files are gone.

-pk

 

[Guest]

I did not back up the keys ... only the data files.

From the sounds of things, my files are toast.

I guess the question I have is are the certificates that still exist on my
system and the old account password enough to decrypt the files? [Can I back
them up now?]

Or as I think the responders have said ... only if I backed up the
certificates [prior to reloading XP Pro]?

Please let me know.

Thanks,

James

I guess

 

[Shenan Stanley]

I did not back up the keys ... only the data files.

From the sounds of things, my files are toast.

I guess the question I have is are the certificates that still
exist on my system and the old account password enough to decrypt
the files? [Can I back them up now?]

Or as I think the responders have said ... only if I backed up the
certificates [prior to reloading XP Pro]?

If you did not backup the keys/certificates before making changes - yes, the
files are toast.

 

[John Wunderlich]

I did not back up the keys ... only the data files.

From the sounds of things, my files are toast.

I guess the question I have is are the certificates that still
exist on my system and the old account password enough to decrypt
the files? [Can I back them up now?]

Or as I think the responders have said ... only if I backed up the
certificates [prior to reloading XP Pro]?

Please let me know.

The certificate on your old system was itself encrypted with a
combination of the user password and the user's Secure ID. It
sounds like you've lost all your files.

Looking forward, you can either be diligent about backing up your
certificates or consider switching to the freeware "Truecrypt" which
uses only a passphrase of your choosing to gain access to the
encrypted data. Had you been using Truecrypt, you would have access
to your files right now...

<http://www.truecrypt.org>

IMHO, using EFS is like strapping a random timebomb to your data
where even backups won't save you.

HTH,
John