A quick question before I kill myself... (XP EFS)

  • Thread starter Thread starter TJE
  • Start date Start date
T

TJE

Hello!

Before I jump screaming out the window, I thought I'd better check and see
if there's someone here that can help me with a really sad and embarrassing
problem.

Ok, before I went on holiday, I thought I'd be clever and encrypt some
private files with EFS, in case of burglary, etc. When I came home
everything was fine until (I guess) I installed MS VM (My stupid bank
insisted) and after that I can't access the files I encrypted.

Everything went rather fast, and yes, I'm an imbecil, so I didn't make a
copy of the key, but the following is still valid:

- same computer
- same OS (XP sp1)
- same user
- same password (and I know the password for the encryption)

I'm rather new at encryption, so I've screwed around a bit trying to make a
new key/certificate, but with no luck...

Is there a way to make a new key, with the same information?

I hope you can help me, so that I can go on with my life, even if it has to
be with a shamefull blush.

Thanks a lot!

/TJE

thomas@cadwalk*removeme*.com
 
No. There is no known way to make duplicate of you keys even if you know all
the information that was in the old key (information as password, e-mail,
username ....)

Encryption key is tied to profile and user under which it was first created
(but later you can export it and import to different user in different
profile).

Since you still have your old profile, username and everything else there is
very good change you can get your files unencrypted.

Does your username still have same password as on a day when you encrypted
your files? If not, how did you change it? If 3rd person (e.g.
Administrator) changes your username's (e.g. tje) password you will lose
access to encrypted files (this protects your files from bad admins)... All
you have to do is change your password back to previous password...

Second option that you should try is opening files under Administrator's
(first users on PC) username. They are by default Recovery Agents...

I hope some of this helps...
 
You can create a new cert/key, but it will be just that, new.
You must utilize the key from the old cert in order to decrypt
those files.

You have said
- same password (and I know the password for the encryption)
which does not sound like EFS, as there is (may be) only another
password on the exported cert/key, but you said
I didn't make a copy of the key

So, are you sure it is EFS you used ?

At any rate you shortest solution is in discovering what this
thing, MS VM, upon which your bank insisted actually is.
Tell us about it. Have you tried just uninstalling it ?

Also, at this point you may have more than one EFS cert/key
stored in your certificates, so you should check this with the
Certificates MMS snap-in.

Have you had any indication that a new profile was created
for your account ? What shows in the Doc&Setting, specifically
is the any profile with a "." separated two-part name ?
 
Thanks for the quick responses, I really appreciate it!

Nothing has changed as far as the account goes - no new accounts made or
deleted. Roger is right about XP not using Administrators account as default
recovery agent, it was the very first thing I tried...

Roger, you're right, I meant the password for accessing other keys that I've
tried to make... But yes, it's EFS. I haven't tried to uninstall the MS VM
thing, as I was afraid it would delete stuff that might be useful in the
recovery process... It's the MS Java Virtual Machine x86, and I did complain
to my bank that I had to download a 9 mb file on my 56k moden in order to
use the internet banking stuff. Besides, as I understand, XP sp1 already has
some kind of VM built in, so it made no sense.. They would investigate the
matter, whatever that means.

I did poke around in the certificate snap-in, after having tried to make a
new key, so I did delete some of my own as I went along... Probably a very
bad move, but it was before I realized that a new key might not be that easy
to generate. I thought it generated the key from username, password and
machine number, and if they were the same, you'd get the exact same key??

Theres nothing new or suspicious in the doc&settings, no new accounts of the
type you mention.

I have like 18 files in the RSA/Crypto folder called stuff like
6c97c52e3f38042ffb2649913716e41e_32cd96e0-f04d-4ec7-b69d-b36beb2a62f1, but
they have no extension, so I don't know what they are, except that there
were only 1 or 2 of them before I started messing around! Are they of any
use?

I've searched the discs for files like *.cer, *.p7b and *.pfx, but only the
one I made subsequently come up.

Thanks again!
/Thomas
 
Thanks for the advice, however I did try the AEFSDR-thing, but it doesn't
work with sp1 yet. My plan - should nothing else work - is to wait for the
next version which presumably will handle sp1 EFS.

/Thomas
 
O.K, I played around a little more with the AEFSDR-thing, and I am able to
get the 'decrypable' flag on all my files, but since it doesn't handle sp1
yet, I can't decrypt them.

This must mean that I still have all that's needed to decryp them on my HD,
right?

Yeah, thanks Peter, I've read a bit of the
http://www.beginningtoseethelight.org/efsrecovery/ page, but as I understand
it, one can really screw things up if not careful... Would it not be wise to
wait for an updated AEFSDR?

Thanks!
/Thomas
 
Back
Top