Cannot decrypt files on XP

  • Thread starter Thread starter dgmartin
  • Start date Start date
D

dgmartin

I've got a strange problem. I've got a few folders on my XP Pro (SP2)
laptop. I exported the certificate to three different USB flash drives.
When I need to travel or otherwise expose my laptop to theft, I delete
the key from the laptop, then later import the certificate to access
the encrypted files.

I've done this about ten times or so with no problems. However, the
last time I tried this, the import went fine, but I still can't access
the files. I tried importing from the other USB drives, but the same
result. The import succeeds, but the files are inaccessible.

Any ideas on what could be wrong? Nothing has changed on the laptop.
 
First make sure you are importing via a .pfx file that would be password
protected to protect the private key. If you are doing that then if you have
"reset" your password then you will not be able to access the EFS files
unless you change your password back to what it was. You reset a password
while logged on as an administrator which you can do to any user account in
local users and groups, etc. Only the user can "change" their password via
Control - Alternate - Delete . --- Steve
 
Thanks for the suggestion, but the problem was elsewhere.

I found the problem after spending about 2 hours with Microsoft
support. It appears that somehow there were two certificates created,
and SOME of the files were encrypted with one certificate, and some
with another. Formula for disaster if I ever saw one. I guess I can
only blame myself, but i'll be damned if I can figure out how it
happened. Anyway, I only had one of the certificates backed up.

I decided to wipe the drive and rebuild, cinse there was no important
data in the encrypted files.
 
Thanks for the suggestion, but the problem was elsewhere.

I found the problem after spending about 2 hours with Microsoft
support. It appears that somehow there were two certificates created,
and SOME of the files were encrypted with one certificate, and some
with another. Formula for disaster if I ever saw one. I guess I can
only blame myself, but i'll be damned if I can figure out how it
happened. Anyway, I only had one of the certificates backed up.

I decided to wipe the drive and rebuild, cinse there was no important
data in the encrypted files.
Click to expand...
This is due to your removal of the certificate and its associated
private key. You must have encrypted a file at this time (or stored a
new file in an encrypted folder). Because no existing EFS certificate
was there (you removed it), a new one was generated and that became your
new default EFS certificate from that point forward.

I would recommend not removing the EFS certificate in the future.
Consider using a stronger password to protect the cert store instead.
Continue to back it up, but do not remove it.

Brian
 
Thanks for reporting back and be sure to consider Brian's advice. If your
user password or better yet pass phrase is 15 characters or longer and
complex it will be virtually uncrackable. If your computer is a domain
computer and you are logged on with cached crededentials then even
moderately strong passwords will offer a large measure of protection. The
utility efsinfo can show what user and certificate thumbprints can be used
to decrypt a file. My guess is that MS support had you try that. --- Steve
 
Back
Top