encryption--I have the 'key' but can't open the 'lock'

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I'm having a fight with encryption . . . I have the certificate and matching
key for the encrypted files. I select a file, right-click 'properties', click
'advanced', unselect 'encrypt', and get an "Error 5" message.

Initially I was getting a message telling me that the certificate was not in
the "Trusted Root Certification Store", so I added the requisite 'snap-in',
exported the certificate from Console Root\Certificates - Local
Computer\Trusted People\Certificates and imported it to Console
Root\Certificates - Local Computer\Trusted Root Certification
Authorities\Certificates. The red 'x' that was on the certificate (found by
double-clicking the Certificate, on the General tab) disappeared. The
certificate "is intended for the following purpose(s): allows data on disk to
be encrypted; all issuance policies."

I was elated with my progress! Until I tried to unencrypt again . . . I
right-click a file, click 'properties', click 'advanced', and click
'details', but my certificate is not listed among the "Users who can
transparently access this file"--there's only User(User@DIRECTOR). I click
"Add" and my key appears in the "select the user's certificate with whom you
want to share the access" window, I select it and click OK and it is added to
the "Users who can transparently access this file" window. I click OK and get
the EFSADU error "Error in adding new user(s). Error code 5."

Is there any way to set my key as the 'default' certificate (so that it
would show up in the "Users who can transparently access this file" list)? If
not, is there another folder in the Certificates console that my certificate
should be imported into so that it can be "added"?

Thanks for your help,

Paul

PS I've got 'ownership' rights to all the folders in question, so I don't
think that's the issue.
PPS The Administrator 'User account' name has been changed since the files
were encrypted. Would that have any affect?
 
If you have it, import the .pfx file for "User(User@DIRECTOR)" into your
Personal certificates store and that will give you access to the file. Since
the User@DIRECTOR certificate is the only certificate listed on the file, you
must have that certificate installed in order to decrypt the file. The .pfx
file will have both the certificate and decryption key.

Thanks.
Pat
 
Actually, it's the OTHER certificate that I want to be recognised. I don't
really care about the "User(User@DIRECTOR)" one, since the files were not
encrypted with it. They WERE encrypted with my certificate, but now I cannot
add mine to the list of 'users who can transparently access files' without
getting "Error 5" . . . Thanks for trying, though,

Paul
 
Back
Top