If you still have the original profiles intact as you've stated, then there
is a way to extract the encryption key and import it into a new profile to
allow decryption.
See this TechNet Article:
https://www.microsoft.co.ke/technet/archive/community/columns/security/5min/5min-401.mspx?mfr=true
It specifically tells you where both the public key/certificate and private
key is strored as follows:
Backing up the encrypted files is as easy as backing up any other file.
Because the FEK is stored with the file, you don't need to take any special
precautions when you back up the file. However, you won't be able to decrypt
the file if you don't restore it to a domain or local computer where
authorized users can access their private keys.
It is also important to back up public/private key pairs and the public key
certificate. The public key and public key certificate are stored in
\username\Application Data\ Microsoft\SystemCertificates\My\Certificates
folder of the user profile. The private key is stored in the \Documents and
Settings\username\Application Data\Microsoft\Crypto\RSA folder. Like all
data stored in the RSA folder, the private key is encrypted with the user's
master key. Because the key pair and certificate are stored within the user
profile, they are backed up when the profile is backed up.
Additionally, key pairs and certificates-including any DRA keys-can be
exported to removable media and stored in a secure location. Note that
anyone who has a DRA's keys can decrypt anything that the DRA can decrypt.
Thus, it is imperative that these keys, and their backup media, be kept in a
safe place.
