locked
Problem with EFS Encryption / Decryption but I have the certificate RRS feed

  • Question

  • I exported the certificates in which the thumbprint matches all the encrypted files.

    However during some troubleshooting, a colleague tampered with certificates on my box and severed access permissions to my files. I exported my certificates that was used for EFS and rebuilt the Vista 64-bit box.

    I installed the certificates (backup.cer) to the "Personal" store and the "Trust People"

    The thumbprint of the certificate that was exported is c77128ea9635631d17f3d0f464644e8ca5db6c18
    The thumbprint of the ceritificate that was used during encryption for the files matches to c77128ea9635631d17f3d0f464644e8ca5db6c18

    When i reboot and type in "cipher /y", the thumbprint does not match the certificate installed.

    Please help as the files encrypted are business critical data that needs to be restored. I have attempted to install and remove the ceritificates to no success.
    • Moved by Carey FrischMVP, Moderator Tuesday, March 16, 2010 2:09 PM Moved to more appropriate forum category (From:Windows Vista Setup)
    Monday, March 15, 2010 10:47 PM

Answers

  • Well it looks like Microsoft was unable to help me resolve this issue. I had nothing from technet, but I guess I didnt expect anything of it.
    As well as the expensive MSDN service was unable to resolve or even fathom the problem or the complexity of it despite being escalated 4 levels.

    The issue resolve by myself as I had the correct keys still left on the hard drive and the knowledge of the full username and password that was used to encrypt the files.
    Needless to say, Microsoft failed big time and Linux/Unix FTMFW.
    • Marked as answer by signalbobby Wednesday, March 17, 2010 5:01 PM
    Wednesday, March 17, 2010 5:01 PM

All replies

  • I have restored my machine.
    My thumbprint of the machine is the same of the certificate thumbprint and the thumbprint that the file needs.

    Under C:\users\(username)\appdata\roaming\microsoft\crypto\rsa(SID ID), the SID ID matches the one with the certificate that it was originally made with. In that folder is one private key.
    Under C:\users\(username)\appdata\roaming\microsoft\protect\(SID ID), there is one file called BK-CHANDLER that was made around the same time as the private key.
    Under C:\users\(username)\appdata\roaming\microsoft\systemcertificates\my\certificates\ the thumbprint of the certificate file is in this directory.

    Yes I cannot still decrypt my files or read them. I can rename them, but cannot read or decrypt.

    I have tried reencrypting, but it creates a new private key/pub key/certificate for some reason.


    Please assist ASAP.
    Tuesday, March 16, 2010 5:18 PM
  • Well it looks like Microsoft was unable to help me resolve this issue. I had nothing from technet, but I guess I didnt expect anything of it.
    As well as the expensive MSDN service was unable to resolve or even fathom the problem or the complexity of it despite being escalated 4 levels.

    The issue resolve by myself as I had the correct keys still left on the hard drive and the knowledge of the full username and password that was used to encrypt the files.
    Needless to say, Microsoft failed big time and Linux/Unix FTMFW.
    • Marked as answer by signalbobby Wednesday, March 17, 2010 5:01 PM
    Wednesday, March 17, 2010 5:01 PM
  • First of all let me congratulate you, Wow, I really didn't think there was any hope for my problem until I came across your post.  God Bless You!!

    I too have a very similar problem.  I can no longer decyrpt my encypted files and folders on my work drive.  My step kid thought it would fun to mess with his step dad, so he tried to hack my portable usb drive using the "takeown" and the "icalcs" command on his Windows 7 Sp1 machine.  Wiped out all the ACL's and Attributes to my work folder and files.  I too have the correct "Keys" as well as "Username and Password"  However I lack the expertise to impliment the solution, or even the knowledge to replicate what you did.  Currently I am On-line searhing technet to try and figure out how to "add recovery agent" in Windows XP Professional Sp3.

    Can you Please Enlighten me?

    Thank-you Sooo much for response,

    Best Regards and Congratulatios again, your accomplishment remarkable!

    Gary Gordon McQuary email(popabluebear@aol.com)(White_Electric_Wind@Comcast.net

     




    • Edited by Gary Bear Wednesday, November 2, 2011 4:31 AM
    Wednesday, November 2, 2011 4:28 AM