Re: decrypting files from XP - tough question

From: Ridge Cook (RidgeCook@myrealbox.com)
Date: 09/21/02 

From: Ridge Cook <RidgeCook@myrealbox.com>
Date: Sat, 21 Sep 2002 01:32:25 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Dear Jeff-

David is right. EFS uses a hybrid asymmetric/symmetric encryption scheme.
In that . The certificates created when you installed XP (Administrator
cert, default Recovery Agent) and when you encrypted the file logged on as
a User ( User certificate generated at that moment) are public keys
(asymmetric algorithms). It is to those keys which EFS encrypted the
session key it used when it symmetrically encrypted the file.

That session key can only be retrieved by those same certificates. If they
were not saved off computer when you wiped/reinstalled XP, the data cannot
be decrypted. Generating new ones with the same name and data will not
work. The numbers will never match in our life time.

This points up a main problem with EFS. Anyone using PGP has been told
since day one to back up their public and private keys (certificates) off
computer incase of software/hardware malfunction; but there is no mention
of this in the MS ALS or in most of the official sites discussing EFS.
ANYONE using EFS should export their User certificates ( and Admin if
possible) to a floppy off their machine just in case the computer eats
them, the HD melts down, or a malicious bug wipes them out. This can be
done through IE or OE-

In IE -Tools>Internet Options>Content>Certificates button>highlight yours
under the Personal tab and click export (include private keys) , follow the
wizard.

In OE-Tools>options>Security tab>digital IDs>highlight yours under the
Personal tab and click export (include private keys), follow the wizard.

Yours-
Ridge Cook

-----BEGIN PGP SIGNATURE-----
Version: 6.5.8

iQCVAwUBPYvMGltrJi1K+CPjAQNKYAQAi38lAX5lQTyWOPrBNPipPSofQavSG2P7
jWjK2PotOudAzfP6jEDgYVaR3ovT0sLyG2y9XSQoi1e1XlcwXPXp3fcgf7Xqd57c
lB5zhKn12BJ88+decFQXuC4oCGlakyxQaY5lByygvtGZa4ehzU1KF0dUPve27gr3
a/6WgMLpGks=
=njD/
-----END PGP SIGNATURE-----

Jeff Seabrook wrote:
> Ok - here's the deal.
>
> I have a dual boot machine, Windows XP on the first
> partition, and Windows 2000 Advanced Server on the 2nd
> partition.
>
> I have a few files that I encrypted when I was on XP, then
> moved the files to the D: drive ( NTFS ) ( 2000 Advanced
> Server ), then formatted the C: drive ( NTFS ) ( XP ), and
> reinstalled XP on the C: drive.
>
> The files on the D: drive are encrypted and I cannot
> decrypt them, or strip the atttributes from the files, so
> that I can recover old emails, text documents and pictures
> that are pretty sensitive.
>
> I need to get these files decrypted and / or stripped of
> their attributes. I've tried cipher and partition magic (
> to convert the drive from NTFS to FAT32, wont work -
> compressed drive error ) - anybody have any ideas?