Re: Help please - Can not use/export private key after domain change

Let's try to separate issues.
Can you access a previously EFS encrypted file ?
It is possible to have the key in the store so that it is not
exportable (but still usable).
You see only one EFS certificate in your private cert store?
If it is not usable then you should contact the admins that managed
the transition. They would (should) certainly want to know of the
problem before they migrate any more accounts/profiles.
On the other hand, if it is usable, then this may be due to policies
enforced in the new domain, which may or may not be what they
have intended to happen.

<sandeepk99@xxxxxxxxx> wrote in message
news:1139015493.946955.165250@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have a self signed certificate in Windows XP (private/pulic key
pair). Recently my company changed my login domain (keeping the same
password and Profile directory). But after that I can not use my
certificate (private key). Looking at the password manager, it shows
the certificate, also when I view it, it says that I have private key
corresponding to the certificate. But when I try to export it greys out

the option for private key export saying "The associated provate key
can not be found. Only the certificate can be exported." I guess the
reason might be that the key was encrypted based on password + domain
name. Just my guess, based on my limited understanding from what I
found on the net:

"Windows XP protects you against such attacks. Windows XP encrypts the
private key with a derivative of your password. If the password is
changed and you don't provide the old password, access to the public
key will be permanently blocked, and you or a thief can no longer
decrypt files with this key."

Is the only way to recover the key to ask for switching back to the old

domain ? Please advise, I would really be very greatful for any help to

recover my key.

Thanks a lot,
Sandeep



.

Relevant Pages

  • Re: PFXExportCertStoreEx
    ... which contains the actual PFX and write that to the disk. ... methods to export certificate + private key from the IE store. ...
    (microsoft.public.platformsdk.security)
  • Re: Unable to unwrap a symmetric key using the private key of an X
    ... the certificate (public and private key) is ... installed in the personal store of both local computer and current user and I ... The problem is related to the certificate store on the web service side. ... You installed the certificate in "OtherPeople" store but the policy points ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Client Certificates Issue
    ... "Active Directory User Objects" where the certificate is available, ... the Store Name for that store or, how can I access it using C#.Net code? ... not on your server. ... of the private key for the certificate they provided to the server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Online Only Digital Signature
    ... What's important is not whether the file contains the private key, ... In the above, the certificate is placed into the local machine store, and ... Can you open the cert store, ...
    (microsoft.public.dotnet.security)
  • Re: How to Decrypt using Public Key?
    ... encrypts with the private key so anyone can decrypt with the public key and ... To decrypt information encrypted with the private key given a certificate, ...
    (microsoft.public.platformsdk.security)