Key Recovery and Decryption

From: Ron (digitalvideoinfo@yahoo.com)
Date: 08/28/02

• Next message: Rod: "Re: Folder Encryption"
• Previous message: Jonthan: "Forgotten Content Advisor Password"
• In reply to: Rajat Sud: "Key Recovery and Decryption"
• Next in thread: Al Morris: "Re: Key Recovery and Decryption"
• Reply: Al Morris: "Re: Key Recovery and Decryption"
• Reply: D. Cross [MS]: "Re: Key Recovery and Decryption"
• Reply: Drew Cooper [MS]: "Re: Key Recovery and Decryption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Ron" <digitalvideoinfo@yahoo.com>
Date: Tue, 27 Aug 2002 20:34:42 -0700

I have a similar problem. I have an encrypted partition
which became inaccessible when an upgrade from Win2K to
Win XP Pro failed. I had the encryption key backed up on
floppy, but have also been unable to get my files
decrypted, despite having successfully imported this key
and designating a Data Recovery Agent. I suspect that the
problem is that I have not yet figured out the correct way
to install the Administrator's Data Recovery Certificate
from the original Win2K partition. I was able to import
this DRC, and when I open it, XP tells me I have the
corresponding private key but if I try to export this
cert, XP tells me that I DON'T have the corresponding
private key.

While this may not help you, I sure would appreciate it if
you'd forward any solution you might find to me. I'll do
the same if I should solve it first.

Thanks,
Ron
>-----Original Message-----
>I use Win XP Pro on a standalone machine. I had deleted
>my certificate which was used for encryption which I
>later recovered. I am not able to use this to open my
>encrypted files.
>
>I have the certificate which encrypted the files and its
>private key is intact in the RSA directory. I have added
>the certificate to the Personal Store also. However EFS
>does not use this and creates its own private key for the
>same username and password. Only one username has
>decryption rights and there are no authorised DRAs on the
>encrypted files. The data is extremely important to me.
>Please suggest what do?
>
>My problem is akin to adding that of a users whose disk
>has been wiped (along with keys), user accounts created
>and then the keys restored. How to make Win XP EFS use an
>old certificate and key.
>
>>-----Original Message-----
>>Without the certificate used to encrypt the files (and
>its private key), you
>>won't be able to decrypt the files. EFS best practices:
>>http://www.microsoft.com/windowsxp/pro/techinfo/administr
>ation/recovery/defa
>>ult.asp
>>
>>--
>>Drew Cooper [MS]
>>This posting is provided "AS IS" with no warranties, and
>confers no rights.
>>
>>
>>"Rajat Sud" <rajat_ksud@yahoo.co.in> wrote in message
>>news:54b701c24c68$f1dd5800$9de62ecf@tkmsftngxs01...
>>> I work on a standalone win xp pro machine.
>>>
>>> I had accidently deleted my certificate for encryption
>of
>>> files, and when I started again another certificate was
>>> created. I am able to recover the original certificate
>>> back but am not able make the XP system use this one. I
>>> creates a certificate of its own. (Through MMC new
>>> certificate does not show only old certificate is
>there -
>>> this one but the new certificate is visible through
>>> Internet Explorer and the 2 dont have the same
>signature).
>>>
>>> As a result of this the files which I encrpypted before
>>> are not opening - access denied. I have tried data
>>> recovery however since the files were not encrypted
>when
>>> the data recovery agent was setup it does not show in
>the
>>> permitted recovery agents also and the recovery agent
>is
>>> also not working.
>>>
>>>
>>
>>
>>.
>>
>..
>
>
>.
>

---

• Next message: Rod: "Re: Folder Encryption"
• Previous message: Jonthan: "Forgotten Content Advisor Password"
• In reply to: Rajat Sud: "Key Recovery and Decryption"
• Next in thread: Al Morris: "Re: Key Recovery and Decryption"
• Reply: Al Morris: "Re: Key Recovery and Decryption"
• Reply: D. Cross [MS]: "Re: Key Recovery and Decryption"
• Reply: Drew Cooper [MS]: "Re: Key Recovery and Decryption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: HELP ... users private key you would need to have a backed up copy from the old operating ... A Recovery Agent would need to have been ... > 3- you have the EFS private key for the Recovery agent in a .pfx ... >>> MESSSGAE AND ITS UNABLE TO REMOVE THE ENCRYPTION AND DISPLAY ACCESS ... (microsoft.public.windows.group_policy) Re: DRA is Decrypting Files when it shouldnt be!!! ... > EFS is allowing the RA to decrypt 200 files that were encrypted BEFORE an RA ... > encryption to get the RA to decrypt encrypted files. ... the default RA certificate was used. ... certificate and private key only when needed). ... (microsoft.public.windowsxp.security_admin) Re: EFS, certificates etc ... created a certificate ... >for the Admin account, which I have designated as the ... >data recovery agent cannot. ... >>> encryption. ... (microsoft.public.windowsxp.security_admin) Re: Folder Encryption ... Unless you are on a domain, do not use encryption. ... it is described how to create a data recovery agent, ... page 5 "Data Recovery on Standalone Machines" ... Back Up Your Encrypting File System Private Key in Windows 2000 ... (microsoft.public.windowsxp.security_admin) Re: Decrypt windows files ... Iam using Windows XP joined to a Windows 2000 Domain, I encrypted the files using my domain user account so I need a help in decrypting my files. ... Since you forget to back up your certificate, unless you set a recovery agent you are most probably out of luck. ... There is no backdoor to encryption. ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)