Re: Encrypted files -- would this work to get them back?

From: lostfiles@screwed.com
Date: 11/21/02 

From: lostfiles@screwed.com
Date: Wed, 20 Nov 2002 19:21:41 -0600

If it were a Public Key, then why would it only appear in MY Keys
folder within Application Data?

In the MMC, look at the "Local Computer" certificates. If any given
certificate were public, shouldn't it appear there instead of in the
"User Account"? If it's in the User Account, to me , that sounds like
a private key. Just as you though, I'm not 100% sure.

Can anyone tell me where exactly the "Private Key" is located on the
hard drive? I still might be able to recover it if it's still there.

thanks

On Wed, 20 Nov 2002 16:14:46 -0500, "Karl Levinson [x y] mvp"
<levinson_k@excite.com> wrote:

>Sorry, I don't think so. I'm not 100% sure, but that message sounds like
>that is a public key. You need the private key to decrypt, which it seems
>is stored elsewhere. In Public Key encryption, the public key is available
>to everyone and can only be used to encrypt a file, not decrypt it. If you
>could easily use a public key to decrypt a file or get the private key, just
>about all the internet banking web sites and other public key encryption in
>use today wouldn't protect a thing.
>
>
><lostfiles@screwed.com> wrote in message
>news:k0nntus1ogegat1he8snkl8tuk4a0a6r94@4ax.com...
>> Windows version: XP Pro SP1
>>
>> Ok, call me an idiot because like so many other people in here I had
>> to reformat and forgot about my encrypted folder until it was too
>> late. I was able to restore my old certificate and key but I'm stuck
>> and not sure what else to do.
>>
>> After the format and new install of XP, I ran a recovery utility on my
>> C drive and was able to recover ALL the files and folders in the
>> following directory:
>>
>> "C:\Documents and Settings\<username>\Application Data\Microsoft"
>>
>> If you notice, there is a Crypto folder and a "System Certificates"
>> folder in there and the files contained within them were recovered
>> without errors. Including the system certificate and the key.
>>
>> Note: I only had ONE certificate and key before the format. This was
>> my first reload of XP pro since it's release date, so those are the
>> correct files. The new Crypto and certificates folders/subfolders
>> were blank.
>>
>> I checked the Certificates snap-in with the MMC on my new install of
>> XP Pro and there were none listed. The Crypto, Certificates and Keys
>> folders on my hard drive were empty, so I copied all the files within
>> the recovered folders to the appropiate places. Now when I open the
>> Certificates Snap-in, the certificate is listed. It has the
>> following properties:
>>
>> "Enable all purposes for this certificate"
>> "Encrypting file system" box is checked
>>
>> Before copying the recovered files, when I would try to get the
>> encryption details on one of my encrypted files, the user list was
>> blank. Now when I right-click on one of my encrypted files and go to
>> Properties, Advanced, Details, it shows my user name and a certificate
>> thumbprint. If I click the Add button, the "Select User" box pops up
>> and I am able to view the certificate. It has the following
>> properties:
>>
>> GENERAL TAB
>> "This certificate is intended for the following purposes"
>> Allows data on disk to be encrypted.
>> All issuance policies.
>>
>> Issued to: username
>> Issued by: username
>>
>> Valid from: 11/19/2002
>> Valid to: 10/26/2102
>>
>> "You have a prIvate key that corresponds to this certificate"
>>
>> DETAILS TAB:
>> Too much info to type.
>>
>> CERTIFICATION PATH TAB
>> Certification Path: It shows the certificate name
>> Certification status: "This certificate is OK"
>>
>>
>> So since I have the old certificate/key and they are in the right
>> places, why can't I open one of the encrypted files? My user name,
>> login password and computer name are all the same as they were before
>> the reload.
>>
>> The permissions for the encrypted folder are set to "Full ControlI
>> (this folder, subfolders and files)". I was able to take ownership of
>> the folders/files and I do have administrator rights.
>>
>> Is there anything else I can do with the recovered certifcate/key that
>> might work? Any other ideas?
>