Cannot decrypt EFS Encryption-have certificates, not keys

n40gl

New Member
Messages
1
Location
Los Angeles
This file encryption is a problem in EFS, which is not, and is often confused with Bitlocker. To clarify: not BitLocker. Users talk about encryption as a BitLocker issue, because ti is available in Windows 8.1 Pro. I am talking about EFS (Encrypting File System), an NTFS encryption scheme. Different than BitLocker.

Using EFS encryption in Win8.1Pro, to encrypt a file/folder you right-click > properties > (general tab) click advanced > check "encrypt contents to secure data" and the deed was done.

I encrypted selected files. The Windows install is on the C: drive. The EFS-encrypted files are on the D: drive.

Foolishly, I let Microsoft in to my computer to fix an Outlook issue. The technician randomly deleted files to see if that changed the Outlook issue, and then did a refresh of the entire computer (which means reinstalling the OS). That disconnected the EFS private keys from their certificates.

Fortunately, before MS started messing around, I copied the entire User profile (everything under C:\Users) to a different drive, where it sits undamaged.

I had been backing up the C: Drive regularly, and have so far restored about 22 backup images. I was able to run certmgr on the restored drive, identify and export the Encrypting File System certificate. That means I also have the thumbprint of the private key (Certificate --> Properties --> Details - last item in the list). In my export of the User profile (previous paragraph) I've found a file which name that matches that of the fingerprint. But I don't have anything that indicates it is a key.

The exported certificate now also sits on the D: drive.

Is there any way to find the key and associate it to the Certificate?

Yes, I had backed up the Private Key as a .pfx file. And then moved from Virginia to California. The key was lost in the move (along with several other things).

I know about this: ElcomSoft Co.Ltd. Decrypt and recover files protected with the Encrypting File System (EFS). I downloaded the demo and let it scan the drives, but it didn't find anything. However, this was before I exported the Certificates.

If someone has run this program and been successful, or even knows the steps, please respond. I emailed Elcomsoft's tech support with a question on whether it would work in my case (describing the above) but never received a reply.

Again: no, the files/folders are not compressed and I am not talking about BitLocker.
 

My Computer

System One

  • OS
    81. Pro Media Center
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self-built (Gigabyte Motherboard)
Back
Top