Sign in with
Sign up | Sign in
Your question

Decryption of encrypted file without the EFS key

Last response: in Windows XP
Share
August 25, 2012 4:08:45 PM

Hello,
A year ago I copied our family pictures, 500 or so, to a 500GB Toshiba external hard drive. About six month ago, my computer crashed so completely that I had to reinstall the original software, which involved formatting the hard drive.

After I completed this task, when I tried to read the Toshiba drive, I got all the folder names copied to my computer, but they were empty. Somewhere along the process, a message was displayed about encryption and not having the authority to retrieve the files. One time a string of 40 characters was displayed with no indication as to what it was. Subsequent attempts at reproducing that display failed.

When I first copied the photos to the hard drive I had no idea that the default mode was with encryption. MS gave no hint to that and neither did Toshiba. (I called Toshiba tech support and was told that the encryption was not of their doing; it was MS's). Do you think the 40-character string, which I copied, may be the encryption key to my photos?

Can you please help me?

August 25, 2012 7:32:36 PM

I don't know, but...
the drive is in the same state? (I mean, U haven't copy anything on it , since the problem occured ?
if so, u can try recovering software.
I use Easeus recovery, and U can check the whole drive.
http://www.easeus.com/datarecoverywizard/
Then, copy them, and then format the drive.
:hello: 
m
0
l
a b 8 Security
August 30, 2012 3:04:08 AM

If EFS was enabled and you wiped the drive containing the keys, without making a proper backup of those keys, you can kiss any encrypted data good bye. EFS is very good at what it does and there are NO back doors.
m
0
l
Related resources
September 7, 2012 12:53:45 AM

me 1 said:
I don't know, but...
the drive is in the same state? (I mean, U haven't copy anything on it , since the problem occured ?
if so, u can try recovering software.
I use Easeus recovery, and U can check the whole drive.
http://www.easeus.com/datarecoverywizard/
Then, copy them, and then format the drive.
:hello: 


Thanks for your response. Yes, I can copy files to the extrernal hard drive and retrieve them. In fact, the pictures were the only files that were encrypted during the original copying process.

I am annoyed that Toshiba or MS did not notify me that the default encryption mode was "opt out".

I'll try your suggestion.

Marcel
m
0
l
September 7, 2012 1:00:02 AM

ex_bubblehead said:
If EFS was enabled and you wiped the drive containing the keys, without making a proper backup of those keys, you can kiss any encrypted data good bye. EFS is very good at what it does and there are NO back doors.


Hi,

Thanks for taking the time to read my posting. I had no idea was EFS is or was. I did find a strange string of characters on the Toshibas drive and I wonder if that may be the key. The string has 40 bytes as follows: S-1-5-21-2843076097-etc...

Could that be the EFS key?

Marcel
m
0
l
a b 8 Security
September 7, 2012 1:45:50 AM

roncevaux said:
...I had no idea was EFS is or was.


You've just learned a valuable lesson, and one (just one) of my favorite philosophies. "If you can't teach it, don't touch it." Which means that If you don't understand something well enough to teach it to someone else you have no business using it.


roncevaux said:
I did find a strange string of characters on the Toshibas drive and I wonder if that may be the key. The string has 40 bytes as follows: S-1-5-21-2843076097-etc...

Could that be the EFS key?

Marcel



No. The EFS certificate files can be found in "C:\Documents and Settings\<username>\Application Data\Microsoft\SystemCertificates\My\Certificates". If you have the Documents and Settings directory from the old machine, you have a backup of the certificates. They are stored each in one file, named by thumbprint, with no extension.

If by some miracle you do manage to locate them then try this: http://technet.microsoft.com/en-us/library/cc722147%28v...

If you are unable to import them you will be forever unable to access the contents of the encrypted files.
m
0
l
February 7, 2013 10:57:20 AM

That is not EFS.


If the files are not in the Public folder, the files are assigned to the user (who is the owner).

Your files were assigned to whatever login you used on the old computer.

You need to take ownership of the files - just google 'take ownership windows 7', there is a handy little script that can be downloaded from howtogeek that makes life simple.
m
0
l
!