Cannot decrypt my backed up encrypted files

computer · May 10, 2004

I'm screwed guys. Unless someone knows of a way I can view my encrypted files, I'm screwed beyond belief.

Hi all. I have thousands of saved webpages in the form of .mht
webpage archive documents. After getting on a new PC, NONE of
these files can viewed! Opening any of them and I get "the
page cannot be displayed"! This was the ENTIRE contents of "My
Documents" which I saved on a storage drive. Apparently, this
problem is because the files were all encrypted since I tried
other saved .mht files and I can open them! I CANNOT DEcrypt
the files now! Every time I try and unencrypt or decrypt
ANYTHING in the My Documents backup by unchecking the box
"encrypt contents", it says "an error occurred while trying to
apply attributes to this folder"! What's going on here? This
means MY ENTIRE "My Documents" IS LOST! This is about 2gb of
priceless irreplaceable data including dozens of passwords in a
Notepad file, customer data, the list is endless!

My "My documents" folder was encrypted on my other PC. I of course saved it to the backup hard drive and got my new PC running, then I go to the storage drive to install my software and the "My Documents" folder is #%^$%!@ LOST due to the encryption since the data is a good as not being backed up!!! I may as well as not even bothered to back it up and just format over it!!! This is YEARS of work GONE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

n0cmonkey · May 10, 2004

Wrong forum.

Restore your encryption key from the old machine onto the new machine and you should get the files back.

computer · May 10, 2004

Originally posted by: n0cmonkey
Wrong forum.

Restore your encryption key from the old machine onto the new machine and you should get the files back.

Thanks, but that's impossible. The HD from where "My documents" was backed up was reformatted.

AndyHui · May 10, 2004

Perhaps you should try to unformat, or perform some sort of data recovery. You won't be able to get at your encrypted files without the certificate.

computer · May 10, 2004

Originally posted by: AndyHui
Perhaps you should try to unformat, or perform some sort of data recovery. You won't be able to get at your encrypted files without the certificate.

I already gave my old PC to my Dad. The HD is already set up with XP on it as well as all drivers and software. There has GOT to be a way, a program, some trick to be able to view these files. I could KILL M$ for not giving any kind of warning about this!! Those bastards drive you INSANE with "are you sure......." "are you sure......." "are you sure......." "are you sure......." blah blah for every friggin' thing you try to do on a Windows OS of which none of IT is even necessary!!!!! Something as serious as this, and these ass-wipes don't give one comment about it when encrypting a folder!!! THAT is just TOTALLY SENSELESS!!!!!!! Backwards A$$holes.

Sunner · May 10, 2004

No, the point of encrypting it is that you're not supposed to be able to recover it without the proper key, if you could, EFS would be broken.
A more specific point of EFS is that you're not supposed to be able to yank the HD, put it in another computer, and have the data accessible, if you could, EFS would be useless.

Snoop · May 10, 2004

Why would you encrypt a bunch of saved web pages?

computer · May 10, 2004

Originally posted by: Snoop
Why would you encrypt a bunch of saved web pages?

Basically, what was done is the "My Documents" folder was encrypted. So, everything in it was also encrypted. It was NOT just mht files, but thousands and thousands of files saved for years as well as my customer database, and countless of other files that CANNOT be replaced. This has got me almost suicidal. That was my life. The g**amn CD's the data was also on was f**ked up by corrupted media. That crap doesn't last anywhere near the 25 years it was supposed to, more like 2 years. I also lost countless downloads that can never be found again thanks to the CDR media problem but that's the least of my worries.

EngenZerO · May 10, 2004

hmmmm, this is why you should have a dedicated back up harddrive for just your work that would never be formatted.

good luck...

but in all honesty... your sol...

boran · May 10, 2004

this forum thread isnt there for no reason eh, NTFS encryption is very strong, and unbeatable from any normal person's Point of view, if you cannot get access to your previous install all your files are permanently gone. sorry to say so, but if you have 1430 post you SHOULD have seen that post, it is stickied to the top, unless you never come to the OS forum there is no excuse for not knowing that. I feel sorry for you, but there is nothing else that I or anyone can do to recover your files.

rade · May 10, 2004

Try this as Administrator:

Mark and right-click the file(s)
Enter the file Properties
Go to the Security tab
Press Add...
Double-click (or mark and confirm) user group Everyone (or Authenticated Users)
Make sure that Everyone has been added in the user list
Make sure all Allow options are checked
Check also the box "Allow inheritable permissions from parent to propagate to this object" if unchecked
Press Ok

Thoreau · May 10, 2004

Originally posted by: rade
Try this as Administrator:

Mark and right-click the file(s)
Enter the file Properties
Go to the Security tab
Press Add...
Double-click (or mark and confirm) user group Everyone (or Authenticated Users)
Make sure that Everyone has been added in the user list
Make sure all Allow options are checked
Check also the box "Allow inheritable permissions from parent to propagate to this object" if unchecked
Press Ok

Hehe, if it were that easy, I too wouldn't have lost a few files the same way about two years ago. =)

To the OP, the concensus is right, those files are 100% lost unless you somehow manage to pull that cert from the old machine, or happen to have a LOT of computing power and time on your hands. (When I say a lot, you might as well have the entire SETI@Home farm at your disposal before you get your hopes up.)

Ever since I ran into this issue I just decided that encrypting my data wasn't all that important and just focus on network and physical security a bit more.

Sunner · May 10, 2004

Originally posted by: rade
Try this as Administrator:

Mark and right-click the file(s)
Enter the file Properties
Go to the Security tab
Press Add...
Double-click (or mark and confirm) user group Everyone (or Authenticated Users)
Make sure that Everyone has been added in the user list
Make sure all Allow options are checked
Check also the box "Allow inheritable permissions from parent to propagate to this object" if unchecked
Press Ok

It's a common misunderstanding that "resetting" permissions will remove encryption, it wont.
NTFS ACL's != EFS

computer · May 10, 2004

Originally posted by: EngenZerO
hmmmm, this is why you should have a dedicated back up harddrive for just your work that would never be formatted.

good luck...

but in all honesty... your sol...

That's exactly what I did! I have a Maxtor 80gb/ATA133/8mb I use for storage backup and that's to where I copied My Documents, but since it was encrypted, it's a good as not copying it at all! As far as the bad CDR media, I did start putting that also on the storage drive after that happened. So now, I use CD media plus a HD. But, again it's all useless if you encrypt your data!!!

computer · May 10, 2004

Originally posted by: rade
Try this as Administrator:

Mark and right-click the file(s)
Enter the file Properties
Go to the Security tab
Press Add...
Double-click (or mark and confirm) user group Everyone (or Authenticated Users)
Make sure that Everyone has been added in the user list
Make sure all Allow options are checked
Check also the box "Allow inheritable permissions from parent to propagate to this object" if unchecked
Press Ok

"Everyone" is already there and that didn't do anything. Still can't open them. :disgust:

computer · May 10, 2004

Originally posted by: n0cmonkey
Wrong forum.

Restore your encryption key from the old machine onto the new machine and you should get the files back.

It would have helped if you would have mentioned the correct forum.

computer · May 10, 2004

Originally posted by: computer

Originally posted by: rade
Try this as Administrator:

Mark and right-click the file(s)
Enter the file Properties
Go to the Security tab
Press Add...
Double-click (or mark and confirm) user group Everyone (or Authenticated Users)
Make sure that Everyone has been added in the user list
Make sure all Allow options are checked
Check also the box "Allow inheritable permissions from parent to propagate to this object" if unchecked
Press Ok

Click to expand...

"Everyone" is already there and that didn't do anything. Still can't open them. :disgust:

I dug around in this area some more, and it seems the original encryption key is STILL there within each of the files. I clicked to 'add' another user for access, and my OLD XP username from the other HD is there! It has the "certificate thumbprint" from the old HD now listed and the numerical string. But when I "ok" out of it, it says "error in adding new user...Error code 5". So, the decryption appears to still be there, it's just a matter of getting this thumbprint to stay there. I wonder if that thumbprint # can somehow be added into the registry. ??

computer · May 10, 2004

Originally posted by: boran
this forum thread isnt there for no reason eh, NTFS encryption is very strong, and unbeatable from any normal person's Point of view, if you cannot get access to your previous install all your files are permanently gone. sorry to say so, but if you have 1430 post you SHOULD have seen that post, it is stickied to the top, unless you never come to the OS forum there is no excuse for not knowing that. I feel sorry for you, but there is nothing else that I or anyone can do to recover your files.

Now, why should I have seen that post just because I have ~1430 posts????? Is it the job of every member with over a certain number of posts to read the million posts at ALL of this forum's threads?? I don't live at this forum, I have a business to run 16 hours a day7 days a week. The bulk of my posts are on the P4C800 thread. Right, I've never even seen the OS forum until you mentioned it.

computer · May 10, 2004

Originally posted by: boran
this forum thread isnt there for no reason eh, NTFS encryption is very strong, and unbeatable from any normal person's Point of view, if you cannot get access to your previous install all your files are permanently gone. sorry to say so, but if you have 1430 post you SHOULD have seen that post, it is stickied to the top, unless you never come to the OS forum there is no excuse for not knowing that. I feel sorry for you, but there is nothing else that I or anyone can do to recover your files.

I just read this at that thread: "If you backup your Private Key (or perform a backup of your system state), then you can still get access to your files the next time you forget to decrypt them before formatting/reinstalling." I DID run the XP "Files and settings transfer wizard" during the backup. So, is that decryption key within it somewhere?

crsgardner · May 10, 2004

It's gone. Flat out gone.

The minute you create a new system the encryption keys are reset and aligned with the system's new GUID. I made the mistake myself of reformatting a drive once before unencrypting all the files. If you transfer the file to another drive encrypted, and the account that created the file is erased or the recovery key is removed, it's all but gone. Another poster was right: NTFS encryption is extremely secure.

The only other solution, which I somehow doubt applies in your situation, would be if your computer was part of a domain. In that case, the domain administrator has its own recovery key that can be used to decrypt files (it's useful if someone leaves a company). If you're very technical, you might have a Windows 2000 or 2003 server in your basement (like me

). Otherwise, chances are you're not part of a domain, and therefore can not use this solution.

drag · May 10, 2004

You files are pretty much toast. The point of encryption is to make it impossible to recover the files unless you have access to the special keys.

If your "enemy" has your files they will be junk to him so your information will remain safe, no matter what steps or programs or hacks he tries to run on the files.

Generally you have 2 keys, a public key and a private (also called a master) key. The public key is there always, it's aviable to everybody even to "enemies" have direct access to your files. Then you need to have the pivate key to combine with the public one to perform the decryption.

It's kinda like those old pirate movies, were you have a treasure map that's been divided in half. Even if you figure out the secret language that the pirates used and have half the map it will still be useless untill you figure out a way to get your hands on the other half of the map. Once that happens then it's easy to make sense of it.

However nothing is perfect. All keys can eventually be brute forced, that is you have a computer that is so freaking powerfull that it will simply run thru all possible keys until it stumbles on the correct one. Unfortunatly something like that on a PC can take a few millenia to finish.

Maybe somebody figured out how to break the encryption effectively. But I doubt it.

you could try something like this. but I don't think they are being completely honest about it's capabilities (or at least they are not telling the whole truth). But the 30 day trial may be worth at least a try. I don't have Windows (at this time) so I can't test if for myself.

here is a article talking about EFS and how it works

computer · May 10, 2004

Originally posted by: drag
You files are pretty much toast. The point of encryption is to make it impossible to recover the files unless you have access to the special keys.

If your "enemy" has your files they will be junk to him so your information will remain safe, no matter what steps or programs or hacks he tries to run on the files.

Generally you have 2 keys, a public key and a private (also called a master) key. The public key is there always, it's aviable to everybody even to "enemies" have direct access to your files. Then you need to have the pivate key to combine with the public one to perform the decryption.

It's kinda like those old pirate movies, were you have a treasure map that's been divided in half. Even if you figure out the secret language that the pirates used and have half the map it will still be useless untill you figure out a way to get your hands on the other half of the map. Once that happens then it's easy to make sense of it.

However nothing is perfect. All keys can eventually be brute forced, that is you have a computer that is so freaking powerfull that it will simply run thru all possible keys until it stumbles on the correct one. Unfortunatly something like that on a PC can take a few millenia to finish.

Maybe somebody figured out how to break the encryption effectively. But I doubt it.

you could try something like this. but I don't think they are being completely honest about it's capabilities (or at least they are not telling the whole truth). But the 30 day trial may be worth at least a try. I don't have Windows (at this time) so I can't test if for myself.

here is a article talking about EFS and how it works

Yep, AEFS program is bogus. Their website is obviously lying. I tried it, and it says "no encryption keys can be found" which totally disproves their statement. So, I'm really sure of the point of that software.

Xeese · May 10, 2004

The problem with EFS in terms of actual protection is that it relies on the user logged on to the box. So even if you encrypt all your files, all that needs to happen is for an admin to reset the pwd to your account and log on as you to get to the data. A few alternate methods exist to get admin on the box - (linux boot disk, etc). However in th OPs situation they aren't relevant. Information just thrown out for anyone in the thread considering EFS for security. PGPDisk or Steganos drive encryption are better choices with PGP being preferred.

As to getting the original key back - if the OP had the system with the original drive downed when realizing it had the key, that is the best chance. Talk with some drive recovery companies and/or forensics companies. They might be able to pull info from the drive with their tools. Not a cheap way to do it, but the best chance.

Alternately, you can try to brute force the key. While it is true that all permutations will take a huge amount of time to try, it is possible to hit the key on the first permutation. Admittedly, it isn't probable but if you have CPU cycles available it is a possibility.

As for rebuilding information - check your sent mail items and instant messenger logs for anything you may have in there.

computer · May 10, 2004

Originally posted by: Xeese
The problem with EFS in terms of actual protection is that it relies on the user logged on to the box. So even if you encrypt all your files, all that needs to happen is for an admin to reset the pwd to your account and log on as you to get to the data. A few alternate methods exist to get admin on the box - (linux boot disk, etc). However in th OPs situation they aren't relevant. Information just thrown out for anyone in the thread considering EFS for security. PGPDisk or Steganos drive encryption are better choices with PGP being preferred.

As to getting the original key back - if the OP had the system with the original drive downed when realizing it had the key, that is the best chance. Talk with some drive recovery companies and/or forensics companies. They might be able to pull info from the drive with their tools. Not a cheap way to do it, but the best chance.

Alternately, you can try to brute force the key. While it is true that all permutations will take a huge amount of time to try, it is possible to hit the key on the first permutation. Admittedly, it isn't probable but if you have CPU cycles available it is a possibility.

As for rebuilding information - check your sent mail items and instant messenger logs for anything you may have in there.

I never use IM, so neither it nor my Sent email folder is going to have any of the encrypted data in them. I use Express Assist for OE backup, that's no problem. I can restore OE to the exact state.

No passwords were ever involved. I never use them for XP, I just hit the case's power button and it goes right to the desktop like '98 did. I also don't use passwords within Windows. I mentioned above I have the "Thumbprint certificate" number for the encrypted files if that would help.
......I dug around in this area some more, and it seems the original encryption key is STILL there within each of the files. I clicked to 'add' another user for access, and my OLD XP username from the other HD is there! It has the "certificate thumbprint" from the old HD now listed and the numberical string. But when I "ok" out of it, it says "error in adding new user...Error code 5". So, the decryption appears to still be there, it's just a matter of getting this thumbprint to stay there. I wonder if that thumbprint # can somehow be added into the registry. ??

Thoreau · May 10, 2004

Dare i ask why you bothered to encrypt files if you didnt even have the account password protected?

Cannot decrypt my backed up encrypted files

Platinum Member

Elite Member

Platinum Member

Administrator Emeritus<br>Elite Member<br>AT FAQ M

Platinum Member

Elite Member

Golden Member

Platinum Member

Diamond Member

Golden Member

Junior Member

Golden Member

Elite Member

Platinum Member

Platinum Member

Platinum Member

Platinum Member

Platinum Member

Platinum Member

Senior member

Elite Member

Platinum Member

Member

Platinum Member

Golden Member