Recover Encrypted Files....

Toggle sidebar Toggle sidebar
F

foodfightr

Golden Member
Sep 19, 2004
1,563
0
76
I have the previous administrator password, but I can't get the encryption off of this files. (Windows XP Encryption.)

Dont have the old computer anymore... grr!
 
B

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Originally posted by: foodfightr
I have the previous administrator password, but I can't get the encryption off of this files. (Windows XP Encryption.)

Dont have the old computer anymore... grr!
Click to expand...

Unless you have access to the old pc or you made backup of the encryption keys, those files are gone (sorry, I know it can be frustrating as it seems like 'they are right here')...

Bill
 
RebateMonger

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
Yup. They are gone. Unless you have a System State backup or drive image of the old computer.

Before using EFS Encryption, be sure to read about how it works and how to prepare for recovery of the data in case of disaster. Microsoft has a nice paper discussing this.
 
MrChad

MrChad

Lifer
Aug 22, 2001
13,507
3
81
Originally posted by: deathkoba
Use data recovery software. It should work.
Click to expand...

Sure, it'll recover garbage encrypted data.

Without the key encrypted files are meaningless. That's the whole idea behind encryption.
 
S

stash

Diamond Member
Jun 22, 2000
5,468
0
0
EFS is a hybrid encryption scheme, in that it uses both symmetric and asymmetric algorithms. The bulk encryption of the data is done by a symmetric 256-bit AES key, as MrChad noted. The symmetric key is then encrypted using an asymmetric keypair. This keypair is then protected with a master key, which is protected with your password.

So if you have the profile that was used to encrypt the files, and you know the password to that profile, you can restore the data. Otherwise, you would've need to export the key beforehand, and/or designated a recovery agent.
 
M

Mark R

Diamond Member
Oct 9, 1999
8,513
16
81
Originally posted by: xtknight
If the encryption doesn't use [only] the password, what [else] does it use?
Click to expand...

It uses a certificate that is created during the installation of windows (using random numbers generated during the installation).

This is then combined with the user's password to provide the key used to decrypt the files.

Unless you made a backup copy of the certificate, your data is gone.

[There's another situation where you can get locked out of encrypted files: if JohnDoe has some encrypted files on his account, and the administrator changes JohnDoe's password using his administrator privilege. The account won't be able to access the encrypted files, because an administative password change won't update the certificate to work with the new password].
 
F

foodfightr

Golden Member
Sep 19, 2004
1,563
0
76
Blah, I was hoping I didn't have to do this....

I have an image made by acronis of the previous system. I use a little trick when applying images made on one computer and installed on another. When you boot (and it crashes) you can just boot the regular windows cd and have it recover windows- presto!

Is there a certain file I can extract from the image isntead of going through the hassle of doing my method listed above?
 
B

BriGy86

Diamond Member
Sep 10, 2004
4,537
1
91
from what i know the file gets incrypted using your password hash, perhaps if you change your password and name on your computer to what your old password and name was it may make them accessable (most likely not though, but it wont hurt to try)
 
MrChad

MrChad

Lifer
Aug 22, 2001
13,507
3
81
Originally posted by: BriGy86
from what i know the file gets incrypted using your password hash, perhaps if you change your password and name on your computer to what your old password and name was it may make them accessable (most likely not though, but it wont hurt to try)
Click to expand...

The password just protects the encryption key pair; it has nothing to do with the encryption algorithm itself.
 
S

stash

Diamond Member
Jun 22, 2000
5,468
0
0
It uses a certificate that is created during the installation of windows (using random numbers generated during the installation).

This is then combined with the user's password to provide the key used to decrypt the files.
Click to expand...
Not exactly.

The actual EFS cert is created when you first encrypt a file. The user's master key which protects that keypair is generated when the user profile is crated. The password protects the master key, which protects the asymmetric keypair, which protects the symmetric AES key.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom