• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Window's EFS (Encrypted File System) Problem

F

foodfightr

Golden Member
I have .cer and .pfx files that I've exported and imported every way possible but I can't open files encrypted on my secondary computer no matter what I try!
 
Go here and download EFSInfo.

Then run efsinfo "path_to_encrypted_file" /r to view the recovery info. It should print out a thumbprint of the recovery cert that is on the FEK for that file. Check your .cer file to see if the thumbprint matches (details tab).

If it does, it should work. If it doesn't you are SOL unless you can find either the recovery key whose thumbprint is on the file or the actual encryption key that was used on that file.
 
Use efsinfo "path_to_encrypted_file" /c to show the thumbnail info for the actual encryption cert, in case you didn't create a recovery cert (doesn't sound like you did).
 
Well I still have both PCs, I'm just trying to access my other PCs encrypted files. I'll play around with that app and post soon.
 
So on my secondary PC... I've encrypted a file and exported both a .cer and .pfx file. I shared the ecrypted file.

On my main PC I imported the .pfx file and I attempted to access the shared encrypted file with no luck.


What am I missing? I've spent so many hours reading tutorials and trying things... All I'd like to do is encrypt files that I can access on any PC that I setup with the proper decryption key.
 
If all you want to do is access an encrypted file over the network, you don't need to load the key on the second computer. Think about it: this is a file system encryption system. Of of the operations are done at the first computer, even when you access it from the second. If you wanted to copy or move the file from the original machine to the second and keep it encrypted, you would need the key on the second machine.

However, I don't think it will work anyway because you are (I assume) in a workgroup environment. To access an encrypted file over the network, you need to trust the computer that holds the files and key for delegation. This means that you authorize the computer to impersonate the user when encrypting/decrypting. This can only be done in a domain environment, because it requires Kerberos.

Secondly, accessing encrypted data (EFS encrypted data anyway) potentially defeats the purpose of encrypting the files in the first place. This is because again, this is a file system based encryption system. The file will be decrypted on the computer's file system, and sent over the network in the clear.
 
I'm only trying to access it over the network for testing purposes.

I'd like to make sure my key works to transparently access files.

Follow me on this for example:
I encrypt a bunch of files on my hard drive.
I install the hard drive on a new computer.
I want to access the files.

I can't get the file access part to work! I encrypted some files, pulled the HD out and put it in my computer. I'm now trying to get the .pfx or the .cer to work so I can now acess the files.

I've exported the .pfx and the .cer about fifty million different ways and I've installed them just as many ways, but I can't get access to the files.

All I want to do is perform a file recovery... encrypt on one computer decrypt on another. I've tried everything.
 
I'm only trying to access it over the network for testing purposes.
Click to expand...
This will not work, and isn't a valid test of what you're actually trying to do.

I can't get the file access part to work! I encrypted some files, pulled the HD out and put it in my computer. I'm now trying to get the .pfx or the .cer to work so I can now acess the files.

I've exported the .pfx and the .cer about fifty million different ways and I've installed them just as many ways, but I can't get access to the files.
Click to expand...
Again, you really need to use the EFSINFO tool to make sure you have the right cert that was used to encrypt the files. That's the only reason why what you are trying would not work. If you have the private key whose thumbprint is on the encrypted files, it will work fine.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top