Hi, I have a problem similar to others that have been asked here regarding EFS decryption.
Some time ago I was using a laptop with Windows XP Professional SP2 that I used to encrypt some files using Windows' EFS system (Right click/Properties/Advanced/
Encrypt contents to secure data). That laptop I was using well and truly screwed up, but I was able to access my hard drive via a program called Winternals and copy all of my files to a CD.. this means I did not backup any Certificates or Recovery Agents or anything, I simply copy & pasted the files to a different location.
Now I am using a completely computer and I sold the old laptop. Now my problem is that I want to decrypt some files that I had previously encrypted on the older machine using Windows XP's EFS. Now that I have the files on my current machine, they appear to be just simple files to the computer, that is they are not regarded as encrypted and thus aren't coloured in green. But when I try to open them they are still encrypted.
The files are .jpg image files and when they are opened don't preview and aren't recognised by the applications but they are still regarded as .jpg files in windows explorer (i.e. they still have .jpg extension and have the .jpg file icon).
I have done a lot of research on this and can't come up with any results.
- I've tried AEFSR from elcomsoft but that doesn't work as it tries to search my computer for keys of which don't exist.
- I can't use data recovery although I have tried, since this machine has never had the original decrypted files and hence weren't deleted from this hard disk when encrypted by EFS. I also don't have the old machine that did encrypt the files.
contains and interesting article that I have tried my best to follow but find a lot of the instructions unclear.
- Apparently Microsoft have developed reccerts.exe and can send it to me for a fixed £40 charge (for contacting their support professionals). I'm not sure whether this would fix my problem so I'm unwilling to waste £40 on this unless I know for sure its gonna' work.
As a quick introduction to decrypting in EFS apprently it is done by:
- Taking either: private key of user or recovery agent
- Using this to decrypt the FEK (File encryption key) stored inside the encrypted file via RSA algorithm
- Using this FEK in turn to decrypt the file using either one of the following algorithms: DES, AES, DESX, Triple-DES. (I'm pretty sure that DES was used when encrypting my files as it tend to be default according to my registry on my current machine)
I'm out of ideas now, which is why I'm asking you guys for help.
Thanks in advance, Jonathon.