Solved

Decrypting file encrypted in Explorer

Posted on 2007-11-27
6
1,881 Views
Last Modified: 2008-03-17
Issue:  File encrypted in Explorer with the RightClick/Properties/Advanced/Encrypt thing.  File is on Seagate external HD.  Then Windows is reinstalled on PC.  Now can't decrypt file.  Anything that can be done or are we toast?

Thanks, Ron Hicks
0
Comment
Question by:Ronald Hicks
  • 3
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
dworlton earned 250 total points
ID: 20358208
Unless you are on a domain and created a recovery agent prior to encryption, then you are most likely toast. EFS is not meant to be recovered without the original encrypting users certificates which are stored on the local hard drive. The recovery agent is the only other way to be able to restore something encrypted with EFS.

Here is a link for info about decrypting EFS without the encrypting certificate (notice recovery agent needed):
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx?mfr=true
 
And here is a link explaining how to set up recovery agents:
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx?mfr=true
0
 

Author Comment

by:Ronald Hicks
ID: 20362680
I read in a 2004 thread the suggestion that OpenOffice might be able to open such an encrypted file.  Got any information or an opinion on that?  Maybe it worked once upon a time but EFS has been tightened since then.  --ron
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 250 total points
ID: 20506507
Openoffice might be able to bypass a word password by some means but not the EFS encryption.

But that encryption goes a bit deeper. So yes toast.

You might be able to use some recovery software like oo-software unerease, maybe there is something left of the original unencrypted file, since windows, afaik, doesn't overwrite the old unencrypted file just masks it as deleted.

the free trial version is able to identify possible leftovers on the hard disk:
http://www.oo-software.com/home/en/products/oounerase/

O&O UnErase 4 makes the restoration of deleted data as easy as "a walk in the park". With the help of a new and one-of-a-kind algorithm, more files can be restored than ever before.
Within a matter of seconds, O&O UnErase 4 finds your deleted files and restores them with just the click of a button. The original filename and directory structure are also restored as if nothing had been deleted in the first place.

Tolomir

0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:Ronald Hicks
ID: 20511159
Still subject the ravages of time as sectors are released and overwritten though I suppose.  It's been over a month now, so i wouldn't expect to find many intact file fragments.  It is very useful to know how EFS works; that it marks the original file as deleted and encrypts a copy.  Very useful indeed.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 20511935
you can test for yourself. take a 500 mb big file (like an iso image) and let windows encrypt that file. you will see that a tmp file will appear and after the conversion is finished the tmp file disappears with the original file and a "new" (the renamed tmp file) in blue appears (if you let windows mark all compressed fkiles with blue, windows explorer setting)

Here are some more details: http://en.wikipedia.org/wiki/Encrypting_File_System

Btw. if you need an encryption you should go with truecrypt: www.truecrypt.org

That is plattform independent, doesn't care about the users password as with efs and it's free opensource:

# Creates a virtual encrypted disk within a file and mounts it as a real disk.
# Encrypts an entire hard disk partition or a storage device such as USB flash drive.
# Encryption is automatic, real-time (on-the-fly) and transparent.
# Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:

1) Hidden volume (steganography  more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).

# Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: LRW.

Tolomir
0
 

Author Comment

by:Ronald Hicks
ID: 20512488
Very useful addition to this thread.  Thank you.  I wish I could give points.  Others will thank you too I'm sure.  --ron
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now