Solved

Decrypting file encrypted in Explorer

Posted on 2007-11-27
6
1,888 Views
Last Modified: 2008-03-17
Issue:  File encrypted in Explorer with the RightClick/Properties/Advanced/Encrypt thing.  File is on Seagate external HD.  Then Windows is reinstalled on PC.  Now can't decrypt file.  Anything that can be done or are we toast?

Thanks, Ron Hicks
0
Comment
Question by:Ronald Hicks
  • 3
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
dworlton earned 250 total points
ID: 20358208
Unless you are on a domain and created a recovery agent prior to encryption, then you are most likely toast. EFS is not meant to be recovered without the original encrypting users certificates which are stored on the local hard drive. The recovery agent is the only other way to be able to restore something encrypted with EFS.

Here is a link for info about decrypting EFS without the encrypting certificate (notice recovery agent needed):
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx?mfr=true
 
And here is a link explaining how to set up recovery agents:
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx?mfr=true
0
 

Author Comment

by:Ronald Hicks
ID: 20362680
I read in a 2004 thread the suggestion that OpenOffice might be able to open such an encrypted file.  Got any information or an opinion on that?  Maybe it worked once upon a time but EFS has been tightened since then.  --ron
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 250 total points
ID: 20506507
Openoffice might be able to bypass a word password by some means but not the EFS encryption.

But that encryption goes a bit deeper. So yes toast.

You might be able to use some recovery software like oo-software unerease, maybe there is something left of the original unencrypted file, since windows, afaik, doesn't overwrite the old unencrypted file just masks it as deleted.

the free trial version is able to identify possible leftovers on the hard disk:
http://www.oo-software.com/home/en/products/oounerase/

O&O UnErase 4 makes the restoration of deleted data as easy as "a walk in the park". With the help of a new and one-of-a-kind algorithm, more files can be restored than ever before.
Within a matter of seconds, O&O UnErase 4 finds your deleted files and restores them with just the click of a button. The original filename and directory structure are also restored as if nothing had been deleted in the first place.

Tolomir

0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:Ronald Hicks
ID: 20511159
Still subject the ravages of time as sectors are released and overwritten though I suppose.  It's been over a month now, so i wouldn't expect to find many intact file fragments.  It is very useful to know how EFS works; that it marks the original file as deleted and encrypts a copy.  Very useful indeed.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 20511935
you can test for yourself. take a 500 mb big file (like an iso image) and let windows encrypt that file. you will see that a tmp file will appear and after the conversion is finished the tmp file disappears with the original file and a "new" (the renamed tmp file) in blue appears (if you let windows mark all compressed fkiles with blue, windows explorer setting)

Here are some more details: http://en.wikipedia.org/wiki/Encrypting_File_System

Btw. if you need an encryption you should go with truecrypt: www.truecrypt.org

That is plattform independent, doesn't care about the users password as with efs and it's free opensource:

# Creates a virtual encrypted disk within a file and mounts it as a real disk.
# Encrypts an entire hard disk partition or a storage device such as USB flash drive.
# Encryption is automatic, real-time (on-the-fly) and transparent.
# Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:

1) Hidden volume (steganography  more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).

# Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: LRW.

Tolomir
0
 

Author Comment

by:Ronald Hicks
ID: 20512488
Very useful addition to this thread.  Thank you.  I wish I could give points.  Others will thank you too I'm sure.  --ron
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question