Solved

Decrypting file encrypted in Explorer

Posted on 2007-11-27
6
1,898 Views
Last Modified: 2008-03-17
Issue:  File encrypted in Explorer with the RightClick/Properties/Advanced/Encrypt thing.  File is on Seagate external HD.  Then Windows is reinstalled on PC.  Now can't decrypt file.  Anything that can be done or are we toast?

Thanks, Ron Hicks
0
Comment
Question by:Ronald Hicks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
dworlton earned 250 total points
ID: 20358208
Unless you are on a domain and created a recovery agent prior to encryption, then you are most likely toast. EFS is not meant to be recovered without the original encrypting users certificates which are stored on the local hard drive. The recovery agent is the only other way to be able to restore something encrypted with EFS.

Here is a link for info about decrypting EFS without the encrypting certificate (notice recovery agent needed):
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx?mfr=true
 
And here is a link explaining how to set up recovery agents:
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx?mfr=true
0
 

Author Comment

by:Ronald Hicks
ID: 20362680
I read in a 2004 thread the suggestion that OpenOffice might be able to open such an encrypted file.  Got any information or an opinion on that?  Maybe it worked once upon a time but EFS has been tightened since then.  --ron
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 250 total points
ID: 20506507
Openoffice might be able to bypass a word password by some means but not the EFS encryption.

But that encryption goes a bit deeper. So yes toast.

You might be able to use some recovery software like oo-software unerease, maybe there is something left of the original unencrypted file, since windows, afaik, doesn't overwrite the old unencrypted file just masks it as deleted.

the free trial version is able to identify possible leftovers on the hard disk:
http://www.oo-software.com/home/en/products/oounerase/

O&O UnErase 4 makes the restoration of deleted data as easy as "a walk in the park". With the help of a new and one-of-a-kind algorithm, more files can be restored than ever before.
Within a matter of seconds, O&O UnErase 4 finds your deleted files and restores them with just the click of a button. The original filename and directory structure are also restored as if nothing had been deleted in the first place.

Tolomir

0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:Ronald Hicks
ID: 20511159
Still subject the ravages of time as sectors are released and overwritten though I suppose.  It's been over a month now, so i wouldn't expect to find many intact file fragments.  It is very useful to know how EFS works; that it marks the original file as deleted and encrypts a copy.  Very useful indeed.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 20511935
you can test for yourself. take a 500 mb big file (like an iso image) and let windows encrypt that file. you will see that a tmp file will appear and after the conversion is finished the tmp file disappears with the original file and a "new" (the renamed tmp file) in blue appears (if you let windows mark all compressed fkiles with blue, windows explorer setting)

Here are some more details: http://en.wikipedia.org/wiki/Encrypting_File_System

Btw. if you need an encryption you should go with truecrypt: www.truecrypt.org

That is plattform independent, doesn't care about the users password as with efs and it's free opensource:

# Creates a virtual encrypted disk within a file and mounts it as a real disk.
# Encrypts an entire hard disk partition or a storage device such as USB flash drive.
# Encryption is automatic, real-time (on-the-fly) and transparent.
# Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:

1) Hidden volume (steganography  more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).

# Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: LRW.

Tolomir
0
 

Author Comment

by:Ronald Hicks
ID: 20512488
Very useful addition to this thread.  Thank you.  I wish I could give points.  Others will thank you too I'm sure.  --ron
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month5 days, 19 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question