Improve company productivity with a Business Account.Sign Up

x
?
Solved

Decrypting file encrypted in Explorer

Posted on 2007-11-27
6
Medium Priority
?
1,929 Views
Last Modified: 2008-03-17
Issue:  File encrypted in Explorer with the RightClick/Properties/Advanced/Encrypt thing.  File is on Seagate external HD.  Then Windows is reinstalled on PC.  Now can't decrypt file.  Anything that can be done or are we toast?

Thanks, Ron Hicks
0
Comment
Question by:Ronald Hicks
  • 3
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
dworlton earned 1000 total points
ID: 20358208
Unless you are on a domain and created a recovery agent prior to encryption, then you are most likely toast. EFS is not meant to be recovered without the original encrypting users certificates which are stored on the local hard drive. The recovery agent is the only other way to be able to restore something encrypted with EFS.

Here is a link for info about decrypting EFS without the encrypting certificate (notice recovery agent needed):
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx?mfr=true
 
And here is a link explaining how to set up recovery agents:
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx?mfr=true
0
 

Author Comment

by:Ronald Hicks
ID: 20362680
I read in a 2004 thread the suggestion that OpenOffice might be able to open such an encrypted file.  Got any information or an opinion on that?  Maybe it worked once upon a time but EFS has been tightened since then.  --ron
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 1000 total points
ID: 20506507
Openoffice might be able to bypass a word password by some means but not the EFS encryption.

But that encryption goes a bit deeper. So yes toast.

You might be able to use some recovery software like oo-software unerease, maybe there is something left of the original unencrypted file, since windows, afaik, doesn't overwrite the old unencrypted file just masks it as deleted.

the free trial version is able to identify possible leftovers on the hard disk:
http://www.oo-software.com/home/en/products/oounerase/

O&O UnErase 4 makes the restoration of deleted data as easy as "a walk in the park". With the help of a new and one-of-a-kind algorithm, more files can be restored than ever before.
Within a matter of seconds, O&O UnErase 4 finds your deleted files and restores them with just the click of a button. The original filename and directory structure are also restored as if nothing had been deleted in the first place.

Tolomir

0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 

Author Comment

by:Ronald Hicks
ID: 20511159
Still subject the ravages of time as sectors are released and overwritten though I suppose.  It's been over a month now, so i wouldn't expect to find many intact file fragments.  It is very useful to know how EFS works; that it marks the original file as deleted and encrypts a copy.  Very useful indeed.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 20511935
you can test for yourself. take a 500 mb big file (like an iso image) and let windows encrypt that file. you will see that a tmp file will appear and after the conversion is finished the tmp file disappears with the original file and a "new" (the renamed tmp file) in blue appears (if you let windows mark all compressed fkiles with blue, windows explorer setting)

Here are some more details: http://en.wikipedia.org/wiki/Encrypting_File_System

Btw. if you need an encryption you should go with truecrypt: www.truecrypt.org

That is plattform independent, doesn't care about the users password as with efs and it's free opensource:

# Creates a virtual encrypted disk within a file and mounts it as a real disk.
# Encrypts an entire hard disk partition or a storage device such as USB flash drive.
# Encryption is automatic, real-time (on-the-fly) and transparent.
# Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:

1) Hidden volume (steganography  more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).

# Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: LRW.

Tolomir
0
 

Author Comment

by:Ronald Hicks
ID: 20512488
Very useful addition to this thread.  Thank you.  I wish I could give points.  Others will thank you too I'm sure.  --ron
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
It has been a full year since one of the worst ransomware attacks we have seen, the Wannacry attack last year. The attacks have changed.  The way we are addressing them has also changed, but maybe not enough.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question