Problem with EFS Encryption / Decryption but I have the certificate
I exported the certificates in which the thumbprint matches all the encrypted files.However during some troubleshooting, a colleague tampered with certificates on my box and severed access permissions to my files. I exported my certificates that was used for EFS and rebuilt the Vista 64-bit box.I installed the certificates (backup.cer) to the "Personal" store and the "Trust People"The thumbprint of the certificate that was exported is c77128ea9635631d17f3d0f464644e8ca5db6c18The thumbprint of the ceritificate that was used during encryption for the files matches to c77128ea9635631d17f3d0f464644e8ca5db6c18When i reboot and type in "cipher /y", the thumbprint does not match the certificate installed.Please help as the files encrypted are business critical data that needs to be restored. I have attempted to install and remove the ceritificates to no success.
March 16th, 2010 1:47am

I have restored my machine. My thumbprint of the machine is the same of the certificate thumbprint and the thumbprint that the file needs. Under C:\users\(username)\appdata\roaming\microsoft\crypto\rsa(SID ID), the SID ID matches the one with the certificate that it was originally made with. In that folder is one private key. Under C:\users\(username)\appdata\roaming\microsoft\protect\(SID ID), there is one file called BK-CHANDLER that was made around the same time as the private key. Under C:\users\(username)\appdata\roaming\microsoft\systemcertificates\my\certificates\ the thumbprint of the certificate file is in this directory. Yes I cannot still decrypt my files or read them. I can rename them, but cannot read or decrypt. I have tried reencrypting, but it creates a new private key/pub key/certificate for some reason. Please assist ASAP.
Free Windows Admin Tool Kit Click here and download it now
March 16th, 2010 8:18pm

Well it looks like Microsoft was unable to help me resolve this issue. I had nothing from technet, but I guess I didnt expect anything of it. As well as the expensive MSDN service was unable to resolve or even fathom the problem or the complexity of it despite being escalated 4 levels. The issue resolve by myself as I had the correct keys still left on the hard drive and the knowledge of the full username and password that was used to encrypt the files. Needless to say, Microsoft failed big time and Linux/Unix FTMFW.
March 17th, 2010 8:01pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics