I bought a new HDD so I copied some files (tax return, quicken backups, etc) from the old drive onto a CD before I formatted. Now the problem is these files were encrypted on the old XP install. I attempted to retrieve these files from the new XP install...and found out that I forgot to decrypt them! Does anyone know of a way to decrypt files from a different install of XP?

Methinks you're in trouble. I would think that the encryption key that XP uses is install-specific. That would be the whole point, anyways, so you can't just plug the hard drive itno any computer and suddenly they aren't encrypted anymore. There probably is a way to go around it, but I don't know how to.

Originally posted by UberSwank
I bought a new HDD so I copied some files (tax return, quicken backups, etc) from the old drive onto a CD before I formatted. Now the problem is these files were encrypted on the old XP install. I attempted to retrieve these files from the new XP install...and found out that I forgot to decrypt them! Does anyone know of a way to decrypt files from a different install of XP?

Yeah, you can't. You can edit ownership properties and whatnot all you want non of it works. You acutally have to either A) Save certain keys or certificates and copy them over with your new install or B)unencrypt the files before reformatting.

Firstly, did you use the actual File Encryption in XP (EFS) or did you just set special permissions on them? If its a simple permissions problem it can be fixed. What error message are you getting when you try to access the files?

However, if the files where actually encrypted with the EFS (Encrypting File System) feature they are not receoverable without the EFS certificates that contain your personal key that was used to originally encrypt the files.

When you use EFS you should ALWAYS keep a backup copy of the EFS certs. Methods to do this can be found in the Windows Help file.

I'll say it once again, without the EFS certificate containing your personal key, the files are gone, they cannot be decrypted. Might as well delete them and move on.

Originally posted by stevewm


When you use EFS you should ALWAYS keep a backup copy of the EFS certs. Methods to do this can be found in the Windows Help file.

I'll say it once again, without the EFS certificate containing your personal key, the files are gone, they cannot be decrypted. Might as well delete them and move on.

Seconded. YOu konw when you set up EFS it tells you to back up your certificate NOW, and gives you the option to? And you just clicked "next" (from the sounds of it since you don't have a backup of the cert)? Well, next time you wont do that, will you, and you will back up your cert.

Encryption in EFS in XP is very high grade.

File Encryption (EFS), Compression, and NTFS permissions are only supported on NTFS volumes. If you copy an encrypted file to a non-NTFS partition it will be decrypted. When your CD-burner program read the file, it should have gotten the decrypted version of it since EFS encryption is transparent...

weird....

[edit]
Actually, now that I think about this, if you CD-burning program runs under it's own logon credentials, or under local system account (to allow non-administrators to burn CDs), EFS would not decrypt the file for it, since it wouldn't have the keys, and I guess it would just dump the encrypted file onto the CD....

If that's the case, you might as well forget about ever decrypting those files.

Before I get flamed for this: The chances the below information will work is probably very slim but you may get lucky

All encryption algorithms can be cracked using a brute force attack.

I don't know what the cipher strength is for it but . . . if you do some looking I will bet my life's savings that someone has already wrote a program to create certificates.

Again. The chances you will get the correct certificate generated by your computer is probably pretty darn slim and if you do it may take 10+ years to get it.

This information was simply put out there for your knowledge and what you do with it is your option.

Originally posted by axdx
File Encryption (EFS), Compression, and NTFS permissions are only supported on NTFS volumes. If you copy an encrypted file to a non-NTFS partition it will be decrypted. When your CD-burner program read the file, it should have gotten the decrypted version of it since EFS encryption is transparent...

weird....

[edit]
Actually, now that I think about this, if you CD-burning program runs under it's own logon credentials, or under local system account (to allow non-administrators to burn CDs), EFS would not decrypt the file for it, since it wouldn't have the keys, and I guess it would just dump the encrypted file onto the CD....

If that's the case, you might as well forget about ever decrypting those files.


If you do not have the EFS certs on your system, copying a EFS encrypted file to a non-NTFS volume will leave the file in its encrypted state. (i.e. garbage :)

FrothByte: The encryption used in EFS is extremely strong. It uses AES 256-bit. To date is has not been broken, nor has any similar algorithm.

Tough break guy :/

Originally posted by stevewm
If you do not have the EFS certs on your system, copying a EFS encrypted file to a non-NTFS volume will leave the file in its encrypted state. (i.e. garbage :)

FrothByte: The encryption used in EFS is extremely strong. It uses AES 256-bit. To date is has not been broken, nor has any similar algorithm.

So if I encrypt "My Shared Folder" and the RIAA downloads the files for varification, they don't work?

then other people don't get to use your files

=(

Originally posted by Phantum
So if I encrypt "My Shared Folder" and the RIAA downloads the files for varification, they don't work?

Define "downloads".

Through kazaa/etc? They'll show up fine, b/c kazaa is running AS YOU, so when it sends the file, it's unencrypted.

Through windows file sharing/mounting your HD/etc? They'll be encrypted, unless they manage to log in as your user.

Why would they unencrypt? If someone was downloading them from me?

Originally posted by Phantum
Why would they unencrypt? If someone was downloading them from me?



Encrpytion/Decryption is completely automatic and transparent as long as file requests are made under your credentials.

When you are logged into Windows under your username, and run Kazaa. Kazaa runs with your credentials and thus any encrypted file it attempts to read will be decrypted :)

Now if you run Kazaa under a different username this will not happen.

Same goes for file shares. If someone connects to a file share on your computer and supplies your username and password, encrypted files will be decrypted should they try to download them.

The point I am trying to make here is that any program running under the account the files where originally encrypted with (or other accounts in which the EFS certs have been imported) will have complete access to them.

Originally posted by stevewm
If you do not have the EFS certs on your system, copying a EFS encrypted file to a non-NTFS volume will leave the file in its encrypted state. (i.e. garbage :)

FrothByte: The encryption used in EFS is extremely strong. It uses AES 256-bit. To date is has not been broken, nor has any similar algorithm.

If you don't have EFS certs on your system, how will you encrypt the files in the first place? You'd have to encrypt the files, then delete your certificates, which doesn't really make much sense... (unless you've exported certificates for security reasons...)