File Encryption

Richand · 5 Jun 2006 at 14:47

Hi all,

I have a problem with windows file encryption in windows XP Professional at work.

I started here as a contractor and had a username: richardad, On this profile i encrypted a load of important files

I then joined them permanant and had a new profile setup username: richardsar

I copied over all my documents to the new profile and added myself as owner using the richardsar username. Then the company decided that i should go back to my other username richardsad and i then copied the files back over and added my richardsad as the owner.

I can now not open these files and they are still encrypted as they are green.

Any ideas? :confused:

rich_g85 · 5 Jun 2006 at 15:48

Can you not ask a user who is a member of Domain Admins (assuming you're using Active Directory) to take ownership and un-encrypt the files?

I can't remember if that would work or not...

M0KUJ1N · 5 Jun 2006 at 16:06

It wont, as the files are encrypted using (IIRC from my rather rusty computer security course knowledge) a 256-bit AES encryption method with the user SID forming part of the hash. The private key is stored in the user profile. Tbh it will be very difficult to retrieve these files if you've deleted the user profile that encrypted the files in the first place. Lesson #1- when using encrypted file systems always back up your private key!

Out of interest *why* did you encrypt your files in the first place? Were standard NTFS permissions not sufficient?

Uhtred · 5 Jun 2006 at 16:14

the network admin should be able to restore these files

The_KiD · 5 Jun 2006 at 16:28

M0KUJ1N said:
It wont, as the files are encrypted using (IIRC from my rather rusty computer security course knowledge) a 256-bit AES encryption method with the user SID forming part of the hash. The private key is stored in the user profile. Tbh it will be very difficult to retrieve these files if you've deleted the user profile that encrypted the files in the first place. Lesson #1- when using encrypted file systems always back up your private key!

^What he said really.

Unencrypting is damn near impossible without the original user SID, which you will never get back.

Richand · 5 Jun 2006 at 16:29

Thats just it, They can't. I work for a big global IT Company and they can't figure it out. so i put it to the OCuk forum to give me answers and it does

I encrypted them as the network here is rubbish - putting in \\1**.2**.5*.2**\c$ and you can access a persons file system.

rich_g85 · 5 Jun 2006 at 16:37

Zap said:
the network admin should be able to restore these files

Can you expand on that at all?

Uhtred · 5 Jun 2006 at 16:51

As far as I know the network admins should be the default recovery agent, assuming this is an active directory environment. They can use their recovery certificate and private key to decrypt the file.

M0KUJ1N · 5 Jun 2006 at 16:59

This assumes that the company has deployed a PKI and that the account which performed the encryption is a domain account (both of which are valid assumptions for a large company of course)

Should be interesting either way

Richand · 5 Jun 2006 at 17:21

Well, It seems that moving certificates around made abit of differant and unlocked a few files but not all, The tech then wants to copy one of the affected files to a pen drive.... :confused:

I really need these files as there part of my yearly objectives which determines my pay rise