Buba,

Unless you have a backup of the associated private keys (see Q241201,
Q242296) or you are a part of a domain with an EFS recovery agent (see
Q223178, Q230490), you would have to use brute force to decrypt those
files. See the following article for a story related to brute forcing
EFS:

http://www.newscientist.com/news/news.jsp?id=ns99991804

Weakened encryption lays bare al-Qaeda files

Relatively weak encryption appears to have been used to protect files
recovered from two computers believed to have belonged to al-Qaeda
operatives in Afghanistan.

The files were found on a laptop and desktop computer bought by Wall
Street Journal reporters from looters in Kabul a few days after it was
captured by Northern Alliance forces on 13 November. The files provide
information about reconnaissance missions to Europe and the Middle East.

A report in the UK's Independent newspaper indicates that the encryption
used to protect these files had been significantly weakened by US export
restrictions that existed until last year.

The files were reportedly stored using Microsoft's Windows 2000
operating system and protected from unauthorised access using the
Encrypting File System (EFS), which comes as standard on this platform.
They were protected with a 40-bit Data Encryption Standard (DES),
according to the Independent report. This was the maximum strength
encryption allowed for export by US law until March 2001. All systems
are now sold with the standard 128-bit key encryption, exponentially
stronger than 40-bit.

Buba - wrote:

> A few weeks ago I wanted to encrypt my files. I found
> the option under file->properties->advanced-
> >'Encrypt contents to secure data', so I selected the
> files and execute this operation.
>
> But then my WinXP(prof.) crashed and I had to
> reinstall (format.., install) WinXP.
> After the installation when I opened one of my
> encrypted files, I got messages: "Don't have
> premission to open the file", etc.
>
> I searched the web and found some options:
> - That you can import a certificate in MMC, but I don't
> have it anymore.
> - That you can ask for a 'new certificate' in MMC, if
> you have a connection with the 'Active Directory'. I
> haven't one.
> - That you can make a 'Recovery Agent' in MMC (or a
> subprogram of it). But there I have to select a *.CER-
> file, which I haven't.
>
> Is it in any way possible to decrypt my (important)
> files
>
> Things I have thought of are downloading a *.CER-file
> from the internet and use it in #1 or #3 (see above)
> OR connect to the 'Active Directory' (see #2) in a
> way.
>
> Please help me because it is very important
> information that I encrypted.
> Thanks in advance.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]