Please help, restoring keys in xppro

hi, i have a problem, i did a fresh install of win xpprosp2, and now i cant open some files i had encrypted on my backup drive.
Im using the same username and password, but my old xppro was sp1.
I scanned my hard drive for any keys and it found a few, but where would i put these keys in my current install, so i can decrypt the files?

any help would be greatly appreciated.

 

Hi desperate,

Pardon if I'm not real sure about what you have or haven't done, including the sequence.
Were these files encrypted through EFS or third party software?

As much as I'd like to help, I lack the appropriate experience to supply a definitive answer for you...
but do have a page that may provide insight and answer some questions until someone more
knowledgable addresses you're thread.

http://www3.telus.net/dandemar/encrypt.htm

Hang in there.


GF

 

hi globalforce, yeah ive already been to http://www.beginningtoseethelight.org/efsrecovery/index.php but i just find it abit hard to follow, although i have tried some things mentioned there.

Ok this is what i have done.

1. I had 2 hdd, one with xpprosp1(c and the other my backup hdd(e. I have a .txt file encrypted using xp's encryption on my e: drive.

2. I gave my c:drive to a friend and he formatted it with xpsp2.

3. I bought a new c: drive and installed xpprosp2, and i have the same e: drive.
Now i can no longer open the encrypted file.

4. I scanned my old c:drive(now owned by my friend), using active@undelete and file scavenger etc.. and found many single files that looked alot like keys used by xp. Some even start with S-1-5-21 etc..

5. I used Newsid to change the machine number(from what i read, using the keys i found on my old hdd) on my new c:drive. Im also using the same username and password that i used on my old hdd, the last time i accessed and save the encrypted file.

6. i still cant open the encrypted file on my e: drive, so now im not sure if i have to put some of the keys(on my old hdd) i found in any of the folders on my current c:drive.

im not sure what to do from here.

 

Hi again desperate,

Viewing statements one and two, I need to ask if you exported those encryption keys from the *C* drive prior to you're friend formatting it? If not, this could very well be the cause of you're inability to decrypt the file not being able to import
the saved keys onto you're new install. As for utilizing the keys recovered by @ctive, I couldn't say if changing the files attributes through the recovery console would help here or any other system method for that matter.

You're mention of this file...S-1-5-21.., is a registry key I'm sure you're aware...
I just don't know how feasible it would be to merge these to the new install (lack of expertise here ).
*edit* - Oop's, I noticed this relates to Drive\Docs and Sets\USER\App.Data\M$\Crypto.

From what I've read (and believe me it's frustrating not finding enough support for any one solution)...
it's difficult to determine if the SAMS registry file holds the answer, Syskey, XP's Security and Administration ,
or even Other Resourses (down the page).

I also couldn't say if any of the topics listed here would be of service.

If no luck with these or other input on this thread, you might consider posting over at the DevShed Forums
(registration is free). Likewise but not free, there's informative but limited searching over at Experts-Exchange
(searches there have supplied me many answers in the past).
Computing.net is another site I've found to be useful.

Whatever happens, I'll keep you in mind.
If you find a workaround, I would so much like to hear about it.

Best on you're quest desperate,
*edit* 2 - I'm still on this BTW...having a closer look at that page from "Beginning to see the light."


GF

 

hi GlobalForce,

at first i used advanced EFS data recovery by elcomsoft, thinking that it would just find the right keys(from the ones i recovered from my old hdd) to decrypt my file, but it would only find one pair of master/private keys(highlighted in green), and then scanned my drive for encrypted files but would only be able to decrypt a test file i had done(with the current install), and not the file i want to decrypt. So the pair it found, must be my current xp keys.

But when i used Newsid and input one of the keys i had recovered(S-1-5-21...), i then used advanced EFS data recovery again, this time it found two pairs of master/private keys, and it could decrypt a few more files it found on my e:drive, but still not the one i want to decrypt.
I did this process again, and another pair of master/private keys were found, but my file still could not be decrypted.

So i feel im on the right track, but im just missing a vital step, that will either allow me to decrypt this damn file or show me that it cant be done, and i might aswell stop trying.

So thanks for those links, i'll look at them soon, although i might have to put this on hold for abit, as i have to return a faulty piece of hardware in my pc which is causing instability, so i'll continue as soon as it returns(hopefully not long).

once again thanks for your help, and those links.