How to decrypt files without the EFS Certificate (Windows 8)

user1869069 picture user1869069 · Jul 1, 2013 · Viewed 14.9k times · Source

I have a number of files that were automatically encrypted using EFS on my old Windows 8 64 bit installation. I re-installed Windows 8 64 bit and now I can't access these files. I dont have the EFS Key Certificate of previous OS.

What all i tried and dint work: 1. I tried "Add Ownership" softwares, also in command prompt. 2. I enabled UAC feature in admin and tried accessing from admin account. 3. I tried out EFS recovery softwares mainly http://www.elcomsoft.com/aefsdr.html

Now there is any other way to to decrypt files without the EFS Certificate?

Answer

zindorsky picture zindorsky · Jul 1, 2013

(I'm assuming that by "EFS Key Certificate" you actually mean the private key corresponding to that certificate. The certificate itself is not that important - the private key is, since it is what decrypts the file encryption key.)

EFS protects a file by encrypting it with a file encryption key, and then encrypting that key with one or more public keys corresponding to private keys belonging to the users who are to have access to the file. So only the possessor of one of those private keys can decrypt the file encryption key and thus gain access to the file.

If you indeed no longer have any of those private keys, then there is no way to decrypt your files. But note that during the encryption process, Windows may have added a Recovery Agent to the list of users with access. If that is the case, and you have the Recovery Agent's private key, then you may still be able to decrypt your files. But it seems likely that since you don't have your old EFS key, you probably don't have the old Recovery Agent key either (if it even ever existed). So you're probably out of luck. Sorry.