7

I have some files that were encrypted on a now extinct Windows 7 system. I made sure to backup my keys, this one is called efs.pfx. Double-clicking it launches the Certificate Import Wizard which places it in the Current User > Personal store. But now when I try to select it for decryption using the EFS Rekey Wizard (rekeywiz.exe) I get this error on the final step: The EFS Rekey Wizard encountered an error and cannot continue: The requested operation is not supported.

I saw this notification while it was in that store: This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store.

So I moved it to the mentioned store, where things looked better: Allows data on disk to be encrypted

However I still get the same error in rekeywiz regardless of which certificate store it's in.

I can see the encrypted files in Windows Explorer, but double-clicking them opens them as empty files or throws errors:
user does not have access privileges

I practiced deleting the certificate to make sure I could not read the files' contents, and importing the certificate to make sure my read access was restored. This worked well, and can't imagine that this is the wrong key (the backup is literally named efs.pfx). I don't remember having to use the Reykey Wizard when I practiced this on Windows 7. Also, I never tested this after upgrading to Windows 8 or 8.1. I think this might not be an "upgrade" but a clean install, as I remember a problem trying to transition my 8.1 Preview system (which was probably the last in a series of in-place upgrades dating back to Vista) into the final build. I don't see why this would matter, but I hope it helps cover any questions.

How can I decrypt my files?

Update

As suggested in the comments, I tried moving files to a different location. At first I was denied access saying I needed permission from the entity in the following picture: File Access Denied

I looked at the Advanced Security Settings Properties tab and saw that the owner was the same entity, so I took ownership of the file and allowed myself full control.

Strangely, I get the same error when now trying to moving the file, only I require permission from myself
File Access Denied

Update #2

When I look at an encrypted file's properties in General > Advanced > Details > User Access, I can see which certificate is allowed to view the contents and its thumbprint: User Access to...

I've verified that this is the same certificate I backed up and installed into my certificate store: Certificate Thumprint

Improve this question
3
  • the last error seems like a NTFS permission error, did you try to copy the file to somewhere else or set proper permission, then do the decryption? does it work?
    – lex
    Commented Jul 18, 2015 at 8:27
  • Hi @Chris.C, thanks. I've updated the question to show what happens when trying your suggestion.
    – Louis Waweru
    Commented Jul 22, 2015 at 19:23
  • try superuser.com/questions/444055/… to set proper permission for the files.
    – lex
    Commented Jul 23, 2015 at 5:25

1 Answer 1

Reset to default
5

It turns out that all I had to do was uncheck Enable strong private key protection in the Import options:

Certificate Import Wizard

After that I could read the files just fine.

The actual problem seemed to be that checking that option doesn't work for my situation.

Improve this answer
4
  • 1
    OMG. You are a lifesaver. I've been troubleshooting this problem for days, just knowing I had the right certificates and everything backed up correctly. Thank you soooo much for taking the time to update this post. You saved me!!!!!
    – StatsStudent
    Commented Mar 7, 2017 at 2:37
  • 2
    @StatsStudent Glad it helped! I know it's no fun running into this sort of problem.
    – Louis Waweru
    Commented Mar 7, 2017 at 4:00
  • 2
    How in the world did you figure this out? I searched everywhere on the internet for a solution and all the Microsoft solutions were just terrible. I tried for days and couldn't find this. I'm surprised there's not more documentation on this (or maybe there is and I just couldn't find it?). Anyway, I'd love to know how you finally figured this out. And lastly, do you have any idea why having that checked caused this problem? If I could tip you or buy you a virtual beer I would! Cheers!
    – StatsStudent
    Commented Mar 8, 2017 at 2:36
  • @StatsStudent Altered state for sure.
    – Louis Waweru
    Commented Jul 7, 2021 at 2:18

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .