Maxi-Pedia Forum

Information Technologies and Systems (IT/IS) => Security => Topic started by: upesleja on February 09, 2010, 08:47:41 am

Title: Private Key Location (binding issue)
Post by: upesleja on February 09, 2010, 08:47:41 am
New User so bare with me!

I crashed my Harddrive after downloading a exe file that shut my system down.  I was unable to log onto windows and was forced to re-load it.  Instead of doing a format I decided to buy a new Harddrive, load windows, and upgrade everything, then add the other HD as a slave, pull my files and be on my way.  Well, that didn't work.  So I was forced to use a program to pull off the data I had still on it.  I found a very useful program that pulled everything off my old HD without any problems, and even kept the file structure and file names in tact.

Well I guess I had set some files to be encrypted and so everything that was in a folder on my desktop is now locked out.  after doing countless searches and tips from the internet, I have discovered that it has something to do with access to these files.  I see nothing but "certificates, public and private keys" when searching for this fix.  I was able to find my public cert's and keys, and move them into the proper folder, however when I try to open the files it still locks me out.

I think all I have found was the "public" keys and certs and that is not good enough to decrypt the files and see them.  I think that all is not lost, but at this point I am.  Is there a specific location, or anyway to find the private key to match this public key so that I can open these files once again?  If I new which folder, or file that this key was in, I could probablt copy it out of the one folder into the current system folder and get these files open.  Everything I see says that "without the public and private keys" there is nothing that can be done, but only my windows startup files should have been corrupt so I do not know why this is being so hard!

Any suggestions?

Title: Re: Private Key Location (binding issue)
Post by: danisara on February 12, 2010, 08:58:11 am
Hi, hello,

Let me first clarify the way you used to encrypt files in your old system before restore. That helps to get to the solution. You used Windows encrypting mechanism (You right clicked on a file in Explorer, Properties, Advanced, Encrypt contents to secure data), right?

If yes, you need to import the "file recovery" certificate from your old system into the cert store in the new system. I do not think just placing the certificate to the right folder is sufficient. And you need the private key not the public one (I hope you have that.). Here is how you import the certificate:

local policy
win settings
security settings
public key policies
right click encrypting file sys
add data recovery agent

When searching for help, try searching for "windows recovery certificate".


Title: Re: Private Key Location (binding issue)
Post by: atari on February 12, 2010, 09:10:21 am
Upesleja, I am reading answers to your question at techguy (please, do not post content that is identical to some other forums at Maxi-Pedia, it hurts us; rephrase, please, thanks), and I am a bit confused whether it is encryption issue or just problem with profiles. Did you encrypt all files in your old system? Can you now in your new system access at least some files that you know were not encrypted in your old system?

I would suggest booting up from a Ubuntu disk and see if you can access files that way. That would be a way to get over problems with profiles if that is the case.

Title: Re: Private Key Location (binding issue)
Post by: porsche on February 12, 2010, 11:11:29 am
File encryption can be extremely dangerous if you do not know all the details and use Windows. Never use Windows for file encryption.  ;D I would suggest TrueCrypt and double-backing up keys to an encrypted USB drive. This way, reinstalling Windows won't hurt you.

Title: Help with crashed HArddrive and encrypted files
Post by: upesleja on February 13, 2010, 12:43:03 am
First off, I am sorry for posting the same problem on two forums.  I am just looking for help from anyone who can give it.

Second, What happend was I downloaded an exe program, in which the second I clicked it, it shut off my computer.  When I went to restart it, the computer would just keep restarting.  I shut the system down, bought a new harddrive (i was at 400 of 500 gigs anyway) and installed my new 1 TB harddrive with a windows OS.  I upgraded that operating system, got all my hardware to work, popped online to seek out some help.  I have since tryed the following:

Connecting the harddrive to simply "recover" the data, but it is in RAW format for some reason so it is unable to do that.

After using a data recovery program, EASEUS Data Recovery Wizard, I was able to see all my files, and pull everything off the old hard-drive (amazing program)

The problem after doing that was windows encrypted what appears to be random files.  I have no clue why these files would be encrypted.  I had 100 gigs of music files, (where not encrypted) that pulled off and work fine.  In my "My Documents" folder, I had pictures, and documents which random documents appear to be encrypted and all the photos are encrypted.  This sucks, because the documents were less important then the pictures. 

I did some more research and discovered that these files are encrypted because of windows, and certificates. (which until this search / problem I knew nothing about)  I thought certificates where used for web stuff only.  But moving on, I followed a bunch of user steps to create "recovery agent" certs, but only to find out that they needed to be created before the data was encrypted to work.  So I tried importing the old certificate from the computer to the new system, which I could do. .. it reads it fine.  But I can not access the files because the computer knows that I am not the old system.  So I guess I need to know if there is a way to crack this system.  From what I read there is not!

SO, with every certificate option leading to a dead end,  I decided to see if the old hard-drive could be repaired.  After all it was a program / software bug that failed not the hard-drive itself.  So Using a program called "Active Boot Fix" I tried to boot into that hard-drive, which I can do, but only the same way that the data recovery software did.  It still wont let me fix the problems.

I am just at such a loss here, and Its bugging me, because I feel so close sometimes, and then just hit a brick wall!

More info on the old system:
I did not have other "users" set-up.
The computer was not networked
Only me and my wife had access to the computer
The files were never encrypted by me, and  my wife would have no clue on what that means.
If they became encrypted, it was done automaticly when the photos were pulled from the digital camera, or were placed in a sharded, or encrypted folder.  but one or two RANDOM pictures in each picture folder is not encrypted, this is puzzleing.

Any help with that information?

Title: Re: Private Key Location (binding issue)
Post by: porsche on February 15, 2010, 11:40:03 am
Wow, it sounds complicated. It is really strange with the encryption. You say neither you or your wife enabled encryption. Windows comes with encryption disabled by default, so they should not be encrypted. You did not have any user accounts set up, so it does not look like a problem with profiles. And you say some pictures are ok and some not .. that would look more like corrupted data. You are using various third party programs to get to the data, it may not be the best option. I would really try the two following things:

a) get the "bad" hard drive and plug it into some other Windows computer (possibly the same OS version like you have on the hdd). You do not have to play with the master/slave thing - go to the store and buy USB box (little box that you plug the hdd into and connect it to the USB port; pay attention to the interface IDE, ATA, SATA...). See if you can access the files that way. This is the "raw" way of getting to the files. If you get any message when opening the files, post it here.
(I am suggesting the USB box because you wrote that connecting as a slave did not work, so I am assuming you are trying to access the data from some recovery boot disc, correct?)

b) Try doing the same thing from a computer with Ubuntu/Linux. Accessing the files through other than Windows OS could be a way to figure out what is wrong too. If the files really are encrypted, you would be able to find out that way for sure.

Ps: You say you upgraded your operating system. XP to Vista?

Title: Re: Private Key Location (binding issue)
Post by: upesleja on February 16, 2010, 01:54:29 am

I always used XP, the "upgrade" was from installation through all the service packs and such on the new harddrive.  I have since fixed the RAW data file problem and can now see the entire harddrive in windows (through my other harddrive, with the old one as a slave)  But even though I can add and remove the files at will, they are still encrypted.  The folder these files were on was on the desktop, and I am wondering if that had anything to do with it?  When I view the properties of the files it says it is encrypted by "brian" with some numbers and letters, and gives the certificate.  When I imported that certificate it tells me I need a master key in order to "unlock" the file.  I still think it is a matter of encryption and not damaged data.  Everything I have done so far has only created me to access and see the files, and the 100 gigs or so of music pulled off 100% in tact, and working. 

I still think I need to just figure out how to boot back into that operating system (which should be in tact) and retrieve the files to a disk or what ever, then be done with this problem!

Title: Re: Private Key Location (binding issue)
Post by: porsche on February 16, 2010, 11:31:18 am
I think it is starting to be clearer. XP includes the functionality of file encryption too, but it comes disabled by default. You say you have not turned the encryption on. I think what happened is that when you got the malware it encrypted the data. If that is the case, it is probably lost for ever. Even if you were able to boot into the old OS before it crashed, you would not be able to find the private key that the malware used to encrypt the data, the malware probably deleted it already. And if the malware is the cause, it sure has not created any recovery key. And just the public key is not sufficient to decrypt.

Suggestion for future - if you need to have Windows, get Vista or version 7 and keep UAC on. It would have saved you in this case. Or switch to Ubuntu and you do not even need to worry about malware.  :)

encrypted by "brian" ... Brian, is that you, or is that name unknown to you in regards to your computer?