Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win 7 EFS. An encrypted file can not be opened after importing prv key

28 Oct 2014   #1
dovob

Windows 7 Ultimate x64
 
 
Win 7 EFS. An encrypted file can not be opened after importing prv key

My first post in SevenForums. Any guidance on where to post things, etc. appreciated! I did look for a forum on file system issues, then looked over all forums, then decided to post here.

I have a file containing sensitive info that I use daily. It's encrypted with Windows EFS, showing as green in Explorer.

My objective is to be able to use this file from multiple logins on the same computer.

The file was not stored on the system drive in a Users subfolder, but on a separate logical drive (same physical drive), under a folder named "xxx" that I use, for many purposes, as a substitute for the corresponding Users subfolder on the system drive (since it's basically user data rather than system or application data). Usage of this encrypted file has been trouble-free until today.

I've been using an elevated privilege login "xxx" for all my computing work. I recently decided to create a second login "yyy" for use in daily work. I intend to use the new "yyy" login with restricted privileges, but for now both logins are admins until I get comfortable using the new login.

After creating "yyy" while logged in as "xxx", I copied most of the contents of the "xxx" profile to the new user's profile directory. (As I'm typing this, Radar is suggesting my problem might be here - a brute-force workaround for the eternally-greyed-out "Copy to" feature in Windows 7 profile manager.)

While logged in as "xxx" I exported my certificate or private key (not really clear to me from the process) to a .pfx file. (I did opt to include other certificates.) I then switched login to "yyy" and navigated to the target file's folder. Noticing that the file was in my separate "xxx" data folder, and knowing that I now want to use the same file from either of my logins, I moved the encrypted file to a third subfolder on my data drive, whose parent I call "System" to remind me that its files should be login-neutral. (Moving the file from the new login before I tried to open it - Radar up?)

While logged in as "yyy" I imported the saved private key/certificate file into the same directory as the target file. When I tried opening the target file, I got a Windows dialog in the nature of "Excel cannot open the file because the file format or file extension not valid".

I switched login back to "xxx" and opened the file without incident. Restarted, logged in as "yyy" - same result "Excel cannot open the file because the file format or file extension not valid".

Searching yielded little other than a 2011 TechNet article stating that the problem was malware: http://*******/1wAmhE5 .. I downloaded and ran a Quick Scan with the linked utility - no infection found. (Yesterday I ran a full scan with current MSRT whose UI appears identical with this one's.)

I also tried searching for "how does an idiot like me APPLY an imported certificate or private key to a specific file"; evidently it doesn't work that way. I also found a lengthy, aging TechNet tutorial on everything I never want to know about EFS: http://*******/1wAnqf5

Why would this be difficult? Thanks for any ideas!

Edit: Thank you for letting me know not to try posting URL-shortened links. Will read up before posting again.


My System SpecsSystem Spec
.
28 Oct 2014   #2
Tookeri

Windows 7 Pro 32
 
 

Hi and welcome to SevenForums!

I think you missed the part to add the certificate to the file, through the properties of the shared file.
Here's a good description: Share encrypted files
My System SpecsSystem Spec
29 Oct 2014   #3
dovob

Windows 7 Ultimate x64
 
 

Thank you Tookeri. This info led to success!

Sorry for the delay in reporting back. (I really appreciate the prompt response - got busy with other things yesterday and then spent a bunch of time on it today.)

It seems that besides missing a step, I also had the process backwards in my mind. Per your linked reading, it's the "recipient" login that first Exports a certificate file (Step 1), then (according to the reading) the "donor" Imports it (Step 2). This seems to make sense only in light of Step 3 - Add the certificate to the target file to make that file decryptable by the "recipient".

I struggled for quite a while with Step 2 (Import). No matter how I tried to finagle things, each attempt to open the Exported certificate file from within Certificate Manager, resulted in a different-but-same Windows dialog indicating "You do not have permission to access the file." Which pretty clearly suggests NT Permissions - false. (All permissions in order and even taking ownership - same result.)

Finally, it turned out to be simpler than all that. For this particular situation (sharing an encrypted file with another user on same computer after flailing around for hours), only Step 3 was needed from the original "xxx" login. I just shared the target file with the new user's certificate as outlined in Step 3 of the reading. That enabled "yyy" to open the file.

In Step 3, I was able to find and select the new user's certificate easily. I don't think this was a result of "xxx" Importing a certificate file of "yyy" (Step 2), since every attempt I made to do that, resulted in "You do not have permission to access the file." I'm thinking that EITHER the certificate of "yyy" had been available from the start, having been built during the initial creation of user "yyy"; OR the certificate contained in the file that was built from the "yyy" login, didn't need to be Imported since it was sitting right there in the same directory.

So I'm thinking that maybe the directions in the reading aren't right. Maybe in the general case, one needs to EITHER Export a certificate while logged in as the "recipient" (Step 1) .. OR Import a certificate while logged on as the "donor" (Step 2); then (in either case) from the "donor" login Share the "recipient" certificate with the target file (Step 3).

Also I'm guessing that I misunderstood the directions for the Import (Step 2). Here I refer to the sub-step where the dialog asks me to "Select a file". Well, in Step 1 I'd already learned that this is Microglyphic for "Make up a new name for a file that doesn't exist yet, and type it into the text box." Sadly, during my struggles I failed to transfer this valuable info over to the Import step (where the dialog looked exactly the same as in Step 1 - duh), instead interpreting "Select a file" to mean "Select a file". Silly me! Had I made that connection, I might have decided that the instructions were combining 2 distinct and mutually exclusive processes into one description of a process that won't work.

But then .. I might have been wrong about that too! Fortunately this stuff actually is kind of fun.

Thank you for the help!
My System SpecsSystem Spec
.

Reply

 Win 7 EFS. An encrypted file can not be opened after importing prv key




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Shutting down PC when .vhd bitlocker encrypted file is mounted
Throughout my computing life, I've learned that it's important to umount drives. It still can be seen when devices like a cellphone or a pendrive are attached to the computer the advice of clicking to "Safe remove" the drive before removing it physically. Now I have Windows 7 Ultimate virtual...
System Security
Importing files into one excel file
I have a script running that shows computer, name, mac address, serial # I have a folder of about 200 differnec CSV files that update when people log in. As it is now, I will create a single excel file and manually type in each computers info. Is there a way to grab all of the...
Microsoft Office
Windows 7 encrypted file ?!
Am i totally screwed ??! i had a spread sheet on my old hdd and i stupidly did the file properties/encrypt option (the file name went green) i have just got a new ssd and have installed windows 7 back on it..... now my excel file wont open !!! am i without hope ?? or can this be fixed, as i...
General Discussion
Encrypted/Corrupted Zip file
Hey guys, Not sure if this is the right forum to be posting in, I basically backed up my content from an old laptop and ive kept it ever since, its been put onto an external haddrive for a while and now I need to access it. So I get it and try to extract is and its asking for a password, well ive...
System Security
Importing a PST file to Outlook 2007 on Windows 7
I got a new computer at work and had backed up my old Outlook on a PST file. I have been trying to import that into the new computer and continue to get a message "The personal folder file (PST) is already in use in the current profile" Sorry for my lack of knowledge on this front but if...
Browsers & Mail
Problem importing .PFX file
Hello guys, I am in a trouble, hoping for some help. I had encrypted my important folder on Windows 7 and the type of file that was exported was .PFX Then after due to a reason (it's a long story), I reinstalled windows 7 on partition containing old windows 7. Now, I can't access my...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 11:46.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App