Decrypt EFS files

decryptefsencryptionfile managementfile-attributes

Here's my situation.

Was using EFS on my Vista laptop – had a backup of my certificate.

HD crashed…managed to recover some of my files (Encrypted) – but they "lost" the "Encrypted" attribute in the process.

I'm now on my new Windows 7 Enterprise laptop – imported my old Vista EFS certificate…I have my files on a USB drive and copied them over to my new drive (NTLM), but as I mentioned, Windows doesn't see them as being Encrypted…so I can't decrypt them.

Is there a way to either force the Encrypt attribute to be set, so that I'll then be able to decrypt them…or to force-decrypt them manually even though the system doesn't see the file as being encrypted?

Best Answer

The EFS keys are kept in NTFS alternate data streams, so if your USB drive was not formatted as an NTFS drive, the information would be lost. Backup programs often discard this information as well.

You can check if the streams are still there using Streams or ADS Spy. If they are no longer there, it will be impossible for you to recover your files.

As Windows does not flag the files as EFS encrypted, I think it is likely that you have lost the EFS keys in the streams.