Windows – How to use backup EFS certificate to decrypt encrypted files

certificateefsencryptionwindowswindows 8.1

I have some files that were encrypted on a now extinct Windows 7 system. I made sure to backup my keys, this one is called efs.pfx. Double-clicking it launches the Certificate Import Wizard which places it in the Current User > Personal store. But now when I try to select it for decryption using the EFS Rekey Wizard (rekeywiz.exe) I get this error on the final step:
The EFS Rekey Wizard encountered an error and cannot continue: The requested operation is not supported.

I saw this notification while it was in that store:
This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store.

So I moved it to the mentioned store, where things looked better:
Allows data on disk to be encrypted

However I still get the same error in rekeywiz regardless of which certificate store it's in.

I can see the encrypted files in Windows Explorer, but double-clicking them opens them as empty files or throws errors:
user does not have access privileges

I practiced deleting the certificate to make sure I could not read the files' contents, and importing the certificate to make sure my read access was restored. This worked well, and can't imagine that this is the wrong key (the backup is literally named efs.pfx). I don't remember having to use the Reykey Wizard when I practiced this on Windows 7. Also, I never tested this after upgrading to Windows 8 or 8.1. I think this might not be an "upgrade" but a clean install, as I remember a problem trying to transition my 8.1 Preview system (which was probably the last in a series of in-place upgrades dating back to Vista) into the final build. I don't see why this would matter, but I hope it helps cover any questions.

How can I decrypt my files?


As suggested in the comments, I tried moving files to a different location. At first I was denied access saying I needed permission from the entity in the following picture:
File Access Denied

I looked at the Advanced Security Settings Properties tab and saw that the owner was the same entity, so I took ownership of the file and allowed myself full control.

Strangely, I get the same error when now trying to moving the file, only I require permission from myself
File Access Denied

Update #2

When I look at an encrypted file's properties in General > Advanced > Details > User Access, I can see which certificate is allowed to view the contents and its thumbprint:
User Access to...

I've verified that this is the same certificate I backed up and installed into my certificate store:
Certificate Thumprint

Best Answer

It turns out that all I had to do with uncheck Enable strong private key protection in the Import options:

Certificate Import Wizard

After that I could read the files just fine.

The actual problem seemed to be that checking that option doesn't work for my situation.