can't recover encrypted data

I forgot to decrypt before reinstalling XP. I've read and re-read all info I can find on EFS and it appears to me that with a personal certificate, .pfx containing both public and private keys, I should be able to read old data even though the SID with which the data were encrypted no longer exists. Else, how would one be able to USE data on another computer as suggested in XP Inside Out, pp. 496? Perhaps I misinterpret the passages--if they mean access data on the original platform with the original account (SID) then I'm buggered. I thought that if I backed up my certificates I would be able to recover from a mistake like this. I imported the old certificate into my personal store as directed and then every other store just to cover all bases.

Is my old premise right or wrong? Can you recover old data with only a (.pfx) certificate--all old account info gone?

Correct . EFS is orthogonal to ACLs. With the .pfx of the user's EFS cert
and key (EFS side of the story) and the ability to "take ownership" (ACL
side of the story), you would be able to decrypt the files.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.


"bk" <anonymous@discussions.microsoft.com> wrote in message
news:4FC8B634-50F7-41F1-A499-DC190A41B4E6@microsoft.com...

> I forgot to decrypt before reinstalling XP. I've read and re-read all

info I can find on EFS and it appears to me that with a personal
certificate, .pfx containing both public and private keys, I should be able
to read old data even though the SID with which the data were encrypted no
longer exists. Else, how would one be able to USE data on another computer
as suggested in XP Inside Out, pp. 496? Perhaps I misinterpret the
passages--if they mean access data on the original platform with the
original account (SID) then I'm buggered. I thought that if I backed up my
certificates I would be able to recover from a mistake like this. I
imported the old certificate into my personal store as directed and then
every other store just to cover all bases.

>
> Is my old premise right or wrong? Can you recover old data with only a

(.pfx) certificate--all old account info gone?

Appreciate your insights.

>-----Original Message-----
>Correct . EFS is orthogonal to ACLs. With the .pfx of

the user's EFS cert

>and key (EFS side of the story) and the ability to "take

ownership" (ACL

>side of the story), you would be able to decrypt the

files.

>--
>Drew Cooper [MSFT]
>This posting is provided "AS IS" with no warranties, and

confers no rights.

>
>
>"bk" <anonymous@discussions.microsoft.com> wrote in

message

>news:4FC8B634-50F7-41F1-A499-DC190A41B4E6@microsoft.com...

>> I forgot to decrypt before reinstalling XP. I've read

and re-read all

>info I can find on EFS and it appears to me that with a

personal

>certificate, .pfx containing both public and private

keys, I should be able

>to read old data even though the SID with which the data

were encrypted no

>longer exists. Else, how would one be able to USE data

on another computer

>as suggested in XP Inside Out, pp. 496? Perhaps I

misinterpret the

>passages--if they mean access data on the original

platform with the

>original account (SID) then I'm buggered. I thought that

if I backed up my

>certificates I would be able to recover from a mistake

like this. I

>imported the old certificate into my personal store as

directed and then

>every other store just to cover all bases.

>>
>> Is my old premise right or wrong? Can you recover old

data with only a

>(.pfx) certificate--all old account info gone?
>
>
>.
>