When encrypting files and folders, Windows will use a self-generated certificate that contains keys used to encrypt and decrypt the data. When opening encrypted data when logged into the user account that generated the certificate, the decryption process is transparent and the files are opened normally.
If another user or system tries to access the same data files or if the files are moved to another location, then they cannot be opened unless the original certificate is installed.
When encrypting a file or folder in Windows, you always need to have the encryption certificates/keys. When encrypting a file or folder, the encryption keys are automatically created and associated with your user account.
If you don’t want to backup your encryption key, you can choose not to.
If you do not have these encryption keys, you will not be able to decrypt the data. Unfortunately, there is no way around this since the encryption is very strong and cannot be broken easily.
If you can still access the computer where the data was originally encrypted, you can try exporting the certificate and then importing it on a different machine. ..
Backing Up EFS Certificates
The second way is to use the Windows Backup utility. ..
In Windows 7, you can open the certificate manager by typing in certmgr.msc and pressing Enter. This will open up a window where you can manage your certificates for the current user.
Personal: Now expand Certificates. You should see all the certificates listed in the right pane. There might only be one, but if not, the only certificates you are interested in are the ones that have Encrypting File System listed under Intended Purposes.
Export the certificate to a file.
This opens the Certificate Export Wizard, which is where you will reach if you click on Back up now (recommended).
If you don’t have the private key, you won’t be able to decrypt any of the encrypted files. ..
If you want to export the certificate in a different format, you can select that option on the next screen.
To protect your certificate, you will need to create a password. Make sure to type in a strong password in the Password box. ..
Save the file onto a different computer if you want to keep it.
Name: EFS key
To import your private encryption key, follow these steps:
- Click next and then click Finish. Your private encryption key is now saved as a file.
- You can now take this file and import it on any other Windows machine. Importing is really easy. All you have to do is double-click on the file and it will open up the Certificate Import Wizard.
- On the Certificate Import Wizard, click Next and then select the location where you want to save your certificate file.
- Click Next and then select the type of certificate you want to import (X509).
- Click Next and then select the name of your private encryption key file (eCryptfsKey).
- Click Finish to finish importing your certificate into Windows! ..
If you have an encrypted file that was encrypted with a certificate that is no longer valid, you can decrypt it using the certificate.
I have never been able to decrypt my files using these programs, and that’s why I haven’t listed any of them here. If you have any questions, feel free to post a comment. Enjoy!