|
Posted by Roger Abell [MVP] on February 4, 2006, 12:03 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Let's try to separate issues.
Can you access a previously EFS encrypted file ?
It is possible to have the key in the store so that it is not
exportable (but still usable).
You see only one EFS certificate in your private cert store?
If it is not usable then you should contact the admins that managed
the transition. They would (should) certainly want to know of the
problem before they migrate any more accounts/profiles.
On the other hand, if it is usable, then this may be due to policies
enforced in the new domain, which may or may not be what they
have intended to happen.
>I have a self signed certificate in Windows XP (private/pulic key
> pair). Recently my company changed my login domain (keeping the same
> password and Profile directory). But after that I can not use my
> certificate (private key). Looking at the password manager, it shows
> the certificate, also when I view it, it says that I have private key
> corresponding to the certificate. But when I try to export it greys out
>
> the option for private key export saying "The associated provate key
> can not be found. Only the certificate can be exported." I guess the
> reason might be that the key was encrypted based on password + domain
> name. Just my guess, based on my limited understanding from what I
> found on the net:
>
> "Windows XP protects you against such attacks. Windows XP encrypts the
> private key with a derivative of your password. If the password is
> changed and you don't provide the old password, access to the public
> key will be permanently blocked, and you or a thief can no longer
> decrypt files with this key."
>
> Is the only way to recover the key to ask for switching back to the old
>
> domain ? Please advise, I would really be very greatful for any help to
>
> recover my key.
>
> Thanks a lot,
> Sandeep
>
| 
XML site map