How To Recover EFS Cert From Backup?

  1. Maybe your restored files from the old machine have broken the link between EFS certificates and their associated private keys.

  2. So, try to use Mimikatz 2.0 on the old machine http://blog.gentilkiwi.com/mimikatz/crypto#exportKeys with admin privilieges

    • using the crypto::exportKeys function, you can export the private keys (just pay attention to your ACL on the files)

    • using the crypto::patchcapi function, you can patch the Windows CryptoAPI provider loaded in mimikatz. Then, the « non exportables » private keys becomes « exportables » :)

Tags:

Windows

Encryption

Certificates

Disk Encryption

Recent Posts