Seeking guidance on restoring my certificates & encrypted Windows 7 files after a Win 10 upgrade
A few years ago I upgraded from Win 7 to Win 10. The was the free upgrade for Windows 7 users. The upgrade was done on top of my Windows 7 installation as opposed to doing a clean Windows 10 install.
Prior to the upgrade I had a folder on my desktop which Windows evidently encrypted (without my intervention) as indicated by green text file/folder names. I've read that Windows will do this if the files originated from a Mac (which they originally did). Anyway after the upgrade to Windows 10, the folder disappeared from my desktop. Unfortunately I had been using this folder as my working folder so it ended up containing about 30 new files that I created, which was source code I wrote. I am wondering if it is possible for me to recover this missing folder.
My understanding is that Windows 7 uses a different set of encryption keys than Windows 10. I think that during the upgrade I was asked to back up my keys (certificate). I do have single .pfx file I saved off to another drive which might contain the file key / certificate.
IF this .pfx file is a backup Windows 7 certificate can I import it into Windows 10 allow me access my encrypted files? I'm really unclear what the needed steps are and which category of certificate this falls under (Personal Certificates?) Please provide any explanations about what I need to do and possibly any suggestions/steps to make the file recovery happen.
A few notes about my system:
- A Windows 7 restore isn't possible since I had it disabled at the time.
- My Windows.old folder was automatically deleted by Windows 10 days after the upgrade so it is no longer available.
- I am the only one using this computer and only have 1 account.
- My Windows username and password haven't changed.
- My boot SSD drive and mobo are still the same as before the upgrade.
I'd really appreciate your help in guiding me to recover my semester's worth of work.
You can restore an EFS key and certificate just by installing the PFX (either by double-clicking it, right-clicking it, or using the Certificate Manager to import it). Use the default options (current user, "Personal" store or just let Windows figure it out). You'll need the password you used to protect the private key, but you shouldn't turn on the option that makes it ask for the password each time you use the key.
However, neither EFS nor an OS upgrade should ever make a directory disappear. You won't be able to read the files without the key, but you should still be able to tell that they're there. EFS doesn't hide the file metadata (name, size, timestamps, ACLs, etc.); it's still stored in the file system data structures in plain text. You may want to search your drive - possibly from an elevated context, using a command line search tool since Windows Explorer doesn't let itself run elevated in normal accounts - for the directory / for some file that was in it. If you can't find it, installing the old EFS key won't solve anything.
Similarly, while it's true that Windows has improved the default cipher and key strength for EFS over the years, I would be very surprised if the Win10 upgrade prevented old keys from working (and, if it did, re-importing the key seems unlikely to fix it). Worth a shot, especially if you find the files but still can't access them, but certainly OS upgrades don't normally delete your private keys.