Encrypted File System (EFS) Certificate Backup

ByLine
How to Backup Encrypted File System (EFS) Certificate in Vista, Windows 7, and Windows 8
Synopsis
If you encrypt files and folders on your computer, then you need a way to recover that data in case something happens to the encryption key to prevent data from being lost. This will show you how to backup the EFS key certificate to prevent this.
How to Backup Encrypted File System (EFS) Certificate in Vista, Windows 7, and Windows 8

information   Information
If you encrypt data (files and folders) on your computer, then you need a way to recover that data in case something happens to the encryption key. If your encryption key is lost or damaged and you don't have a way to recover your data, the data is lost. To make sure you can always access your encrypted data, you should back up your encryption certificate and key.

The Encrypt feature is only available in the Vista Business, Ultimate, Enterprise, Windows 7 Professional, Ultimate, Enterprise, and Windows 8 Pro and Enterprise editions.
warning   Warning
Be sure to store the backup (Exported) copy of your EFS certificate in a safe place. You will need it if you have to restore the EFS cetificate to be able to decrypt your encrypted files.
Tip   Tip
If you lost the EFS certificate backup, or did not create one, then you can use the 30 day free trial program Advanced EFS Data Recovery to decrypt the files.





Here's How:
1. Press the Windows + R keys to open the Run dialog, type certmgr.msc,and press Enter.​
2. In the left pane, double click/tap on the Personal folder to expand it, and click/tap on Certificates. (See screenshot below step 4)​
3. In the right pane, right click the certificate that lists Encrypting File System under Intended Purposes.​
NOTE: If there is more than one EFS certificate, you should back up all of them.​
4. Click/tap on All Tasks and Export.​
certmgr.jpg

5. Click/tap on Next in the Export Wizard Welcome. (See screenshot below)​
Wizard_Welcome.jpg

6. Select (dot) Yes, export the private key, and click/tap Next. (See screenshot below)​
Export_Private_Key.jpg

7. Select (dot) Personal Information Exchange, and click/tap Next. (See screeshot below)​
Export_File_Format.jpg

8. Type a password you want to use, confirm it, and click/tap on Next. (See screenshot below)​
NOTE: Be sure to store this password in a safe location. You will not be able to import the EFS Certificate back to Vista without it.
Password.jpg

9. Enter a name for the file and the location (include the whole path) or click/tap Browse and navigate to the location, then enter the file name. (See screenshots below)​
10. Click/tap on Next.​
NOTE: If you clicked Browse instead, then click Save and then Next.
File_To_Export.jpg
Save_As.jpg

11. Click/tap on Finish. (See screenshot below)​
Finish.jpg

12. Click/tap OK. (See screenshot below)​
Successful.jpg

That's it,
Shawn



 
Last edited:
Shawn Brink

Comments

The
Code:
Yes, export the private key?
option is dimmed out on my Vista Ultimate x64 system! What can I do to export my private key? :cry:
 
Hi na5M,

Welcome to the forum.:party:

It means that the EFS private key part of the certificate cannot be found, and usually will only have the Certificate itself that can be exported. This usually happens when the file this EFS private key was created for is no longer encrypted with it. You can delete this Certificate listing if you are sure that nothing is encrypted by it.

Do you have any other EFS Certificates listed? If you do, then that will be the one probably being used be a encrypted file.

If you get locked out of your encrypted file, then add the encrypted file to a compressed (zipped) folder. The file will be unencrypted (decrypted) when extracted.

Hope this helps,
Shawn
 
Thanks for the quick reply! I'm not sure what I did to wind up with a dimmed out option, but it isn't really a big deal (and your answer is probably right). I was just experimenting with creating/deleting encrypted folders & certs. Ultimately, I just deleted all of my encrypted folders and all EFS certs/keys to restart with a blank slate. Then I created a folder that I wanted to keep permanently as an encrypted folder, encypted it, and voila... when I went to export the cert, the Export Private Key option was now available to me (ps- I store the pfx file on gmail for safe keeping).

It is taking a little while for me to fully warm up to this 64 bit version of Vista, but I am slowly getting to know it better. Actually, I was surprised to find that Windows Media Player is delivered with DVD decoding for free! No need to buy WinDVD or VideoLAN :)

The next thing I'm going to try to do is get an SSH client working for my x64 Vista. I hope I find success!

Thanks again, brink
 
Top