Help please - Can not use/export private key after domain change

TheMSsForum.com: The Microsoft Software Forum

I have a self signed certificate in Windows XP (private/pulic key
pair). Recently my company changed my login domain (keeping the same
password and Profile directory). But after that I can not use my
certificate (private key). Looking at the password manager, it shows
the certificate, also when I view it, it says that I have private key
corresponding to the certificate. But when I try to export it greys out

the option for private key export saying "The associated provate key
can not be found. Only the certificate can be exported." I guess the
reason might be that the key was encrypted based on password + domain
name. Just my guess, based on my limited understanding from what I
found on the net:

"Windows XP protects you against such attacks. Windows XP encrypts the
private key with a derivative of your password. If the password is
changed and you don't provide the old password, access to the public
key will be permanently blocked, and you or a thief can no longer
decrypt files with this key."

Is the only way to recover the key to ask for switching back to the old

domain ? Please advise, I would really be very greatful for any help to

recover my key.

Thanks a lot,
Sandeep
Top

Re: Help please - Can not use/export private key after domain change by Roger

Roger
Sat Feb 04 11:03:11 CST 2006

Let's try to separate issues.
Can you access a previously EFS encrypted file ?
It is possible to have the key in the store so that it is not
exportable (but still usable).
You see only one EFS certificate in your private cert store?
If it is not usable then you should contact the admins that managed
the transition. They would (should) certainly want to know of the
problem before they migrate any more accounts/profiles.
On the other hand, if it is usable, then this may be due to policies
enforced in the new domain, which may or may not be what they
have intended to happen.

<sandeepk99@yahoo.com> wrote in message
news:1139015493.946955.165250@g14g2000cwa.googlegroups.com...
>I have a self signed certificate in Windows XP (private/pulic key
> pair). Recently my company changed my login domain (keeping the same
> password and Profile directory). But after that I can not use my
> certificate (private key). Looking at the password manager, it shows
> the certificate, also when I view it, it says that I have private key
> corresponding to the certificate. But when I try to export it greys out
>
> the option for private key export saying "The associated provate key
> can not be found. Only the certificate can be exported." I guess the
> reason might be that the key was encrypted based on password + domain
> name. Just my guess, based on my limited understanding from what I
> found on the net:
>
> "Windows XP protects you against such attacks. Windows XP encrypts the
> private key with a derivative of your password. If the password is
> changed and you don't provide the old password, access to the public
> key will be permanently blocked, and you or a thief can no longer
> decrypt files with this key."
>
> Is the only way to recover the key to ask for switching back to the old
>
> domain ? Please advise, I would really be very greatful for any help to
>
> recover my key.
>
> Thanks a lot,
> Sandeep
>


Top