AD CS : Recover Private Key using Key Archival

image002

AD CS : Recover Private Key using Key Archival

On an encrypted file obtain the certificate Public Key thumbprint using efsutil:

efsutil.exe /c

 

 

Open CA Manager snap-in in MMC

  1. Select Issued Certificates
  2. View > Add / Remove Columns > Add Archived Key

 

Search for user EFS Certificate with the same thumbprint as used on the encrypted file

 

 

Copy the certificate serial number, in this case ‘29 55 89 a8 00 00 00 00 00 e2

 

 

From the CLI on the CA with the archived key execute the command as Administrator; this will create a file in the current directory named outputblob

certutil -getkey 29 55 89 a8 00 00 00 00 00 e2” outputblob

 

Move the outputblob file to C:\ using the command; move outputblob C:\

 

Recover the private key using the command: certutil -recoverkey outputblob bradfordc_efs.pfx

 

 

Now import the new PFX certificate into the personal store on the computer where you are trying to access the encrypted data.