Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 6759 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recovery for encrypted files with lost keys

Agonist_Inhaler

Hi,

I'd like to seek assistance in my issue with SGN 5.5

I created a policy for file based encryption using a machine define key, however instead of using removable drive as the target for this policy I accidentally deployed it using Local Storage option. After the policy has been deployed it started to encrypt all files in my drive D:/ and I have no option to cancel it, so I just waited hoping I can revert the changes, but somewhere along the way, the computer rebooted, after I log back it, it reboots again after loading everything including the SGN client icon and it does it in a loop. I need to remove the policy from the MC and that allowed me to log in again. However I noticed that most of my files in drive D:/ were already encrypted. I tried to check the file status and it says "file encrypted with 0x62.... key" that I can't find. I tried looking for mek* keys, or boot keys from the MC but nothing shows, I even added all keys available for the user but I can't open the encrypted files.

Any suggestion how I can recover the files that were already decrypted?

Thanks,

:5684


This thread was automatically locked due to age.
Parents
  • 0

    Hi there,

    thank you very much for providing further feedback. With regards to your last reply I would like to add some things / have some things clarified.

    Upon creation a local key on a client machine, information about the key are stored encrypted in the local registry until the client can connect to the SafeGuard Enterprise server and the key is then stored in the database.

    Based on this information the only occasion that a local key could get lost would be if the local registry of the client would be severe damaged (unfortunately) deleting the key information at the same time.

    Can you therefore please be so kind and confirm, that you have not been using a centrally created key and that it is at least possible that the registry was damaged as you system crashed while encrypting the drive.

    Thank you very much!

    Regards

    Dan

    :6331
Reply
  • 0

    Hi there,

    thank you very much for providing further feedback. With regards to your last reply I would like to add some things / have some things clarified.

    Upon creation a local key on a client machine, information about the key are stored encrypted in the local registry until the client can connect to the SafeGuard Enterprise server and the key is then stored in the database.

    Based on this information the only occasion that a local key could get lost would be if the local registry of the client would be severe damaged (unfortunately) deleting the key information at the same time.

    Can you therefore please be so kind and confirm, that you have not been using a centrally created key and that it is at least possible that the registry was damaged as you system crashed while encrypting the drive.

    Thank you very much!

    Regards

    Dan

    :6331
Children
No Data
Unfiltered HTML