C
chriad
I have a windows 10 operating system partition that is encrypted with bitlocker. Unfortunately I don't remember ever having activated bitlocker encryption nor can find and .bek file or numeric pin or password.
My first uncertainty is in why my device is encrypted in the first place and who encrypted it. There are two possibilities: I have encrypted it myself and forgotten about it. The manufacturer that shipped the laptop has encrypted the device when installing the operating system (which I don't think is the case). I contacted the manufacturer and they do not have knowledge of any key.
My second uncertainty is in why the bitlocker lockout was triggered at this time when it worked fine for the last year or so. It says Boot policy has unexpectedly changed. From what I have red so far, there are a lot of reasons why this can happen. Probably it happened because I did not properly remove a external USB harddrive or I changed some BIOS settings without knowing what I was doing. The only important question is if it is it in principle possible to roll back the boot policy to its initial state and thus circumvent the necessity to enter the bitlocker code?
My third uncertainty is concerning the unlock key. I found a .pfx certificate file that I might have exported during the encryption procedure, I just don't remember. I found a post https://www.einfaches-netzwerk.at/teil-20b-bitlocker-dra/ where a drive is indeed decrypted with the sha1 certificate thumbprint like this:
manage-bde -unlock i: -cert -ct "46 4f 75 9b f9 67 7a d2 44 d0 7b 64 61 63 16 80 df dc 0b a2"
which I can easily retrieve from the .pfx file.
My question is now, assuming this .pfx certificate indeed contains the key to do the decryption, how can I export this certificate to the certificate store so that the above command will work?
How can I install the .pfx certificate from the elevated command prompt (I cannot do it from within the GUI because it is my OS volume that is locked so I only can access it with the recovery console)?
I tired:
certutil -f -p somePassword -importpfx "somePfx.pfx"
as outlined here https://stackoverflow.com/questions/5171117/import-pfx-file-into-particular-certificate-store-from-command-line?noredirect=1, but certutil command is not found.
Here is the output of the manage-bde -status command
Size: Unknown GB
Bitlocker Version: 2.0
Conversion Status: Unknown
Percentage Encrypted: Unknown%
Encryption Method: XTS-AES 128
Protection Status: Unknown
Lock Status: Locked
Identification Field: Unknown
Automatic Unlock: Disabeled
Key protectors:
Numerical password
TPM
Can someone give a hint on how to decrypt a bitlocker encrypted OS partition with a .pfx file and clarify if the steps outlined are in principle correct and should work if the certificate is the right one?
I would appreciate any your comments.
Continue reading...
My first uncertainty is in why my device is encrypted in the first place and who encrypted it. There are two possibilities: I have encrypted it myself and forgotten about it. The manufacturer that shipped the laptop has encrypted the device when installing the operating system (which I don't think is the case). I contacted the manufacturer and they do not have knowledge of any key.
My second uncertainty is in why the bitlocker lockout was triggered at this time when it worked fine for the last year or so. It says Boot policy has unexpectedly changed. From what I have red so far, there are a lot of reasons why this can happen. Probably it happened because I did not properly remove a external USB harddrive or I changed some BIOS settings without knowing what I was doing. The only important question is if it is it in principle possible to roll back the boot policy to its initial state and thus circumvent the necessity to enter the bitlocker code?
My third uncertainty is concerning the unlock key. I found a .pfx certificate file that I might have exported during the encryption procedure, I just don't remember. I found a post https://www.einfaches-netzwerk.at/teil-20b-bitlocker-dra/ where a drive is indeed decrypted with the sha1 certificate thumbprint like this:
manage-bde -unlock i: -cert -ct "46 4f 75 9b f9 67 7a d2 44 d0 7b 64 61 63 16 80 df dc 0b a2"
which I can easily retrieve from the .pfx file.
My question is now, assuming this .pfx certificate indeed contains the key to do the decryption, how can I export this certificate to the certificate store so that the above command will work?
How can I install the .pfx certificate from the elevated command prompt (I cannot do it from within the GUI because it is my OS volume that is locked so I only can access it with the recovery console)?
I tired:
certutil -f -p somePassword -importpfx "somePfx.pfx"
as outlined here https://stackoverflow.com/questions/5171117/import-pfx-file-into-particular-certificate-store-from-command-line?noredirect=1, but certutil command is not found.
Here is the output of the manage-bde -status command
Size: Unknown GB
Bitlocker Version: 2.0
Conversion Status: Unknown
Percentage Encrypted: Unknown%
Encryption Method: XTS-AES 128
Protection Status: Unknown
Lock Status: Locked
Identification Field: Unknown
Automatic Unlock: Disabeled
Key protectors:
Numerical password
TPM
Can someone give a hint on how to decrypt a bitlocker encrypted OS partition with a .pfx file and clarify if the steps outlined are in principle correct and should work if the certificate is the right one?
I would appreciate any your comments.
Continue reading...