Windows 10 Folder Encrypted with BitLocker and Certificate/Key Issues

  • Thread starter Thread starter VirCotto
  • Start date Start date


Dear Community,

Lenovo and Microsoft support could not help me with the following matters, but I hope you can.

I'm a self-employed CPA and I bought a new Lenovo laptop running Windows 10 in June to replace one that was failing. On both the old and new computer I have a folder encrypted by BitLocker where I store client files. However, two interrelated problems have developed relating to certificates and private keys:

1. When I first encrypted my client folder on the new computer, I received a prompt to save the certificate and private key for backup purposes, which I did. However, each week now I receive that prompt without any action on my part. After some investigation in certmgr.msc, I now know that each week I'm being issued a new certificate and/or private key. I have five certificates so far and three private keys. I'd like for the weekly re-issuance to stop, but I don't know how to get Windows to be satisfied with a single certificate and private key! Any suggestions?

2. When the weekly notices started I thought Windows was confused and I did not back up the second certificate and private key I was issued, since I thought I had done it already. However, now that Windows has moved on to issuing the third and further certificates, I can no longer access any files that were encrypted during that week-long period the second certificate was in effect.

I can see the second certificate in certmgr.msc but it says no private key is associated with it. All the other certificates have a private key associated with them. However, when I search the Windows folder where private keys are kept (C:\ProgramData\Microsoft\Crypto\RSA\) using Recuva, I cannot find any deleted private keys, so I am hopeful that this second certificate can be used somehow. Is there a way to know what happened to the private key for the second certificate, and allow me to regain access to the files?

As a side note, I have three keys in the RSA folder, but five certificates in certmgr.msc (and four of those certificates are paired).

I appreciate any advice you may have to solve either or both issues!

Continue reading...