Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

File recovery for files encrypted on SEE Removable Storage device

Created: 25 Jan 2013 • Updated: 29 Jan 2013 | 3 comments
This issue has been solved. See solution.

Has anyone out there ran into the situation where a user has a file on a USB device and they need an encrypted file opened but cannot remember the password to open it?  If so, how was that handled?  Is there any way to recover the files from an offsite location(remote user that is opening the file from a Non-RS protected PC)?  The only way I see (and it is NOT very secure) is to email the user a copy of the recovery cert or the copy of the user cert to decrypt the file with.

Any suggestions?  The question has come up and I am just looking for another answer.

Thanks in advance.  

Comments 3 CommentsJump to latest comment

SMLatCST's picture

You're correct in that the only way to access an encrypted file after losing the password is either via the Master Recovery Cert, or via the Workgroup Key (which requires a machine installed with SEE-RS and is configured for the same Workgroup Key as the original machine that encrypted the file.

As far as your scenario goes (attempting to access encrypted file on a machine at remote site without SEE-RS installed and no password), my suggestion would likely be to access the removable storage device (via Windows, not the Access Utility) and send the encrypted file to your helpdesk.  There they could decrypt the file (using the Master Recovery Cert) and ping the file back at the end user (perhaps encrypted with a new password?).

The Master Recovery Cert should never be sent out to end users, and any use of it should be strictly recorded/monitored/audited.

David.H's picture

So, you were saying that the .xml file can be sent in to the help desk and decrypted?  I have tried that and I guess I didn't do it correctly.  What is the proper way to do this?  

Should I get the user to email the .xml file, copy it to a removable storage device, then insert the device into a computer that has the master recovery cert and then decrypt it?  I think I tried to do it this way but I may not have had the Master cert installed on my computer.  

SOLUTION
SMLatCST's picture

Yup, that should do the trick.  The steps you described are appropriate, just be aware that when you move the file back onto removable storage, you do this on a machine that does not have SEE-RS installed.