help me avoid losing a lifetime of data

Hairymonster · Monday at 12:28 PM

For forums

1. Unplanned motherboard changes and ssd issues led to clean install
2. Managed to backup all content to external usb drive with bitlocker on
3. Had repeatedly unlocked either copy and pasting pw from an EFS encrypted file stored elsewhere or typing in Rec key stored on my phone.
4 Subsequent to reinstall Rec key failure and efs file locked
5.disk and metadata seems intact.

Deep search, including deleted file recovery of all storage media recovered 22 bitlocker keys from past encryptions accounting for all except the ID that the locked drive was now displaying. Also not on the list of keys in my ms account. Indicating this was a new ID assigned when I reinstalled or something else.

Incomprehensible that ms refused to even conduct a search of their alternative stores where this bitlocker key might be since not in my account.

I've spent weeks doing nothing but work on this problem. A subpoena ordering ms to provide the key is the only thing left

Any ideas are appreciated, including using exploits or whatever it takes

I'm refraining from commentary about this product and Microsoft so please hold off on stating the obvious for now. Finding a way to access my only copy of decades of data is my priority.

neemobeer · Monday at 12:48 PM

The bitlocker key is only backed up by Microsoft if you use a MS account to sign into your device. If you used a local account, recovery key management is entirely user responsibility

Find your BitLocker recovery key - Microsoft Support

Learn how to find your BitLocker recovery key in Windows.

support.microsoft.com

Mooly · Monday at 1:12 PM

Hairymonster said:
Indicating this was a new ID assigned when I reinstalled or something else.

A reinstall will give allocate new keys. The Bitlocker management screen has the option to back up your keys to various places including MS account, USB drive etc. To anyone reading this and using Bitlocker please make sure you have recovery keys in a format you can access easily if needed.

glasskuter · Monday at 1:36 PM

Hairymonster said:
A subpoena ordering ms to provide the key is the only thing left

Good luck with that. Hope it works out for you.

While one's BL key is usually stored in one's MS account, dependent on when and who enabled BL, and the option that was chosen during setup, there is no 100% guarantee that it will be there.
Encryption is automatically enabled on many modern Windows devices, but it won't upload the key to your account unless explicitly prompted during the initial setup. When one manually sets up BL, if the user chooses another option for saving the key, it is not uploaded to MS.

Other reasons for A MS account not saving a key include:

Multiple Microsoft Accounts: You might be checking a different Microsoft account than the one used to first set up the PC.
Local Account Setup: If you initially set up your computer using an offline local account instead of a Microsoft account, BitLocker doesn't have an online profile to automatically sync the key to.
Saved to a File or Printed: During setup, the key may have been saved as a .txt file on a USB drive or printed out rather than uploaded to the cloud.
Work or School Device: If you use your computer for work or school, the recovery key is likely stored in your organization's IT database, not your personal Microsoft account.

Ultimately, it is user's responsibility to keep track of his own encryption key if he wants a guarantee.

andrew129260 · Monday at 1:39 PM

The yellowkey bypass should work but its not for the average user.

NEWS - Easy Bitlocker bypass with just a flash drive and physical access

https://www.tomshardware.com/tech-industry/cyber-security/microsoft-bitlocker-protected-drives-can-now-be-opened-with-just-some-files-on-a-usb-stick-yellowkey-zero-day-exploit-demonstrates-an-apparent-backdoor https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html Last...

www.elevenforum.com

garlin · Monday at 1:47 PM

andrew129260 said:
The yellowkey bypass should work but its not for the average user.

The bypass presumes the BitLocker key is present in the TPM. If you switched motherboards, then you would need the original one.

andrew129260 · Monday at 1:48 PM

garlin said:
The bypass presumes the BitLocker key is present in the TPM. If you switched motherboards, then you would need the original one.

thats what I get for speed reading. Sigh. Thanks

bdogg · Monday at 1:50 PM

although not the same scenario, i had bitlocker issues on a dell machine after an inplace upgrade. Maybe something in this thread will help you: Windows home 10 22h2 to home 11 25h2 with rufus bitlocker problem. Cited in that thread is another tutorial by Brink which may also help: Turn Off BitLocker for Drive in Windows 11

Hairymonster · Monday at 2:03 PM

andrew129260 said:
The yellowkey bypass should work but its not for the average user.

NEWS - Easy Bitlocker bypass with just a flash drive and physical access

https://www.tomshardware.com/tech-industry/cyber-security/microsoft-bitlocker-protected-drives-can-now-be-opened-with-just-some-files-on-a-usb-stick-yellowkey-zero-day-exploit-demonstrates-an-apparent-backdoor https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html Last...

www.elevenforum.com

This interests me very much but from what I read the yellow key bypass does not work for an external drive with a key assigned to it it's only for internal C drives that use the TPM chip to automatically open . If this is not true and the yellow key bypass could work on an external drive lock the BitLocker please let me know

Hairymonster · Monday at 2:08 PM

garlin said:
The bypass presumes the BitLocker key is present in the TPM. If you switched motherboards, then you would need the original one.

I thought the TPM is only used for internal drives I know that has to be true because I could take my external BitLocker drive plug it into a different computer and enter the password and have it unlocked. Is there some way some command line that I can use to verify whether the BitLocker for that drive is tied to the TPM chip?

pseymour · Monday at 2:14 PM

Hairymonster said:
I thought the TPM is only used for internal drives I know that has to be true because I could take my external BitLocker drive plug it into a different computer and enter the password and have it unlocked. Is there some way some command line that I can use to verify whether the BitLocker for that drive is tied to the TPM chip?

That's correct. USB encrypted drives do not use the TPM, and they don't auto-unlock via Secure Boot, so YellowKey is of no help here.

Hairymonster said:
3. Had repeatedly unlocked either copy and pasting pw from an EFS encrypted file stored elsewhere or typing in Rec key stored on my phone.
4 Subsequent to reinstall Rec key failure and efs file locked

If you didn't backup the EFS encryption data, EFS files are locked permanently. You can use

a backup of your EFS certificate + private key (.pfx file)
a full backup of your old Windows profile that includes the key
a domain/enterprise recovery agent (rare for home users)

andrew129260 · Monday at 2:15 PM

Sorry for derailing the thread, I should have read the whole thing and not just spit out.

pseymour · Monday at 2:16 PM

When someone even potentially loses data, all options are welcome. :)

Hairymonster · Monday at 2:18 PM

pseymour said:
That's correct. USB encrypted drives do not use the TPM, and they don't auto-unlock via Secure Boot, so YellowKey is of no help here.

If you didn't backup the EFS encryption data, EFS files are locked permanently. You can use

a backup of your EFS certificate + private key (.pfx file)

a full backup of your old Windows profile that includes the key

a domain/enterprise recovery agent (rare for home users)

A full backup of my old windows profile consists of what exactly? What are the key ingredients for the minimal requirements for that because I may have that?

Slavic · Monday at 2:20 PM

If the old motherboard is still accessible with its TPM (even with some defects like damaged USB port) and you have a full system backup with old BitLocker key, try to restore OS in previous state, at least temporarily. But I suppose it may be not as easy...

Hairymonster · Monday at 2:26 PM

Slavic said:
If the old motherboard is still accessible with its TPM (even with some defects like damaged USB port) and you have a full system backup with old BitLocker key, try to restore OS in previous state, at least temporarily. But I suppose it may be not as easy...

I forgot to mention that I went back to the old motherboard and somehow got it to work again which is what I'm using now. So the current configuration is the original motherboard but with a reformatted SSD a new installation of windows with all EFS broken and bitLocker now asking me for a different key than it used to for an external locked drive a key that I don't have that is not in my Microsoft account. The only place the key might exist is in one document that is locked with EFS encryption.

neemobeer · Monday at 2:43 PM

For USB drives the master key is only stored on the USB drive itself with 1 or more key protectors. Windows should have required you to generate a reovery key (1 of those key protector types). It certainly could have been backed up in the EFS files, but since the OS has been re-installed the chances of recovering the EFS files is unlikely.

On any Bitlocker device you basically have 1 or more key slots that all contain an encrypted copy of the bitlocker volume master key. Each copy is then decryptable by a given key protector (a TPM stored cert, a recovery password and so forth)

pseymour · Monday at 3:03 PM

Do you have access to these folders from the backup?

C:\Users\<OldUser>\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
C:\Users\<OldUser>\AppData\Roaming\Microsoft\SystemCertificates\My\Keys

Hairymonster · Monday at 7:02 PM

neemobeer said:
For USB drives the master key is only stored on the USB drive itself with 1 or more key protectors. Windows should have required you to generate a reovery key (1 of those key protector types). It certainly could have been backed up in the EFS files, but since the OS has been re-installed the chances of recovering the EFS files is unlikely.

On any Bitlocker device you basically have 1 or more key slots that all contain an encrypted copy of the bitlocker volume master key. Each copy is then decryptable by a given key protector (a TPM stored cert, a recovery password and so forth)

It did ask me to back up the key when it was first encrypted which I did and I used it successfully without issues for a while until the computer hardware issues leading to the clean Windows reinstall seems to have caused a silent recovery key deletion and reassignment or Recreation of a new key this is a known bug from what I understand in one of the windows releases in the last year . So that's why there's no backup of only this one bizlocker ID

pseymour said:
Do you have access to these folders from the backup?

C:\Users\<OldUser>\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
C:\Users\<OldUser>\AppData\Roaming\Microsoft\SystemCertificates\My\Keys

Yes I do. Those are the ones and more that I grabbed before reinstalling. However the thing that's missing is a private key and...., i have been using my fingerprint and a PIN to log into Windows for quite some time so when I changed the motherboard which was unplanned windows no longer accepted my fingerprint and asked me for the password which was a long deliberately not easy to remember password which existed only in the EFS encrypted file so I had to reset my Windows password which I think is the main obstacle at this point to opening those documents

pseymour · Monday at 7:13 PM

Alright so, with the files in the Certificates and Keys folders... first make a folder somewhere. I'll use C:\EFS-Recovery.

Then copy into that folder:

The certificate file (usually a long hex filename, no extension or .crt)
The key file (same long hex filename, but stored in the Keys folder)

They must have the same base filename, so like

Code:

C:\EFS-Recovery\3A4F2B1C2D3E4F5A6B7C8D9E0F123456
C:\EFS-Recovery\3A4F2B1C2D3E4F5A6B7C8D9E0F123456.key

Change directories to the folder you're using, e.g., cd C:\EFS-Recovery. Then merge the files to create the PFX. The dot tells certutil to look in the current directory, so adjust if you didn't CD into it. You will be prompted to set a password for the PFX. If the certificate and key match, certutil will generate the efs.pfx file.

Code:

certutil -mergepfx . efs.pfx

Then, you should be able to double‑click the efs.pfx file, choose Current User, enter the password, and finish. Windows should immediately be able to decrypt the EFS files.

help me avoid losing a lifetime of data

New member

My Computer

Well-known member

My Computer

Well-known member

My Computer

aka Mama Glass

My Computers

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computers

New member

My Computer

New member

My Computer

putting the mental back in experimental

My Computer

Well-known member

My Computers

putting the mental back in experimental

My Computer

New member

My Computer

Well-known member

My Computer

New member

My Computer

Well-known member

My Computer

putting the mental back in experimental

My Computer

New member

My Computer

putting the mental back in experimental

My Computer