Importing EFS certificate

Just for testing, I tried to import a win 10 EFS x509 cert to my ring. It’s an EC521. WhenI tried from Kleopatra it gave an error: Invalid object. Then I tried using gpgsm amd this was the result after tiping the import password:

C:\antiga_D\Downloads\Certificats EFS>gpgsm --import Key_EFS…pfx
gpgsm: data error at “pkcs5PBES2-params”, offset 134
gpgsm: error at “bag-sequence”, offset 49
gpgsm: error parsing or decrypting the PKCS#12 file
gpgsm: cantidad total procesada: 0

What did I wrong?

The idea was to have a back-up of the key.



Hi Josep,

I have no idea :slight_smile: Maybe the Certificate uses something gpgsm does not support. TBH I am not even sure what an EFS certificate is. Maybe someone else will know more here but you have a much better chance to get help if you ask that question on the gnupg-users mailing list, as you have tried it already on the command line.

The Mailing list is linked here:

Best Regards,

Hi Andre,


EFS is a way that has windows 10 pro to cipher files and folders. It uses a certificate self generated with a private key. I’ll try to send you one (now invalid) to you with a private e-mail in .pfx format. Just if it’s useful to you for improving your software. It isn’t important, so don’t waste to much time on it.
I imported it succesfully to the XCA utility.