Windows system EFS encryption / decryption principle introduction

Others 2019-12-05 16:00:33 views: null

EFS encryption is the windows system comes with encryption, a system user to encrypt the file, only logged in as the user can read the file. EFS-encrypted files and folders is the name of the color green, or advanced properties in the file or folder is encrypted attributes. If it does so after the computer is encrypted using the ESF today's tutorial introduces a large extent still improve the security of data, but if the secret key file is missing or reinstall the system will lead to increase over encrypted files can not be opened, but because other reasons can not open the file, we should be how to decrypt.

EFS encryption principle introduction

  • To decrypt, we must first understand how the increase of density, here EFS encryption principle.
    EFS file encryption principle
  • When we use EFS to encrypt files on a NTFS, Windows system will generate a pseudo-random number FEK (that is, the file encryption key), to encrypt files with this FEK in situ while overwriting the file, and then use the system then a public key to encrypt the FEK, encrypted EFS FEK is stored in the encrypted file attributes.
  • When a user accesses the encrypted file, the system uses a private key to decrypt the FEK, and then use the FEK to decrypt the file, here we are talking about public and private keys are collectively referred to as the secret key, if the user logs on to a domain environment to use, then decided secret the key generation is a domain controller, if the user is not logged in a domain environment, the secret key is generated depends on the local machine.
  • Normally you want to decrypt EFS encrypted files required depends on the user's private key, the private key stored in the \% UserName% \ Application Data \ Microsoft \ Crypto \ RSA% UserSID% under the path of the Windows partition Documents and Settings \, this is a SID security identifier that represents the unique features of the account, assigned by the Windows system when the account was created. Windows system for the protection of the private key will be to conduct a private key encryption, known as the master key, the master key in the Windows partition Documents and Settings \% UserName% \ Application Data \ Microsoft \ Protect \% UserSID%, then encrypting the master key with the user key generated password.
  • Above this simple encryption process is summarized to form a "user password -> Master Key -> private -> FEK-> EFS encrypted files" encryption chain. If you want to decrypt EFS, we need to get the information, including user passwords, the master key, the private key.

    Under no idea EFS decryption keys case

    1. View existing system footprint, the finding or restructuring FEK encrypted private key, the master key,
    2. View existing mft file directory space, verify matching the user password to decrypt user files,
    3. Decrypting files out of the checksum logic analysis, to extract the desired data.
    4. If you use EFS to encrypt a file, you should promptly keys for backup and safekeeping.
    5. If the file is lost EFS keys should discontinue using the computer, reduce the possibility of keys being covered.

Guess you like

Origin blog.51cto.com/sun510/2456317
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com