No announcement yet.

Questions & Results on a Trivial EFS Experiment

  • Filter
  • Time
  • Show
Clear All
new posts

  • Questions & Results on a Trivial EFS Experiment


    I am trying to do a simple EFS test in windows xp pro sp2. I start off with a clean certificate store for the personal folder. The following are my steps in order:

    1. I create a folder on my desktop

    2. Set the attributes to "Encrypt contents..."

    3. I create a plain text document in notepad outside the encrypted folder and add a couple of words and save.

    4. I drag the text document into the encrypted folder; the filename turns green, and the atrributes show up as 'AE', I also check its attributes and sure enough it is encrypted.

    5. I then check my certificate store under the personal folder and behold there is a certificate with an associated private key. I know this because when I double click it says so. The thumbprint in the text file and folder also match perfectly to the certificate with the private key.

    6. Now I want to export the certificate and private key with it, still in the certifiacte manager I right click my only certifiacte and select export.

    7. All of the following are check off: "Yes, export the private key", format used .PFX, "include all certifiactes in the certification path if possible", "Enable strong protection", "Delete the private key if export is successfull", I set my password it is only 6 charactes long( I am just doing a test ), and finally set my file name. No problems were encountered after the export of the certificate with the private key.

    8. I then go to test what I have done so far by logging out and loging in, why? b/ the private key remains cached, and try to access the encrypted file, I get an "Access Denied" message. This is perfect exactly what I expected.

    9. Now I import the certificate with the private key. I right click in blank space in my personal folder of the certifacate manager, slect "import", find my file, type my password, check off the following: "Enable strong key protection..." and "Mark this key as exportable...", then I place this certificate in the "Personal" folder.

    10. Then I try to access the file and still recieve the access denied. I try logging out and logging back in and the same, I reboot the machine and still the same.

    Things to note:
    -In different variations of this simple test I have deleted my certificate from my certificate store under the personal folder after a successfull export with the private key attached, but alas still recieve the same error after importing the certificate containing the private key.

    Machine & Environment Information:
    1. windows xp pro sp2
    2. logged on as an administrator, I have tried this as different account with adminstrative access and still have the "access denied" problems when performing the same test.
    3. machine is not part of any Active Domain
    4. no recovery agent policy in place (this is fine as I just want to do a simple test)

    My brief of my understanding of EFS:
    Upon first use of EFS a certificate and private key is created. A public key encryptes the "File Encryption Key" which in turn encrypts the file(data) itself. To decrypt the file(data) a private key must Decrypt the "File Encryption Key" which in turn decrypts the file( data ) iteself. I know the "File Encryption Key" is a "symetric key" and the public & private key pair are "assymetric" keys.

    1. If my "personal" certifiacte store has multiple certificates with associated private keys which is tried first are any looked at in the store or is only the current user's private key tried? I know when the current user is logged on with and EFS having allready been used once he/she has an associated private and public key. I assume in the decryption process the current private key for the current user is tried first but are the others, in the certificate, even looked at?
    2. Any ideas on why the same user who encrypted the file cannot decrypt it even after the importation of the certificate with the private key?( the simple test )

    Other info:
    I don't care about "Recoverty Agents" at this moment.
    Here is my result trying to use the cipher command to decrypt:
    C:\Documents and Settings\Administrator\Desktop>cipher /d /a enc\test.txt

    Decrypting files in C:\Documents and Settings\Administrator\Desktop\enc\

    test.txt [ERR]
    test.txt: Access is denied.

    0 file(s) [or directorie(s)] within 1 directorie(s) were decrypted.

    C:\Documents and Settings\Administrator\Desktop>
    - I have called microsoft( "India" ) and they have no clue about EFS well at least I find myself explaining all the basic concepts to them for more than 2hrs.