|
From: Matthew A. P. <pos...@co...> - 2007-09-17 15:27:43
|
Hi Anton,
Thanks for the quick replies. /dev/sda1 is an external USB hard drive.
The copying involved simply dragging/dropping various unencrypted
directories/files from my WinXP documents dir to the external USB drive.
Then I right-clicked those directories on the USB drive and told XP to
encrypt them. Since my XP system crashed, I unhooked the USB drive from
it and attached it as /dev/sda1 to my Linux system.
I now understand what you are saying about the FEK being in the MFT,
though I don't know the significance of that fact in my particular case.
I applied your patch, rebuilt, and re-ran ntfsdecrypt, with exactly the
same result as in my previous email.
ntfsinfo /dev/sda1 -vvvF "dir/file" > ntfsinfo.output.txt
is attached.
Matt
Anton Altaparmakov wrote:
> Hi Matthew,
>
> On 17 Sep 2007, at 15:20, Matthew A. Postiff wrote:
>> I rebuilt from a fresh cvs checkout just now:
>>
>> % ntfsdecrypt --version
>>
>> ntfsdecrypt v2.0.0 (libntfs 10:0:0) - Decrypt files and print on the
>> standard output.
>>
>> % ./ntfsdecrypt -k /home/...pfx /dev/sda1 "dir/file"
>> Enter the password with which the private key was encrypted: *********
>> There are no entries in the DRF array.
>> Failed to obtain file encryption key. Aborting.
>>
>> I was sort of afraid this might be the outcome, but I'm not sure what
>> to do at this point. The files on /dev/sda1 were copied from Windows
>> XP as encrypted backup files.
>
> Sorry I do not understand what you mean. Could you explain what this
> copying involved?
>
>> Later my original drive has crashed, but I had saved off the PFX file
>> and had my password stored safely away. So I don't have access to the
>> original profile on that machine with its SID or whatever. Is it the
>> case I might not have backed up certain key files (i.e. the one
>> containing the FEK)? If so, am I hosed or is there still hope?
>
> The FEK is inside the MFT record of the encrypted file...
>
> Two things to try:
>
> 1) Apply attached patch to you CVS checkout of ntfsdecrypt.c,
> recompile and try again.
>
>
> 2) Run: ntfsinfo /dev/sda1 -vvvF "dir/file"
> And send the output it generates.
>
> Best regards,
>
> Anton
|
