Encrypting, decrypting files

#1
Question
Is there a TCC command I can use to encrypt or decrypt a file on a
system which supports NTFS encryption, e.g., WinXP Pro? The analogous issue
for compression / expansion is the ATTRIB +C / ATTRIB -C command pair to do
it "in situ", or copying between compressed and uncompressed directories
using either COPY or MOVE.

Problem
I mapped a network drive containing encrypted files on a system running
WinXP Pro to another system running WinXP home. Read access to the encrypted
files just resulted in "access denied", not a problem. However, using the /U
option of COPY from the system without encryption to update encrypted files
was catastrophic: despite "access denied" messages for each file, the
encrypted files were replaced with empty (0-byte) files with new timestamps,
retaining the encrypted attribute. Both systems have WinXP SP3, and TCC
11.00.51.
--
Steve
 

rconn

Administrator
Staff member
May 14, 2008
10,588
97
#3
> Question
> Is there a TCC command I can use to encrypt or decrypt a file on a
> system which supports NTFS encryption, e.g., WinXP Pro?
There is no internal TCC command to do that.


> Problem
> I mapped a network drive containing encrypted files on a system
> running WinXP Pro to another system running WinXP home. Read access
> to the encrypted files just resulted in "access denied", not a problem.
> However, using the /U option of COPY from the system without encryption
> to update encrypted files was catastrophic: despite "access denied"
> messages for each file, the encrypted files were replaced with empty
> (0-byte) files with new timestamps, retaining the encrypted attribute.
That's a Windows issue, not TCC.

The COPY command uses the Windows CopyFile API to do all the work. XP Home
does not support encrypted files, though I'm surprised it went so far as to
blow away the encrypted files.

Have you tried it with CMD?

Rex Conn
JP Software
 
#4
|| Is there a TCC command I can use to encrypt or decrypt a file
|| on a system which supports NTFS encryption, e.g., WinXP Pro?
| There is no internal TCC command to do that.

Please consider this a request for such in a future version.

|| Problem
|| I mapped a network drive containing encrypted files on a system
|| running WinXP Pro to another system running WinXP home. Read access
|| to the encrypted files just resulted in "access denied", not a
|| problem. However, using the /U option of COPY from the system
|| without encryption to update encrypted files was catastrophic:
|| despite "access denied" messages for each file, the encrypted files
|| were replaced with empty (0-byte) files with new timestamps,
|| retaining the encrypted attribute.

| That's a Windows issue, not TCC.
|
| The COPY command uses the Windows CopyFile API to do all the work.
| XP Home does not support encrypted files, though I'm surprised it
| went so far as to blow away the encrypted files.

I suggest a work-around to avoid destruction of files (just one more
Windows bug for you to worry about). While I can avoid the issue in future,
more naive users in the same circumstances will - wrongly, though - blame
TCC. OTOH there will be many more users in the future who try to transfer
files between encrypted and plain file systems.

BTW, I just tried "COPY/O *" to the encrypted target, and it reported
for each file first the attempt to copy (src => tgt), then the "Access is
denied" message. No targets were created. Early detection of unfulfillable
user request could save users lots of time.

| Have you tried it with CMD?

No, I never use CMD. I became a JPsoft addict decades ago!
--
Steve
 
#6
| For handling encryption unter NTFS, there is a Win XP command line
| utility named *CIPHER* you can call from TCC.
|
| Here's an overview of its options and uses:
| http://ss64.com/nt/cipher.html

Thanks, but it does not have a link for downloading the program.
--
Steve
CIPHER comes with Windows XP. I just typed CIPHER from TCC and it gave me the following;

Code:
Displays or alters the encryption of directories [files] on NTFS partitions.

  CIPHER [/E | /D] [/S:directory] [/A] [/I] [/F] [/Q] [/H] [pathname [...]]

  CIPHER /K

  CIPHER /R:filename

  CIPHER /U [/N]

  CIPHER /W:directory

  CIPHER /X[:efsfile] [filename]

    /A        Operates on files as well as directories. The encrypted file
              could become decrypted when it is modified if the parent
              directory is not encrypted. It is recommended that you encrypt
              the file and the parent directory.
    /D        Decrypts the specified directories. Directories will be marked
              so that files added afterward will not be encrypted.
    /E        Encrypts the specified directories. Directories will be marked
              so that files added afterward will be encrypted.
    /F        Forces the encryption operation on all specified objects, even
              those which are already encrypted.  Already-encrypted objects
              are skipped by default.
    /H        Displays files with the hidden or system attributes.  These
              files are omitted by default.
    /I        Continues performing the specified operation even after errors
              have occurred.  By default, CIPHER stops when an error is
              encountered.
    /K        Creates new file encryption key for the user running CIPHER. If
              this option is chosen, all the other options will be ignored.
    /N        This option only works with /U. This will prevent keys being
              updated. This is used to find all the encrypted files on the
              local drives.
    /Q        Reports only the most essential information.
    /R        Generates an EFS recovery agent key and certificate, then writes
              them to a .PFX file (containing certificate and private key) and
              a .CER file (containing only the certificate). An administrator
              may add the contents of the .CER to the EFS recovery policy to
              create the recovery agent for users, and import the .PFX to
              recover individual files.
    /S        Performs the specified operation on directories in the given
              directory and all subdirectories.
    /U        Tries to touch all the encrypted files on local drives. This will
              update user's file encryption key or recovery agent's key to the
              current ones if they are changed. This option does not work with
              other options except /N.
    /W        Removes data from available unused disk space on the entire
              volume. If this option is chosen, all other options are ignored.
              The directory specified can be anywhere in a local volume. If it
              is a mount point or points to a directory in another volume, the
              data on that volume will be removed.
    /X        Backup EFS certificate and keys into file filename. If efsfile is
              provided, the current user's certificate(s) used to encrypt the
              file will be backed up. Otherwise, the user's current EFS
              certificate and keys will be backed up.


    directory A directory path.
    filename  A filename without extensions.
    pathname  Specifies a pattern, file or directory.
    efsfile   An encrypted file path.

    Used without parameters, CIPHER displays the encryption state of
    the current directory and any files it contains. You may use multiple
    directory names and wildcards.  You must put spaces between multiple
    parameters.
Joe
 
#7
| CIPHER comes with Windows XP.
...
Thanks, you are partially right. It comes only with WinXP Pro. I tried it on
the WinXP home system only. Well, I believe I have all the tools I need to
upgrade it to Pro.
--
Steve
 

samintz

Scott Mintz
May 20, 2008
1,294
11
Solon, OH, USA
#8
Steve,

I might have skimmed your email a little too quickly. But why can't you
just use the built-in EFS in Windows?

-Scott

Steve F$BaC(Bi$BaO(B <> wrote on 07/23/2010 08:49:02 AM:


> | For handling encryption unter NTFS, there is a Win XP command line
> | utility named *CIPHER* you can call from TCC.
> |
> | Here's an overview of its options and uses:
> | http://ss64.com/nt/cipher.html
>
> Thanks, but it does not have a link for downloading the program.
> --
> Steve
>
>
>
>
 

rconn

Administrator
Staff member
May 14, 2008
10,588
97
#9
> || Is there a TCC command I can use to encrypt or decrypt a file
> || on a system which supports NTFS encryption, e.g., WinXP Pro?
> | There is no internal TCC command to do that.
>
> Please consider this a request for such in a future version.
But -- you said you're using XP Home, which does not support encryption.
And if you updated to XP Pro (or Win 7), you'd have that utility as part of
the OS.

So I'm not clear just what you're asking for.

Rex Conn
JP Software
 
#10
||| Is there a TCC command I can use to encrypt or decrypt a file
||| on a system which supports NTFS encryption, e.g., WinXP Pro?
|| There is no internal TCC command to do that.
| Please consider this a request for such in a future version.
| But -- you said you're using XP Home, which does not support
| encryption. And if you updated to XP Pro (or Win 7), you'd have that
| utility as part of the OS.
|
| So I'm not clear just what you're asking for.

Yes, the external utility is available as I since learned. However,
there are many other external utilities that TCC now emulates using internal
commands. I think this would be another good candidate so the user could use
the unified syntax of TCC instead of learning the peculiarities of each
external.
--
Steve
 
#11
| I might have skimmed your email a little too quickly. But why can't
| you just use the built-in EFS in Windows?

Scott:
Thanks, I am doing that. When I posted my previous message I was not
aware that CIPHER.EXE is included in the WinXP Pro distribution. Too bad
they did not combine compression and encryption.
--
Steve