You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
130 lines
4.4 KiB
130 lines
4.4 KiB
.\" Copyright (c) 2014 Jean-Pierre Andre
|
|
.\" This file may be copied under the terms of the GNU Public License.
|
|
.\"
|
|
.TH NTFSDECRYPT 8 "June 2014" "ntfs-3g @VERSION@"
|
|
.SH NAME
|
|
ntfsdecrypt \- decrypt or update NTFS files encrypted according to EFS
|
|
.SH SYNOPSIS
|
|
\fBntfsdecrypt\fR [\fIoptions\fR] -k \fIkey.pfx \fIdevice file\fR
|
|
.SH DESCRIPTION
|
|
.B ntfsdecrypt
|
|
decrypts a file from an unmounted device and print the decrypted data
|
|
on the standard output.
|
|
It can also update an encrypted file with the encryption key unchanged.
|
|
.PP
|
|
The NTFS file encryption (known as EFS) uses a two-level encryption :
|
|
first, the file contents is encrypted with a random symmetric key, then
|
|
this symmetric key is encrypted with the public keys of each of the users
|
|
allowed to decrypt the file (RSA public key encryptions).
|
|
.P
|
|
Three symmetric encryption modes are currently implemented in ntfsdecrypt :
|
|
DESX (a DES variant), 3DES (triple DES) and AES_256 (an AES variant).
|
|
.P
|
|
All the encrypted symmetric keys are stored along with the file in a
|
|
special extended attribute named "$LOGGED_UTILITY_STREAM".
|
|
Usually, at least two users are allowed to read the file : its owner and
|
|
the recovery manager who is able to decrypt all the files in a company.
|
|
When backing up an encrypted file, it is important to also backup the
|
|
corresponding $LOGGED_UTILITY_STREAM, otherwise the file cannot be
|
|
decrypted, even by the recovery manager. Also note that encrypted files
|
|
are slightly bigger than apparent, and the option "efs_raw" has
|
|
to be used when backing up encrypted files with ntfs-3g.
|
|
.P
|
|
When ntfsdecrypt is used to update a file, the keys and the
|
|
$LOGGED_UTILITY_STREAM are kept unchanged, so a single key file has to
|
|
be designated.
|
|
.P
|
|
Note : the EFS encryption is only available in professional versions
|
|
of Windows;
|
|
.SH OPTIONS
|
|
Below is a summary of all the options that
|
|
.B ntfsdecrypt
|
|
accepts. Nearly all options have two equivalent names. The short name is
|
|
preceded by
|
|
.B \-
|
|
and the long name is preceded by
|
|
.BR \-\- .
|
|
Any single letter options, that don't take an argument, can be combined into a
|
|
single command, e.g.
|
|
.B \-fv
|
|
is equivalent to
|
|
.BR "\-f \-v" .
|
|
Long named options can be abbreviated to any unique prefix of their name.
|
|
.TP
|
|
\fB\-i\fR, \fB\-\-inode\fR NUM
|
|
Display or update the contents of a file designated through its inode number
|
|
instead of its name.
|
|
.TP
|
|
\fB\-e\fR, \fB\-\-encrypt\fR
|
|
Update an existing encrypted file and get the new contents from the
|
|
standard input. The full public and private key file has to be designated,
|
|
as the symmetric key is kept unchanged, so the private key is needed to
|
|
extract it.
|
|
.TP
|
|
\fB\-f\fR, \fB\-\-force\fR
|
|
This will override some sensible defaults, such as not using a mounted volume.
|
|
Use this option with caution.
|
|
.TP
|
|
\fB\-k\fR, \fB\-\-keyfile\-name\fR key.pfx
|
|
Define the file which contains the public and private keys in PKCS#12 format.
|
|
This file obviously contains the keys of one of the users allowed to decrypt
|
|
or update the file. It has to be extracted from Windows in PKCS#12 format
|
|
(its usual suffix is .p12 or .pfx), and it is protected by a passphrase
|
|
which has to be typed in for the keys to be extracted. This can be the
|
|
key file of any user allowed to read the file, including the one of the
|
|
recovery manager.
|
|
.TP
|
|
\fB\-h\fR, \fB\-\-help\fR
|
|
Show a list of options with a brief description of each one.
|
|
.TP
|
|
\fB\-q\fR, \fB\-\-quiet\fR
|
|
Suppress some debug/warning/error messages.
|
|
.TP
|
|
\fB\-V\fR, \fB\-\-version\fR
|
|
Show the version number, copyright and license of
|
|
.BR ntfsdecrypt .
|
|
.TP
|
|
\fB\-v\fR, \fB\-\-verbose\fR
|
|
Display more debug/warning/error messages.
|
|
.SH EXAMPLES
|
|
Display the contents of the file hamlet.doc in the directory Documents of
|
|
the root of the NTFS file system on the device /dev/sda1
|
|
.RS
|
|
.sp
|
|
.B ntfsdecrypt -k foo.key /dev/sda1 Documents/hamlet.doc
|
|
.sp
|
|
.RE
|
|
Update the file hamlet.doc
|
|
.RS
|
|
.sp
|
|
.B ntfsdecrypt -k foo.key /dev/sda1 Documents/hamlet.doc < new.doc
|
|
.sp
|
|
.RE
|
|
.SH BUGS
|
|
There are no known problems with
|
|
.BR ntfsdecrypt .
|
|
If you find a bug please send an email describing the problem to the
|
|
development team:
|
|
.br
|
|
.nh
|
|
ntfs\-3g\-devel@lists.sf.net
|
|
.hy
|
|
.SH AUTHORS
|
|
.B ntfsdecrypt
|
|
was written by Yuval Fledel, Anton Altaparmakov and Yura Pakhuchiy.
|
|
It was ported to ntfs-3g by Erik Larsson and upgraded by Jean-Pierre Andre.
|
|
.SH AVAILABILITY
|
|
.B ntfsdecrypt
|
|
is part of the
|
|
.B ntfs-3g
|
|
package and is available from:
|
|
.br
|
|
.nh
|
|
https://github.com/tuxera/ntfs-3g/wiki/
|
|
.hy
|
|
.SH SEE ALSO
|
|
Read \fBntfs-3g\fR(8) for details on option efs_raw,
|
|
.RE
|
|
.BR ntfscat (8),
|
|
.BR ntfsprogs (8)
|