1NTFSDECRYPT(8)              System Manager's Manual             NTFSDECRYPT(8)
2
3
4

NAME

6       ntfsdecrypt - decrypt or update NTFS files encrypted according to EFS
7

SYNOPSIS

9       ntfsdecrypt [options] -k key.pfx device file
10

DESCRIPTION

12       ntfsdecrypt  decrypts a file from an unmounted device and print the de‐
13       crypted data on the standard output.  It can also update  an  encrypted
14       file with the encryption key unchanged.
15
16       The  NTFS  file encryption (known as EFS) uses a two-level encryption :
17       first, the file contents is encrypted with a random symmetric key, then
18       this  symmetric  key  is  encrypted with the public keys of each of the
19       users allowed to decrypt the file (RSA public key encryptions).
20
21       Three symmetric encryption modes are currently implemented  in  ntfsde‐
22       crypt  :  DESX  (a  DES variant), 3DES (triple DES) and AES_256 (an AES
23       variant).
24
25       All the encrypted symmetric keys are stored along with the  file  in  a
26       special extended attribute named "$LOGGED_UTILITY_STREAM".  Usually, at
27       least two users are allowed to read the file : its owner and the recov‐
28       ery  manager  who  is able to decrypt all the files in a company.  When
29       backing up an encrypted file, it is important to also backup the corre‐
30       sponding  $LOGGED_UTILITY_STREAM,  otherwise  the  file  cannot  be de‐
31       crypted, even by the recovery manager. Also note that  encrypted  files
32       are  slightly  bigger than apparent, and the option "efs_raw" has to be
33       used when backing up encrypted files with ntfs-3g.
34
35       When  ntfsdecrypt  is  used  to  update  a  file,  the  keys  and   the
36       $LOGGED_UTILITY_STREAM  are kept unchanged, so a single key file has to
37       be designated.
38
39       Note : the EFS encryption is only available in professional versions of
40       Windows;
41

OPTIONS

43       Below is a summary of all the options that ntfsdecrypt accepts.  Nearly
44       all options have two equivalent names.  The short name is preceded by -
45       and  the  long name is preceded by --.  Any single letter options, that
46       don't take an argument, can be combined into  a  single  command,  e.g.
47       -fv  is  equivalent to -f -v.  Long named options can be abbreviated to
48       any unique prefix of their name.
49
50       -i, --inode NUM
51              Display or update the contents of a file designated through  its
52              inode number instead of its name.
53
54       -e, --encrypt
55              Update  an existing encrypted file and get the new contents from
56              the standard input. The full public and private key file has  to
57              be  designated,  as  the symmetric key is kept unchanged, so the
58              private key is needed to extract it.
59
60       -f, --force
61              This will override some sensible defaults, such as not  using  a
62              mounted volume.  Use this option with caution.
63
64       -k, --keyfile-name key.pfx
65              Define  the  file  which contains the public and private keys in
66              PKCS#12 format.  This file obviously contains the keys of one of
67              the  users  allowed  to decrypt or update the file. It has to be
68              extracted from Windows in PKCS#12 format (its  usual  suffix  is
69              .p12  or .pfx), and it is protected by a passphrase which has to
70              be typed in for the keys to be extracted. This can  be  the  key
71              file  of any user allowed to read the file, including the one of
72              the recovery manager.
73
74       -h, --help
75              Show a list of options with a brief description of each one.
76
77       -q, --quiet
78              Suppress some debug/warning/error messages.
79
80       -V, --version
81              Show the version number, copyright and license of ntfsdecrypt.
82
83       -v, --verbose
84              Display more debug/warning/error messages.
85

EXAMPLES

87       Display the contents of the file hamlet.doc in the directory  Documents
88       of the root of the NTFS file system on the device /dev/sda1
89
90              ntfsdecrypt -k foo.key /dev/sda1 Documents/hamlet.doc
91
92       Update the file hamlet.doc
93
94              ntfsdecrypt -k foo.key /dev/sda1 Documents/hamlet.doc < new.doc
95
96

BUGS

98       There are no known problems with ntfsdecrypt.  If you find a bug please
99       send an email describing the problem to the development team:
100       ntfs-3g-devel@lists.sf.net
101

AUTHORS

103       ntfsdecrypt was written by Yuval Fledel, Anton  Altaparmakov  and  Yura
104       Pakhuchiy.   It  was  ported to ntfs-3g by Erik Larsson and upgraded by
105       Jean-Pierre Andre.
106

AVAILABILITY

108       ntfsdecrypt is part of the ntfs-3g package and is available from:
109       https://github.com/tuxera/ntfs-3g/wiki/
110

SEE ALSO

112       Read ntfs-3g(8) for details on option efs_raw,
113       ntfscat(8), ntfsprogs(8)
114
115
116
117ntfs-3g 2022.5.17                  June 2014                    NTFSDECRYPT(8)
Impressum