最後更新: 2023-09-19

目錄

• Explorer GUI View
• Export the EFS Certificate & Key
• Recovery Certificate & Key
• cipher

Explorer GUI View

 * Folder 的 key 係指入面 D file Default 會用那條 key 去加密

 * 每個 file 都可以用多過 1 條 key 加密

 * 不同的 cert 有不同的 Thumbprint

Checking:

Select "Your File / Folder" > RightClick > Properties > Advanced > Details

Export the EFS Certificate & Key

Certificate Manager(certmgr.msc) > Personal > Certificates

"Issued to" & "Issued by" = same user

Intended Purpose: Encryption File System

 * 有 Key 的 Cert 左上角有鎖匙 icon

Export

右 Click Certificates > All Tasks > Export > "Yes, eport the private key" > "Export all extended properties"

> 選用 "AES256-SHA256" 加密

Backup By CLI

cipher /x "%UserProfile%\Desktop\EFSCertKeyBak"

Please type in the password to protect your .PFX file:
Please retype the password to confirm:


EFS certificate(s) is(are) backed up successfully.

Recovery Certificate & Key

User certificates (RSA keys) key is stored in

%APPDATA%\Microsoft\Crypto\RSA\UserSID          # UserSID = S-?

When you remove certificate from Certificates MMC snap-in or by using other means

    (certutil, or other programming APIs such X509Store .NET class)

    only registry entry is removed. No associated private keys are deleted.

[1] Retrieve a public part of this certificate

Dumps the certificate store(certmgr.msc)

• Trusted People/Certificates
• Other People/Certificates

[2] Import certificate

Now double-click on file (Trusted People/Certificates) and install certificate to "Personal store".

[3] List certificate

# -store            -- Dump certificate store

certutil -store -user certificatestorename certID

• certificatestorename: My("Personal"), CA(Default), Root
• certID: serial number / public key hash

# List All

certutil -store -user my

my "Personal"
================ Certificate 0 ================
Serial Number: 1a5d...
Issuer: CN=tim
 NotBefore: 10/19/2018 5:25 PM
 NotAfter: 9/25/2118 5:25 PM
Subject: CN=tim
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): e9d1...
No key provider information
Cannot find the certificate and private key for decryption.

Notes

"Cert Hash" 加密後的 file 會 label 它

沒帶有 Key 的 Cert "No key provider information"

# 只顯示某 SN 的 Cert

certutil -user -repairstore MY 1a5d...

MY "Personal"
================ Certificate 0 ================
Serial Number: 1a5...
Issuer: CN=tim
 NotBefore: 10/19/2018 5:25 PM
 NotAfter: 9/25/2118 5:25 PM
Subject: CN=tim
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): e9d1e7718ea391b68a68dcdc1ef35862e2a01359
  Key Container = 236b4faf-?-?-?-?
  Unique container name: ?-?-?-?-?
  Provider = Microsoft Enhanced Cryptographic Provider v1.0
Encryption test passed

Notes

帶有 Key 的 Cert 會有 "Unique container name: ?-?-?-?-?"

其中 "?-?-?-?-?" 是 %APPDATA%\Microsoft\Crypto\RSA\UserSID 內的 filename

[4] To re-associate Key

When you look to a Personal/Certificate it will say that there is no associated private key ("Unique container name")

To re-associate imported certificate with existing private key

certutil -user -repairstore MY 1a5...

my "Personal"
================ Certificate 0 ================
Serial Number: 1a5d...
Issuer: CN=tim
 NotBefore: 10/19/2018 5:25 PM
 NotAfter: 9/25/2118 5:25 PM
Subject: CN=tim
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): e9d1...
  Key Container = 236b4faf-?-?-?-?
  Unique container name: ?-?-?-?-?
  Provider = Microsoft Enhanced Cryptographic Provider v1.0
Encryption test passed