| Steve Kondik | 79165c3 | 2015-11-09 19:43:00 -0800 | [diff] [blame] | 1 | .\" Copyright (c) 2014 Jean-Pierre Andre |
| 2 | .\" This file may be copied under the terms of the GNU Public License. |
| 3 | .\" |
| 4 | .TH NTFSDECRYPT 8 "June 2014" "ntfs-3g @VERSION@" |
| 5 | .SH NAME |
| 6 | ntfsdecrypt \- decrypt or update NTFS files encrypted according to EFS |
| 7 | .SH SYNOPSIS |
| 8 | \fBntfsdecrypt\fR [\fIoptions\fR] -k \fIkey.pfx \fIdevice file\fR |
| 9 | .SH DESCRIPTION |
| 10 | .B ntfsdecrypt |
| 11 | decrypts a file from an unmounted device and print the decrypted data |
| 12 | on the standard output. |
| 13 | It can also update an encrypted file with the encryption key unchanged. |
| 14 | .PP |
| 15 | The NTFS file encryption (known as EFS) uses a two-level encryption : |
| 16 | first, the file contents is encrypted with a random symmetric key, then |
| 17 | this symmetric key is encrypted with the public keys of each of the users |
| 18 | allowed to decrypt the file (RSA public key encryptions). |
| 19 | .P |
| 20 | Three symmetric encryption modes are currently implemented in ntfsdecrypt : |
| 21 | DESX (a DES variant), 3DES (triple DES) and AES_256 (an AES variant). |
| 22 | .P |
| 23 | All the encrypted symmetric keys are stored along with the file in a |
| 24 | special extended attribute named "$LOGGED_UTILITY_STREAM". |
| 25 | Usually, at least two users are allowed to read the file : its owner and |
| 26 | the recovery manager who is able to decrypt all the files in a company. |
| 27 | When backing up an encrypted file, it is important to also backup the |
| 28 | corresponding $LOGGED_UTILITY_STREAM, otherwise the file cannot be |
| 29 | decrypted, even by the recovery manager. Also note that encrypted files |
| 30 | are slightly bigger than apparent, and the option "efs_raw" has |
| 31 | to be used when backing up encrypted files with ntfs-3g. |
| 32 | .P |
| 33 | When ntfsdecrypt is used to update a file, the keys and the |
| 34 | $LOGGED_UTILITY_STREAM are kept unchanged, so a single key file has to |
| 35 | be designated. |
| 36 | .P |
| 37 | Note : the EFS encryption is only available in professional versions |
| 38 | of Windows; |
| 39 | .SH OPTIONS |
| 40 | Below is a summary of all the options that |
| 41 | .B ntfsdecrypt |
| 42 | accepts. Nearly all options have two equivalent names. The short name is |
| 43 | preceded by |
| 44 | .B \- |
| 45 | and the long name is preceded by |
| 46 | .BR \-\- . |
| 47 | Any single letter options, that don't take an argument, can be combined into a |
| 48 | single command, e.g. |
| 49 | .B \-fv |
| 50 | is equivalent to |
| 51 | .BR "\-f \-v" . |
| 52 | Long named options can be abbreviated to any unique prefix of their name. |
| 53 | .TP |
| 54 | \fB\-i\fR, \fB\-\-inode\fR NUM |
| 55 | Display or update the contents of a file designated through its inode number |
| 56 | instead of its name. |
| 57 | .TP |
| 58 | \fB\-e\fR, \fB\-\-encrypt\fR |
| 59 | Update an existing encrypted file and get the new contents from the |
| 60 | standard input. The full public and private key file has to be designated, |
| 61 | as the symmetric key is kept unchanged, so the private key is needed to |
| 62 | extract it. |
| 63 | .TP |
| 64 | \fB\-f\fR, \fB\-\-force\fR |
| 65 | This will override some sensible defaults, such as not using a mounted volume. |
| 66 | Use this option with caution. |
| 67 | .TP |
| 68 | \fB\-k\fR, \fB\-\-keyfile\-name\fR key.pfx |
| 69 | Define the file which contains the public and private keys in PKCS#12 format. |
| 70 | This file obviously contains the keys of one of the users allowed to decrypt |
| 71 | or update the file. It has to be extracted from Windows in PKCS#12 format |
| 72 | (its usual suffix is .p12 or .pfx), and it is protected by a passphrase |
| 73 | which has to be typed in for the keys to be extracted. This can be the |
| 74 | key file of any user allowed to read the file, including the one of the |
| 75 | recovery manager. |
| 76 | .TP |
| 77 | \fB\-h\fR, \fB\-\-help\fR |
| 78 | Show a list of options with a brief description of each one. |
| 79 | .TP |
| 80 | \fB\-q\fR, \fB\-\-quiet\fR |
| 81 | Suppress some debug/warning/error messages. |
| 82 | .TP |
| 83 | \fB\-V\fR, \fB\-\-version\fR |
| 84 | Show the version number, copyright and license of |
| 85 | .BR ntfsdecrypt . |
| 86 | .TP |
| 87 | \fB\-v\fR, \fB\-\-verbose\fR |
| 88 | Display more debug/warning/error messages. |
| 89 | .SH EXAMPLES |
| 90 | Display the contents of the file hamlet.doc in the directory Documents of |
| 91 | the root of the NTFS file system on the device /dev/sda1 |
| 92 | .RS |
| 93 | .sp |
| 94 | .B ntfsdecrypt -k foo.key /dev/sda1 Documents/hamlet.doc |
| 95 | .sp |
| 96 | .RE |
| 97 | Update the file hamlet.doc |
| 98 | .RS |
| 99 | .sp |
| 100 | .B ntfsdecrypt -k foo.key /dev/sda1 Documents/hamlet.doc < new.doc |
| 101 | .sp |
| 102 | .RE |
| 103 | .SH BUGS |
| 104 | There are no known problems with |
| 105 | .BR ntfsdecrypt . |
| 106 | If you find a bug please send an email describing the problem to the |
| 107 | development team: |
| 108 | .br |
| 109 | .nh |
| 110 | ntfs\-3g\-devel@lists.sf.net |
| 111 | .hy |
| 112 | .SH AUTHORS |
| 113 | .B ntfsdecrypt |
| 114 | was written by Yuval Fledel, Anton Altaparmakov and Yura Pakhuchiy. |
| 115 | It was ported to ntfs-3g by Erik Larsson and upgraded by Jean-Pierre Andre. |
| 116 | .SH AVAILABILITY |
| 117 | .B ntfsdecrypt |
| 118 | is part of the |
| 119 | .B ntfs-3g |
| 120 | package and is available from: |
| 121 | .br |
| 122 | .nh |
| 123 | http://www.tuxera.com/community/ |
| 124 | .hy |
| 125 | .SH SEE ALSO |
| 126 | Read \fBntfs-3g\fR(8) for details on option efs_raw, |
| 127 | .RE |
| 128 | .BR ntfscat (8), |
| 129 | .BR ntfsprogs (8) |