Microsoft KB Archive/329741

= Encrypting File System (EFS) files appear corrupted when you open them =

Article ID: 329741

Article Last Modified on 9/14/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q329741



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
If you view Encrypting File System (EFS) files on a computer that is running Windows Server 2003, Windows XP, or Windows 2000, the encrypted files may appear to be corrupted or filled with random characters.



CAUSE
This behavior occurs if these files were encrypted on a computer that was running Windows XP Service Pack 1 (SP1) or later or Windows Server 2003. By default, Windows XP SP1 (or later) and Windows Server 2003 use the Advanced Encryption Standard (AES) algorithm for encrypting files with EFS. Windows 2000 and Windows XP do not support the AES algorithm and cannot access these files.



RESOLUTION
To resolve this behavior, access the encrypted files by using Windows XP SP1 (or later) or Windows Server 2003.



WORKAROUND
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To work around this behavior, configure the Windows XP SP1-based computer to encrypt files by using an algorithm that is supported by the other operating systems that access the files. To do so:  Decrypt all the EFS encrypted files in Windows XP SP1. On the Windows XP SP1-based workstation, start Registry Editor. Locate and then click the following key in the registry:  On the Edit menu, click Add Value, and then add the following registry value:

Value name: AlgorithmID

Data type: REG_DWORD

Radix: Hexadecimal

Value data: Use any of the values from the following list:

 3DES: 0x6603 (This value is compatible with Windows XP and later.)</li> DESX: 0x6604 (This value is compatible with all versions of Windows 2000 and Windows XP.)</li> AES_256: 0x6610 (This is the default value. It is compatible with only Windows XP SP1 and later.)</li></ul> </li> Quit Registry Editor.</li> Restart the Windows XP SP1-based workstation.</li> Encrypt the files again using either operating system.</li></ol>

Important The same certificate and the associated private key must be available in the context of the user on all operating systems that will be accessing the files.

<div class="status_section">

STATUS
This behavior is by design.

<div class="moreinformation_section">

MORE INFORMATION
EFS generates a new symmetric key called a File Encryption Key (FEK) for each file it encrypts. EFS uses this symmetric key to encrypt and decrypt the contents of the file. This FEK is then encrypted using the public keys in the certificates of the following users:
 * The user encrypting the files.
 * Any other users who are configured to use the file.
 * Any configured recovery agents.

The original (unencrypted) FEK is not saved. The algorithm that is described in this article refers to the symmetric encryption with the FEK, and not the public key operations with the users' private key on the FEK.

Notes:
 * Windows 2000 can only use the expanded Data Encryption Standard (DESX) algorithm for EFS encryption and decryption.
 * Versions of Windows XP earlier than SP1 can only use the expanded DESX or the Triple-DES (3DES) algorithm for EFS encryption and decryption.
 * Windows XP with SP1 or later can encrypt or decrypt files using DESX, 3DES, or AES.

For more information about 3DES and DESX, view the &quot;Encrypting and Decrypting Data with Encrypting File System&quot; topic in the Windows XP Help file.

For more information about the AES Cryptographic Provider in Windows, visit the following Microsoft Web sites:

http://msdn2.microsoft.com/en-us/library/Aa375545.aspx

http://msdn2.microsoft.com/en-us/library/aa386983.aspx

For more information about EFS, view the Encrypting File System in Windows XP and Windows Server 2003 white paper. To view this white paper, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/guidance/cryptographyetc/efs.mspx

Additional query words: garbage mangled corrupt unreadable unusable lost random character characters can't open use read data loss

Keywords: kbprb KB329741

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.