Viewing Ciphertext of Encrypted File on NTFS (EFS)

Question

So I'm doing some testing with data encryption per a course I'm taking in school (for this assignment we're meant to use only a Windows environment), and I'm able to use Windows built-in "cipher.exe" tool just fine for what we need to do.

I made a small .txt file (my plain text), and I encrypted it using "cipher /e PlainText.txt" which has no error. However, I want to be able to view the ciphertext as well. How would one go about doing this? I tried logging in as a user that didn't have the proper access to the file and instead of seeing ciphertext it just comes up blank saying "Access Denied".

Thank you for any ideas.

Answer 1

The way you open an encrypted file in order to read its raw encrypted contents (e.g. for a backup/restore application) is to use the:

• OpenEncryptedFileRaw,
• ReadEncryptedFileRaw,
• WriteEncryptedFileRaw, and
• CloseEncryptedFileRaw

api functions.

Writing the code on the fly, in a hypothetical hybrid language:

void ExportEncryptedFileToStream(String filename, Stream targetStream)
{
   Pointer context;

   res = OpenEncryptedFileRaw("C:\Users\Ian\wallet.dat", 0, ref context);
   if (res <> ERROR_SUCCESS)
      RaiseWin32Error(res);
   try
   {
      res = ReadEncryptedFileRaw(exportCallback, null, context);
      if (res != ERROR_SUCCESS)
         RaiseWin32Error(res);
   }
   finally
   {
      CloseEncryptedFileRaw(context)
   }
}

function ExportCallback(pbData: PBYTE, pvCallbackContext: PVOID, ulLength: ULONG): DWORD
{
   Stream targetStream = Stream(pvCallbackContext);

   try
   {
      targetStream.Write(pbData, ulLength);
   }
   catch (Exception e)
   {
      return ERROR_WRITE_FAULT;
   }
   return ERROR_SUCCESS;
}

Note: Any code released into public domain. No attribution required.