Encrypting File System (EFS) files appear corrupted when you open them (329741)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Small Business Server 2003, Premium Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition
  • Microsoft Windows XP Professional SP1
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Server SP3
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Windows 2000 Advanced Server SP3
This article was previously published under Q329741
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

If you view Encrypting File System (EFS) files on a computer that is running Windows Server 2003, Windows XP, or Windows 2000, the encrypted files may appear to be corrupted or filled with random characters.

CAUSE

This behavior occurs if these files were encrypted on a computer that was running Windows XP Service Pack 1 (SP1) or later or Windows Server 2003. By default, Windows XP SP1 (or later) and Windows Server 2003 use the Advanced Encryption Standard (AES) algorithm for encrypting files with EFS. Windows 2000 and Windows XP do not support the AES algorithm and cannot access these files.

RESOLUTION

To resolve this behavior, access the encrypted files by using Windows XP SP1 (or later) or Windows Server 2003.

WORKAROUND

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To work around this behavior, configure the Windows XP SP1-based computer to encrypt files by using an algorithm that is supported by the other operating systems that access the files. To do so:
  1. Decrypt all the EFS encrypted files in Windows XP SP1.
  2. On the Windows XP SP1-based workstation, start Registry Editor.
  3. Locate and then click the following key in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS
  4. On the Edit menu, click Add Value, and then add the following registry value:

    Value name: AlgorithmID
    Data type: REG_DWORD
    Radix: Hexadecimal
    Value data: Use any of the values from the following list:

    • 3DES: 0x6603 (This value is compatible with Windows XP and later.)
    • DESX: 0x6604 (This value is compatible with all versions of Windows 2000 and Windows XP.)
    • AES_256: 0x6610 (This is the default value. It is compatible with only Windows XP SP1 and later.)
  5. Quit Registry Editor.
  6. Restart the Windows XP SP1-based workstation.
  7. Encrypt the files again using either operating system.
Important The same certificate and the associated private key must be available in the context of the user on all operating systems that will be accessing the files.

STATUS

This behavior is by design.

MORE INFORMATION

EFS generates a new symmetric key called a File Encryption Key (FEK) for each file it encrypts. EFS uses this symmetric key to encrypt and decrypt the contents of the file. This FEK is then encrypted using the public keys in the certificates of the following users:
  • The user encrypting the files.
  • Any other users who are configured to use the file.
  • Any configured recovery agents.
The original (unencrypted) FEK is not saved. The algorithm that is described in this article refers to the symmetric encryption with the FEK, and not the public key operations with the users' private key on the FEK.

Notes:
  • Windows 2000 can only use the expanded Data Encryption Standard (DESX) algorithm for EFS encryption and decryption.
  • Versions of Windows XP earlier than SP1 can only use the expanded DESX or the Triple-DES (3DES) algorithm for EFS encryption and decryption.
  • Windows XP with SP1 or later can encrypt or decrypt files using DESX, 3DES, or AES.
For more information about 3DES and DESX, view the "Encrypting and Decrypting Data with Encrypting File System" topic in the Windows XP Help file.

For more information about the AES Cryptographic Provider in Windows, visit the following Microsoft Web sites:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/aes_provider_algorithms.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/microsoft_cryptographic_service_providers.asp

For more information about EFS, view the Encrypting File System in Windows XP and Windows Server 2003 white paper. To view this white paper, visit the following Microsoft Web site:

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

Modification Type:MajorLast Reviewed:8/21/2006
Keywords:kbprb KB329741
©2004 Microsoft Corporation. All rights reserved.