Access Windows EFS file from Mac

[How] can I access from my MBP a shared file residing on WIndows XP encrypted via EFS?

I mounted the volume on the Mac using the WIndows user name and password, so I'm somehow imagining that gives the same authority as seeing the file on Windows.  And that the decryption will occur on the Windows machine, with the data transmitted to the Mac in the clear.

From the Mac, I can see the file info (which EFS doesn't affect), but trying to open it gives "The operation cannot be completed because you do not have sufficient privileges for some of the items."  (I think things are mounted properly as I can open the file if I go over to Windows and decrypt it first.)

DCraft99Asked:
Who is Participating?
 
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:
you can't.

EFS is a microsoft-specific technology, which uses a rare form of encryption (DESX, I think MS invented it themselves) wrappered by otherwise industry-standard X509-based (RSA) encryption (there is an extended flag for EFS usage, but that's literally just a flag, it has no practical effect other than telling windows that the key is an EFS one)

there is a data recovery tool from http://www.lostpassword.com/efs.htm that might run in some sort of emulation environment under the mac, but I haven't heard of such usage.
0
 
DCraft99Author Commented:
I'm pretty sure EFS uses AES encryption by default as of XP SP2 [http://technet.microsoft.com/en-us/library/cc700811.aspx].

And, I don't think that's relevant for the approach I'm imagining, where the encryption/decryption is done on the XP side of the share, with the data transmitted in the clear.

It may still be the case that it can't be done, if XP doesn't support EFS and sharing in the cross-platform way I'm imagining.
0
 
Dave HoweSoftware and Hardware EngineerCommented:
I am not aware of EFS using anything but DESX by default - certainly, that is still true in the XP SP3 machines I have. That said, you *can* force a different crypto algo to be used, but its not particularly easy to do so.

EFS files are not sent across a share already decrypted - the receiving system is supposed to decrypt them. However, if you move or copy EFS encrypted files onto a non-ntfs volume (FAT32 or similar) they will be decrypted before they are transferred.

Truecrypt volumes, when mounted and shared, are shared as unencrypted files - if that helps any.
0
 
DCraft99Author Commented:
I think you're right that it can't be done.  Obviously not the answer I was hoping for, but then, I don't always get what I hope for :-).

I'm unfamiliar with DESX but have trouble reconciling your statement that EFS uses it by default with Microsoft's (per above reference) that EFS uses 128-bit AES by default.  No matter.  FWIW, I thought Microsoft did a lot right with EFS (I'm not generally a MS fan).

I'll give up on sharing between my Mac and legacy Windows in any transparent way, and just share decrypted files.

(Sorry for the delay in responding.  I just got out of a rabbit hole from a non-bootable system when Partition Magic encountered an error during partition resizing.  Having now read some on Experts Exchange about PM, I'm thinking that's my last use of it.  Yes, I did back up user files first, and it would still have been a pain to rebuild.  A bootable CD with chkdsk eventually worked.)

Thanks for you help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.