Microsoft Windows XP Professional Resource Kit 2003
ISBN: N/A
EAN: N/A
EAN: N/A
Year: 2005
Pages: 338
Pages: 338
When an encrypted file is saved, WindowsXP Professional automatically provides four levels of encryption and a fifth, the startup key, can be configured. These levels of encryption protect the encryption keys that are used to protect the file:
EFS provides the FEK, which encrypts the data in the file.
EFS uses the public key in the user s EFS certificate to encrypt the FEK. The public key and certificate are stored by default in the computer s certificate store. The corresponding private key, used to decrypt the FEK, is stored in an encrypted form in the user s profile for the corresponding user or the data recovery agent account in the RSA folder.
The Data Protection API generates the user s master key that is used to encrypt the user s private keys.
The Data Protection API generates a symmetric password encryption key, derived from a hash of the file creator s credentials, which encrypts the user s master key.
A startup key (also called the syskey) can be used to protect all master keys as well as a variety of other secrets that are stored on computers. At system startup, the startup key is used to encrypt all of the private keys on the computer, including private keys that are used for EFS. Startup keys are automatically generated and used for computers in a domain but must be manually configured on stand-alone computers. Startup key security can be increased by storing the key on removable media or by requiring a system startup password.
Windows XP Professional provides several configuration options that increase security. To prevent loss of access to your master keys on stand-alone computers, you can create a password reset disk (PRD). To provide stronger encryption for files, you can enable the 3DES encryption algorithm. In addition, you can implement options to prevent your computer from entering hibernation mode and to delete paging files at system shutdown so that data is not needlessly exposed.
WindowsXP Professional stores a user s public key certificates in the user s personal certificate store. Certificates are stored in plaintext because they are public information, and they are digitally signed by certification authorities to protect against tampering.
User certificates are located in the Documents and Settings\username \Application Data\Microsoft\SystemCertificates\My\Certificates folder for each user profile. These certificates are written to the user s personal store in the system registry each time the user logs on to the computer. For roaming profiles, users certificates are located on the domain controller and follow users when they log on to different computers in the domain.
Private keys for the Microsoft RSA-based cryptographic service providers (CSPs), including the Base CSP and the Enhanced CSP, are located in the user profile under RootDirectory\Documents and Settings\username\Application Data\Microsoft \Crypto\RSA. In the case of a roaming user profile, private keys reside in the RSA folder on the domain controller and are downloaded to the user s computer until the user logs off or the computer is restarted.
Because private keys must be protected, all files in the RSA folder are automatically encrypted by using a random symmetric key called the user s master key. The user s master key is 64 bytes in length and is generated by a strong random number generator. 3DES keys are derived from the master key and are used to protect private keys. The master key is generated automatically and is periodically renewed. It encrypts each file in the RSA folder automatically as the file is created.
For more information about CryptoAPI, see the Software Development Kit (SDK) link on the Web Resources page at http://www.microsoft.com/windows/reskits /webresources.
For more information about Data Protection API, see the Technet link on the Web resources page at http://www.microsoft.com/windows/reskits/webresources
| Caution | The RSA folder must never be renamed or moved. This is the only place the CSPs look for private keys. If you need additional protection for this folder, the administrator can provide additional file system security for users computers or use roaming profiles. |
The Data Protection API automatically encrypts the user s master key or keys. Master keys are stored in the user profile under RootDirectory\Documents and Settings \username\Application Data\Microsoft\Protect. For a domain user who has a roaming profile, the master key is located in the user s profile and is downloaded to the user s profile on the local computer until the computer is restarted.
While the user is logged on, when a master key is not being used for a cryptographic operation, it is encrypted and stored on disk. Before master keys are stored, they are 3DES-encrypted using a key derived from the user s password. When a user changes his or her logon password, master keys are automatically unencrypted and re-encrypted using the new password.
If a logon password is forgotten or if an administrator resets a user password, the user s master keys become inaccessible. Because the decryption key is derived from the user s password, the system is unable to decrypt the master keys. Without the master keys, EFS-encrypted files are also inaccessible to the user, and can only be recovered by a data recovery agent, if one has been configured, or through the use of a password reset disk (PRD), if one has been created.
| Note | The password reset disk feature is available for local accounts only. Domain account passwords cannot be backed up by using a PRD. |
For example, Alice uses EFS on her stand-alone computer to encrypt her private files. She forgets her password but remembers the password for the built-in administrator account. She logs on as the administrator and resets the password for her account named Alice. When she resets the password, she is able to log on as Alice, but files that she encrypted as Alice are inaccessible because the master keys are inaccessible.
Alice can recover her encrypted data in two ways. First, if a data recovery agent was configured for Alice s computer before she encrypted the files, the DRA can recover the files. Second, even without a DRA, if Alice created a PRD before she lost or reset her password, she can use the PRD to safely change her password and recover her data.
PRDs protect against loss of access to master keys and encrypted files on stand-alone computers. Users can create PRDs for their own user accounts. When a user creates a PRD, the system creates a public-private key pair and a self-signed certificate. The user s password is encrypted by using the public key and stored locally in the registry at HKEY_LOCAL_MACHINE\SECURITY\Recovery\<user SID>.
The private key is exported to a removable media and deleted from the local computer.
To create a password reset disk for your user account
In Control Panel, click User Accounts.
Click your user account.
Under Related Tasks, select Prevent a forgotten password. This starts the Forgotten Password wizard.
On the welcome screen, click Next.
Select the removable drive on which you would like to store your password key, and then click Next.
Enter your current password, and click Next.
If you have created a PRD and you forget your password or enter the wrong password, you will be prompted with the following message: Did you forget your password? You can use your password reset disk. You can then use the Password Reset wizard to reset your password. The system will do the following:
Use the private key stored on the PRD to decrypt the stored copy of your old password.
Create a decryption key based on an SHA-1 hash of your old password.
Decrypt your master keys by using the decryption key.
Prompt you for a new password.
Encrypt master keys by using your new password.
To use the PRD to reset your password
At the logon screen, click use your password reset disk to start the Password Reset wizard, and then click Next.
Insert the removable media that contains your password key, and then click Next.
Enter your new password in the Reset the User Account Password dialog box, and then click Next.
The Syskey wizard enables startup key protection. If enabled, the startup key protects the following sensitive information:
Master keys that are used to protect private keys.
Protection keys for user account passwords stored in Active Directory.
Protection keys for passwords stored in the registry in the local Security Accounts Manager (SAM) registry key.
Protection keys for LSA secrets.
The protection key for the administrator account password that is used for system recovery startup in safe mode.
You must be a member of the local Administrators group to use the syskey command. Using this utility, an administrator can configure the system to do one of the following:
Use a computer-generated random key as the startup key, and store it on the local system by using a complex obfuscation algorithm that scatters the startup key throughout the registry. This option enables computer restarts without the need to enter the startup key.
Use a computer-generated random key, but store it on a floppy disk. The floppy disk must be inserted into a drive during system startup for the startup sequence to complete. This option is more secure than the first, but effectively rules out restarting the computer remotely.
| Warning | If the startup key password is forgotten or the floppy disk that contains the startup key is lost, it might not be possible to start the system. If this occurs, the only way to recover the system is to use a repair disk to restore the registry to a state prior to when startup key protection was enabled. Any changes that were made after that time would be lost. Therefore it is important to store the startup key safely. If it is on a floppy disk, make backup copies and store them in different locations. |
Use a password chosen by the administrator to derive the startup key. The administrator is prompted for the password during the initial startup sequence.
| Note | After startup key protection is enabled, it cannot be disabled, but it can be configured to operate at different security levels. |
To enable startup key protection
At the command line, type:
syskey
Click Encryption Enabled, and then click OK.
or
Click Update, if encryption was previously enabled.
Select an option for the key.
The default option is a system-generated password that is stored locally. If you use the password-derived startup key option, syskey does not enforce a minimum password length. However, passwords longer than 12 characters are recommended. The maximum length is 128 characters.
Click OK to restart the computer.
When the system restarts, you might be prompted to enter the startup key, depending on the key option you selected. The first use of the startup key is detected and a new random password encryption key is generated. The password encryption key is protected by using the startup key, and then all account password information is strongly encrypted.
After the startup key has been enabled, the following process occurs at system startups:
The startup key is retrieved from the locally stored key, the password entry, or insertion of a floppy disk, depending on the option you selected.
The startup key is used to decrypt the master protection key.
The master protection key is used to derive the per-user account password encryption key, which is then used to decrypt the password information in Active Directory or the local SAM registry key.
The syskey command can be used again later to change the startup key storage option or to change the password. Changing the startup key requires knowledge of, or possession of, the current startup key.
To change the startup key option or password
At the command line, type:
syskey
In the first dialog box, click Update.
In the next dialog box, select a key option or change the password, and then click OK.
Restart the computer.
You can strengthen security by replacing the default DESX algorithm with 3DES. In a stand-alone environment, enabling 3DES is recommended. In a domain environment, the appropriate encryption algorithm is typically determined by corporate policy.
3DES can be enabled by using the system cryptography Group Policy setting. If this setting is configured for 3DES, IP Security and EFS both use 3DES for encryption. Not all IP Security implementations are capable of encrypting by using 3DES, however. Windows 2000 without the High Encryption Pack, for example, cannot use 3DES. It is also possible to configure EFS to use 3DES without affecting encryption elsewhere. This requires modification of a registry setting.
To enable system-wide 3DES by using Group Policy
In Computer Configuration, expand Windows Settings, Security Settings, Local Policies, and then expand Security Options.
Double-click System cryptography: Use FIPS compliant algorithms for encryption.
Select Enabled, and then click OK.
To enable 3DES for EFS only, a registry entry must be added.
To enable 3DES for EFS only
In the Run dialog box, type regedit.exe.
Navigate to the subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Windows NT\CurrentVersion\EFS.
On the Edit menu, point to New, and then click DWORD Value.
Enter AlgorithmID for the value name and 0x6603 for the value data to enable 3DES.
Restart the computer.
To disable 3DES and enable DESX, simply delete the AlgorithmID setting and restart the computer.
| Caution | Do not edit the registry unless you have no alternative. The registry editor bypasses standard safeguards, allowing settings that can damage your system, or even require you to reinstall Windows. If you must edit the registry, back it up first and see the Registry Reference in the Microsoft Windows 2000 Server Resource Kit at http://www.microsoft.com/reskit |
When 3DES is enabled, files encrypted by using both the DESX and 3DES algorithms can be decrypted. However, all new files are encrypted by using the 3DES algorithm.
| Caution | If a user needs to access an encrypted file from both Windows 2000 and WindowsXP Professional, do not enable the 3DES algorithm. The Windows 2000 operating system does not support the 3DES algorithm by default. However, if the High Encryption Pack has been installed on Windows 2000, it can use 3DES. |
File data is decrypted before it is sent to an application. This means that the FEK is also decrypted. Although the FEK is not exposed, file data might be.
Because the EFS File System Run-Time Library (FSRTL) is located in the Windows operating system kernel and uses the nonpaged pool to store the FEK, FEKs cannot be leaked to paging files. However, because the contents of paging files are not encrypted, the plaintext contents of encrypted files might temporarily be copied to paging files when open for application use. If the plaintext contents of encrypted files are copied to a paging file, the plaintext remains in the paging file until the contents are replaced by new data. Plaintext contents can remain in paging files for a considerable amount of time even after applications close the encrypted files.
A paging file is a system file, so it cannot be encrypted. (By default, the name of the paging file is Pagefile.sys.) The file system security for paging files prevents any user from gaining access to and reading these files, and these security settings cannot be changed. However, someone other than the authorized user might start the computer under a different operating system to read a paging file.
To prevent others from reading the contents of paging files that might contain plaintext of encrypted files, you can do either of the following:
Disable hibernation mode on your computer.
Configure security settings to clear the paging files every time the computer shuts down.
When a computer hibernates, the contents of system memory and any open files are written to a storage file on the hard drive, and the system is powered off. This saves energy and allows the computer to be restarted with the same applications and files that were open when the system hibernated. However, hibernation can be a security risk because files are decrypted for use in applications. If an encrypted file is opened and then the system is hibernated, the contents of the open encrypted file will be in the hibernation storage file as plaintext. An attacker could potentially access the storage file used during hibernation. For this reason, EFS users might want to disable hibernation so that encrypted files are not placed at risk. If you choose to use hibernation mode, be sure to close any open encrypted files before letting the system hibernate.
To disable hibernation
In Control Panel, double-click Performance and Maintenance, and then click Power Options.
On the Hibernate tab, clear the Enable hibernate check box.
Click Apply.
When a file is encrypted or decrypted, plaintext data can be paged. This can be a security problem if an attacker boots the system by using another operating system and opens the paging file. The paging file can be cleared at shutdown by means of Group Policy.
To clear the paging file at shutdown
In the Group Policy snap-in, select a Group Policy object to edit.
Expand Computer Configuration and Windows Settings, Security Settings, Local Policies, and then expand Security Options.
Double-click Shutdown: Clear virtual memory pagefile.
Click Enabled, and then click OK.