. , NTFS-, (ACL, Access Control List). ACL . ACL (ACE, Access Control Entry).
ACL | |||
ACE1 | SID1 | SID1 | |
ACE2 | SID2 | SID2 | |
ACE3 | SID3 | SID3 | |
,,, | ,,, | ,,, | |
ACEn | SIDn | SIDn |
, (SID) . SID- ACL . ( ) , SID- , . - ( ), , ACL . SID- .
, ( - ), . . , .
.
NTFS- , :
1) - ( , );
2) ( - , , ).
NTFS . :
1) ;
2) ;
3) ;
4) .
SID SID- , , , , .
.
, , . NTFS- , . , , "", "" "".
|
|
) EFS, , , , EFS, .
NTFS , Windows 2000. : , , .
EFS Windows CryptoAPI. . File Encryption Key (FEK). .
FEK , FEK. FEK EFS, DDF (data decryption field - ). , , . X509 "File encryption". FEK. -, (, , CryptoAPI).
FEK ( X509, , "File recovery").
, FEK. FEK EFS, DRF (data recovery field - ). FEK DRF . .
.
FEK. , ( DDF), ( DRF).
FEK - FEK, DDF. FEK . , . .
.
, FEK , FEK DRF.
EFS . , , , . , , . . , , ( - - cmd.exe)
Cipher /R: filename filename - .
( ). - *.cer *.pfx, . , ( , , ) *.pfx ( ). " " ( - - secpol.msc), " - EFS" "" " ". " ", " " *.cer, cipher .
|
|
( ), , EFS, "" "" (certmgr.msc). , , , EFS ( )
Windows, cipher.exe EFS, ( cipher - "" hh ntcmds.chm).
, " - ", " " "". "". - " - - ". , , - , - , . , EFS - "".
, , , , . - . , .