Windows Mobile 6 Storage Card Encryption FAQ

Article
03/26/2007

My colleague Jason Langridge wrote a post about the storage card encryption feature in WM6. This is one of the features I worked on, so I'd like to host some FAQs about it here.

What scenario is the feature designed to mitigate?

It's fairly easy to remove a storage card from a device, so this mitigates the threat that a storage card with sensitive data is stolen out of a device.

What if the device and the storage card are both stolen?

The best practice is to use a PIN or strong password and local wipe to protect the data on the internal flash. Issue a remote wipe via OWA to wipe out the data on a stolen device as soon as possible. In WM6, a local or remote wipe will also wipe any inserted storage card.

What if I forget the PIN to my device?

(This is only tangentially related to storage card encryption, but here goes) You can escrow a recovery pin up to the exchange server. Retrieve the recovery pin via OWA and use that to locally reset the password on the device.

What happens if the device is cold booted?

If the device is reset and internal flash is cleared, the decryption keys are lost. If the keys were preserved, it would be easy to access the storage card of a stolen device by just cold booting the stolen device and clearing its storage, then re-inserting the stolen card.

What about key escrow and recovery?

There isn't any key escrow or recovery in this release. We realize this is very important to many enterprise customers. Feel free to add your comments about how important this is to your organization as it helps us prioritize the work for the future. If you don't want key escrow, that would also be good to hear.

What algorithm is used?

The encryption filter uses DPAPI to encrypt files. By default, this will use AES-128.

Where are the encryption keys stored?

The DPAPI master key is currently stored on the internal flash. It's unreadable by untrusted applications.

What is the performance impact?

Encryption isn't free, so we expect there to be some performance impact. In most of my scenario testing however, I found the impact to be minimal because the disk I/O was more expensive than the CPU hit for encryption. The one that was most affected in my testing was probably syncing lots of media files via media player to the encrypted storage card. If you are seeing a severe performance degradation, I would like to hear about it. Please e-mail via the contact form on this blog or leave a comment below.

What is the storage overhead?

Encrypted files take up one additional page for the header, plus one page for about every 200K of data. For a very small file, there will be 8K of overhead. For a ~600K file, there will be 16K of overhead.

What's with the MENC extension?

The files are stored on disk with a MENC extension - this lets the encryption filter know quickly which files are encrypted and if they match the key on the device. If you put the storage card in a desktop card reader, or put it in another device, you will see that the files have a MENC extension. The point of the extension is that you can't read those files, so the extension makes it harder for you to try to load those files into an application that won't be able to read them anyway. We also were able to associate a lock icon with the extension to add an additional hint.

If the encryption filter on the device is able to read and decrypt the files, it hides the MENC extension so the file looks like normal.

What's the 7726325a in test.txt.7726325a.menc?

The random data there is part of a GUID that is generated for decryption keys on the device. That GUID lets the encryption filter know at a glance whether or not it will be able to decrypt a given file. For files where the GUID matches, the filter will strip the GUID.MENC extension off of the file and show it to the operating system as the original filename. You can edit the filename on disk to change the GUID of a file so that the encryption filter thinks it can decrypt it, but when the file is actually opened the encryption filter won't be able to decrypt it and you'll get an error.

How can I tell if my files are encrypted on the device?

You can call GetFileAttributes(). Encrypted files will have FILE_ATTRIBUTE_ENCRYPTED. You can also take out the card and put it in another device or card reader. The encrypted files will show up as .MENC files.

Which files are encrypted by this feature?

Once encryption is enabled, all new files on the storage card will be encrypted. Files that already existed on the card stay unencrypted. So if there is a file on the storage card that you know you want to share with someone else, you can create the file on the desktop or create it before enabling encryption. The file will stay unencrypted. If you want to cause an existing file to be encrypted, you can copy it off the storage card and then copy it back again.

I turned on encryption in the control panel, but nothing is happening. What gives?

Only new files on the storage card are encrypted, so your existing files won't change. Did you create a new file? If you did and you're still not seeing the files as encrypted, it's possible that the encryption filter isn't installed on the storage profile that you're using. This shouldn't happen on any retail WM6 device, but if you're seeing that situation please let me know!

How do I migrate an encrypted storage card to a new device?

The easiest way in my opinion is to copy all the encrypted files off the card to an attached desktop machine via Activesync. Then copy them back to the card in the new device.

My files were encrypted and I lost my phone or hard reset it. Can Microsoft help me recover the files?

No, the keys are lost and the files cannot be recovered.

Feel free to send me any further questions about the feature or post your comments below.

Scott

Comments

Anonymous
March 26, 2007
The comment has been removed
Anonymous
March 26, 2007
Thanks for the feedback, Wayne. I'm interested to know what scenarios you're concerned about for recovery. Is it when a device is lost but the card inside it is not? Is it that the user forgets their PIN and isn't using exchange password reset? (you would still lose all the data on the device in that case) In what situations do your users have their encrypted data but can't access it?
Anonymous
March 26, 2007
Are there any details available on the remote wipe mechanism? I've seen it referenced a number of times but have yet to read any definitive description as to how it works.
Anonymous
March 26, 2007
Is there a way to turn on SD encryption using wap-provisioning? OMA-DM provisioning?
Anonymous
March 27, 2007
how to enable encryption? encryption is enabled in settings, but actually it does not encrypt anything. did i miss something?
Anonymous
March 27, 2007
Most of the time in practice with EFS we see situations where the end-point uses encryption to protect files. So far so good. Well now, he is changing PCs or laptops, or even just messing around on the one he has. For whatever reason, the data is transited, encrypted, but the certificate is not on the new machine/new configuration and we restore the certificate, associate it with EFS, and everything is fine. In a mobile scenario, there is already a small subset users with WM5 that practice good procedure and use system passwords. Said password now forgotten. Device inaccessible. With tomorrow's critical presentation. End-point customer gets ... 'excited'. In a situation where we are now looking at extending/combining both of these problems to a transitory storage platform where the recovery mechanism is non-existant, there are situations where we have device replacement (this happens unfortunately more often than we hope for, certain vendor deviecs using the WM5 platform are not as robust as we would hope). When you extend a PIN-based encryption mechanism to the system, its not very hard to imagine a subset of users with lost PINs and device replacement scenarios who now have a secure and useless miniSD card. Its an issue balancing of the confidentiality and availability aspects of security. If we could significantly reduce the risk of loss of availibility through either a PIN loss or device loss event, then the encryption becomes something that is far more maintainable at the enterprise level.
Anonymous
March 27, 2007
Coming from a cellphone OEM perspective, I believe the cold-boot destroying the encryption keys is both good, and bad. I can see the good quite easily, however exporting the keys would seem to be something that could have been implemented with some sort of Exchange server solution. That would only work if we assume the Exchange server is a secure environment, but then again if the Exchange server is compromised all your emails are exposed as well. During traditional troubleshooting from a phone perspective there are many times in which, as an OEM, we request users to do hard-resets (Especially on CDMA devices, since they do not have as many phone codes as GSM Devices). Because of the loss of the encryption keys, we will now have to ask the customer, if they are using a Windows Mobile device, if the storage card is encrypted, and if it is, then we will have to tell the customer to copy all the contents onto the device, or disable encryption then recopy all of the data before proceeding with a hard reset. So anytime a hard reset needs to be done, by advice of IT or the OEM, then there will be several steps involved before actually being able to perform the hard reset without severe data loss (I would assume it would be severe since if your encrypting your data, it is very sensitive). Even though the device is running Windows Mobile, we can't forget that it is still half a phone, and many times phones, for whatever reason, need a hard reset. Also in some of my testing when viewing the encrypted files on through a USB to microSD card reader I see soemthing else in the filename test.txt.bef4ee12.menc After Hard reset same file contents test.txt.7726325a.menc The part between the txt and menc is consistent when writing any files during the same period of hard reset. I understand the menc part, whats the other part? -JasperM
Anonymous
March 27, 2007
Thanks Jasper, I was wondering if someone would ask that about the file extension. :) I'll add it to the main body.
Anonymous
March 27, 2007
eram: Yes, there is a CSP for the storage card encryption and it's usable via WAP or OMA-DM. It looks like the documentation hasn't gone live yet, but you can turn on the encryption filter with XML like this: <wap-provisioningdoc> <characteristic type="MobileEncryption"> <parm name="Enable" value="1" /> </characteristic> </wap-provisioningdoc>
Anonymous
March 27, 2007
With larger files approximately 5megs, I've noticed about a 3.7% increase in file size, in case anyone was wondering.
Anonymous
March 27, 2007
Wayne: You're right that the data will be lost if the device itself is destroyed but the card is not. For a simple PIN loss, why not use the OWA password reset?
Anonymous
March 27, 2007
hmmm... i have read latest addition to the article... but the encryption still not working... it's not a retail wm6 device. it is a device emulator. i will check if encryption filter is enabled and will report here if it does.
Anonymous
March 27, 2007
Hey Alexander: Are you using the "shared folder" feature of the Device Emulator to try out the encryption? I'm pretty sure that doesn't work. (the filter isn't installed on that filesystem) I think there were some technical reasons why this was impossible because I definitely would have liked to have this during testing. Let me check and see if there's a way to enable that you're trying to do.
Anonymous
March 27, 2007
(1) FILE_ATTRIBUTE_ENCRYPTED(0x00004000) is now different from FILE_ATTRIBUTE_INROM(0x00000040) from WM 6.0. However, when you try to set file attribute to FILE_ATTRIBUTE_ENCRYPTED with SetFileAttributes(), SetFileAttributes() says everything is ok. When you call GetFileAttributes(), it says nothing Changed! Are you sure this has been fixed in WM 6.0 cross the system? (1) SD Encryption should be implemented in a manner that has zero impact on the performance! and it can be done. Just dont use the file system filtering stuffs. That's bad choice. Do encryption at the block device driver level is much more simple, reliable and greater. Or you can just do a proxying....
Anonymous
March 27, 2007
The comment has been removed
Anonymous
March 27, 2007
I think that's just the way the FAT filesystem works - it's masking off attributes that it knows it can't set and ignoring that you tried to set them. It would probably be better to return FALSE, of course. You can't change the encryption state using SetFileAttributes.
Anonymous
March 27, 2007
then there is no way to tell if a file is an encrypted file? (except the encryption filter driver's author?)
Anonymous
March 27, 2007
Matthew: What I mean by local wipe is that you use the security policy that will wipe the device after a threshold of incorrect PIN entries. Using this limits the number of attempts that the attacker gets. The recovery PIN is generated and escrowed beforehand. There's an option on the unlock screen to use the recovery PIN. (actually it's quite a long string) So you select that option, get the pin out-of-band through OWA, and type it in. If it matches, you get to choose a new device password. By "cold boot", I mean "hard reset". Internally we refer to a hard reset as a cold boot, and don't distinguish between a reboot and a boot w/ power loss in between.
Anonymous
March 27, 2007
You can tell if a file is encrypted by calling GetFileAttributes. You cannot call SetFileAttributes to change the state of the file.
Anonymous
March 27, 2007
i enabled encryption filter for emulator shared folder and now files can be encrypted. thanks for your help.
Anonymous
March 28, 2007
Removing the battery does not erase the encryption keys, not with the unit I am working with at least. Why is that the with an encrypted file the file size is reported as the same size as an unencrypted file, even though if same files are viewed on a desktop their size differs. Example test2.txt = 4b on device; 1KB viewed on Desktop (unencrypted) test.txt.7726325a.menc = 4b on device; 9KB viewed on Desktop (encrypted) Also, the icon is only showing "encrypted" when viewing with Mobile Word, not regularly File Explorer (Maybe my WM6 build?) -JasperM
Anonymous
March 28, 2007
When you read from an encrypted file, the encryption filter decrypts the data and returns the decrypted content. So GetFileSize has to show you the size of the content, not the file. There's only four bytes in that file for you to read, so that's the size that it shows. Meanwhile, the desktop is showing you the raw data so you see the underlying file size.
Anonymous
March 28, 2007
The comment has been removed
Anonymous
March 28, 2007
Local wipe dates back to MSFP but the PIN reset is new in WM6. There's a white paper in the works that covers all these things - Jason links to it here. http://blogs.msdn.com/jasonlan/archive/2007/03/13/new-whitepaper-security-for-windows-mobile-messaging-in-the-enterprise.aspx As soon as you mentioned the cold boot thing I realized the dissonance between what I was thinking and the term I was using. I'm not sure how it happened that the meaning of that term drifted internally. I guess it's probably because traditional cold and warm boot are functionally identical to us from a software perspective.
Anonymous
March 29, 2007
Syost, Thank you for the document link. The pertinent part is on pages 14 - 16. However, the information in both insufficient and inaccurate. It states that by the local wipe is an AKU2 addition. The default it to wipe after 7 wrong entries. After 2 wrong entries, a confirmation string is required and an increasing delay before entry attempts is enforced. It mentions changing policy to configure the count before wipe, but it doesn't exactly say how this is accomplished. I certainly don't see a setting for it on the device where I set the PIN and the time to lock. I tested this on two WM5 Pocket PC devices, one AKU2 and one AKU3 (different mobile operators on the two). However, they don't behave according to the documentation. I get to try the PIN entry far more than 2 times. On the eighth wrong PIN, when it should wipe itself, I finally get to the point where I have to type "A1B2C3" (what is this, a typing test to prove I can use a keypad?), after which I can keep entering PINs. At this point, the increasing delay between entries comes into play so after another half dozen or so tries I gave up and gave it the right one to see it still let me into my PDA. Either the local device wipe is simply disabled or the threshold is different, but either way this behavior is significantly different from what that document outlines. My real interest in local device wipe is executing it myself. The next topic in that document gets right to where I am, an ISV who has made a alternate authentication mechanism in order to use a hard token. About a year ago, at MEDC2006, I posed the question of how to trigger a wipe to another Microsoft developer. I theorized that if it could be triggered remotely from an Exchange server with AKU2, it should be possible to trigger it locally as well as the routine must exist on the local device. The best I could get for an answer was that I should command a format or the local file system. I attempted, but only got errors when telling the file system to format, likely due to it being mounted and running. I would like to get this working so my real interest is in how to run the local wipe, though it is nice to know how Microsoft does it so we can best inform our clients of their options.
Anonymous
March 29, 2007
The comment has been removed
Anonymous
March 30, 2007
I might be getting ahead of current implementations in WM, but perhaps it would be helpful to have more user configurable options, instead of all or nothing encryption as it is now. For instance on the screen for encryption perhaps you could have the following options show up after checking "Encrypt files on Storage Card" Drop down Menu with sub-menus: Always Prompt (prompts user on Save to encrypt files) File Types (encrypt based on file-type) -Media (mp3, avi, etc...) -Photos (jpg, bmp, etc...) -Documents (.doc, .pdf, etc...) -Presentations (.ppt) -Other (User definable) Folders -Browse Allow user to browse to a specific folder to encrypt with the option to encrypt sub-folders checked by default. File System (encrypt the file system so it cannot be read or seen by another other device) Anyways, just some ideas... -JasperM
Anonymous
March 30, 2007
The comment has been removed
Anonymous
April 10, 2007
Hello, I understand the requirement around key archiving, especially when put into the context of EFS-like scenaios. However, I don't think that mobile devices really have the same requirement. The best practice for devices to sync data with a server or a desktop initially. Using a device itself or the inserted storage card as the only store for data is asking for trouble even without encyption. The primary storage location for the data should be off-device on a server or on the user's PC. Best practice for migration from one device to another is to perform an initial sync of data to the device rather then try to keep everything on your storage card. So, let's say you sync sync email, PIM and some photos. You sync the photos via desktop activesync file sync and email/PIM via Exchange ActiveSync. You get a new device and configure it to sync to those data stores and you are good to go. The 2 scenarios that are really an issue for key archival are: (1) recovering encrypted data after employee termination and (2) data sharing between a PC and device using a storage card. Number 1 is enough of an issue to be a non-starter for some financial sector orgs, but I don't think it is as much of an issue for most. #2 is a nuisance for users, but does have the work around above. Thx, Dave
Anonymous
April 10, 2007
Hey Matthew, I've been thinking about your problem a little bit. I had forgotten that we implemented a CSP to manage wipe for WM 6.0. This stuff will be publically documented once the docs go live on MSDN, but for now the XML looks like: <wap-provisioningdoc> <characteristic type="RemoteWipe"> <parm name="doWipe" value="1"/> </characteristic> </wap-provisioningdoc> If you send that XML through DmProcessConfigXML() via a trusted app, you should see the device immediately reboot and come back up after deleting all data on persistent storage and any storage card.
Anonymous
April 16, 2007
a response to WM encryption - encryption key backup recently implememented by Secubox. Though it is commercial - it seems to solve the problem of hard reset and administrator password. Here is the article: http://www.networkworld.com/news/2007/041307-windows-mobile-6.html SecuBox description from the vendor: http://www.aikosolutions.com/products/secubox-for-pocket-pc/
Anonymous
April 24, 2007
Windows Mobile 6, File Encryption and Incident Response With the advent of Windows Mobile 6 came a file
Anonymous
May 14, 2007
Does encryption for Windows Mobile only apply to removable storage? Is there any way to indicate via filter that some portion of the OS partition (user store) have encryption enabled? Thanks
Anonymous
May 14, 2007
... (follow on) ... Though I guess if the device is unlocked, and the key is in the registry, there's not much point in encrypting files on the device itself. (i.e. use case is primarily to prevent access to removable storage other than via the device itself) ...
Anonymous
May 14, 2007
Right, WM6 doesn't ship with a way to encrypt the internal storage.
Anonymous
May 14, 2007
Hello, Storage Card Encryption is an nice feature, BUT there is a big problem on the ohter side. The big problem is the fact, that a provider hotline - for example - here in germany, often tells a customer that he must do a hard reset to solve the Problem. And then???? The customer, using the card Encrytion, has lost all his data. The customer say: this man from the hotline told me to do a hard reset...... it is a very big problem and this is not good!!!!!!!! so this feature is counterproductive. And there is another thing: when the man from the hotline know the problem with card Encryption he can tell the customer to deactivate the option, but then the customer MUST copy and PASTE every cryted file to get it decypted!!!!! It is very stupid and not every customer know which files are cryted or not. After a hardreset it is to late to remember the cryted files.... So Microsoft addes a nice feature, but nobody thought about the consequences with this feature!!!!! So this feature is good to get a lot of trouble at the mobile hotline over the world....... not good .........
Anonymous
July 03, 2007
I realise this may not be the best forum to ask this question but here goes. Recently I upgraded to WM6, and started using the Encryption option for my Storage Card. The only issue is that there were a few bugs in the Upgrade and I had to do a Cold Boot, and reset everything. Now from the discussions above that would have wiped the decryption keys from the ROM? If that is so, I take it the data on the card is non usable, as I am trying to restore my original configurations from the last known good backup. Is there any way to decrypt the files.
Anonymous
July 03, 2007
Sorry, no, the files are not recoverable.
Anonymous
July 14, 2007
Before I realize the publish of this content, I have just Hard Reset my device!! All my files on SD card are not able to be read and access! Please help.
Anonymous
July 24, 2007
Yes, I'm facing similar problem. Was told to hard reset the WM6, now my important doc can no longer be open. Please help
Anonymous
July 30, 2007
Is the AES implementation in WM6 FIPS approved?
Anonymous
August 08, 2007
Would this be a possible work around for hard reset? If a person backs up their PDA with something like SPB Backup and then copies the backup somewhere safe. After a hard reset if they restore it using another card, I am right in thinking that they then should be able to access their card?
Anonymous
August 08, 2007
It really depends on how they implement it so I can't say for sure. Sprite Backup advertises that they support access to encrypted data after a hard reset.
Anonymous
August 08, 2007
I've just tested it with spb and it does work (their site actually says it does support it). So people without access to an OWA policy could preserve their data if they have foresight.
Anonymous
August 13, 2007
I can't make it work on WM6 Emulator shared folder. Would you tell me how to enable it in Emulator? Thx
Anonymous
August 14, 2007
Yeah, the emulator shared folder isn't a true storage card. There isn't really an easy way to make the feature work on the emulator.
Anonymous
August 24, 2007
Encryption will always introduce a few tricky new use models. I appreciate that Microsoft is taking a short at the problem so that we can learn the practical issues. As a private user, I'd like to keep copies of some sensitive data in the phone. But this sensitive data, since it is important, will be backed up elsewhere. Preventing access to the data is critical, but losing the data itself is not a big deal. Also, I'd like to store some less important files which are not important enough to back up, but would be an annoyance to lose. It would be useful if the encryption was applied to only a section of the card -a folder, as in regular Windows. Another issue is convenience of the password. At the moment, the device password gives access to all the data, so it must be long and strong. But it is annoying entering a long password for every call, or when trying to take a photo quickly. Some applications - such as the camera, voice notes, games- should not need a password because they will not access sensitive information. The device password should give access to the entire phone as today. For less sensitive applications -making a call, looking up contacts- there should be an optional simple password. When the device asks for the password, the user could enter either the device password or the simple password to get access to all or some features. Yep, it can get complicated. No wonder the iPhone ignores security. Thanks
Anonymous
September 03, 2007
My device was hard rest by accident and obviously the master key was deleted but i have a menc file i want to decrypt. Is there any way? Shouldn't the storage card decrypt itself if it is still in the same handset?
Anonymous
September 04, 2007
I have an HTC touch p3450 and never set the encryption on my device or memory card but my files are definitely encrypted... I only realised this when I sent the faulty htc p3450 phone back to Orange, then noticed in my new htc touch that all my files are now with the extension *.menc. How can I get them back to *.pwi & *.doc extensions decrypted ? Kind Regds Andrei
Anonymous
September 04, 2007
Andrei, it's possible that your exchange adminstrator set this policy and it was applied to your device when you set up a sync partnership. If they force a PIN lock policy on your device, they probably enforce storage card encryption as well.
Anonymous
September 04, 2007
Sorry David, the key was erased so the device can't decrypt the files anymore.
Anonymous
September 14, 2007
the problem is this.. i cleared the storage on my t-mobile Wing. when i did that i had word processing documents saved on the (1 gig). memory card. I'm not sure if they were encrypted or not. when i placed the memory card back in the same device it was unable to read the data.. can you tell me how to recover the ost data. and if possible can you send me a E-mail at.... JayPlayboy253@yahoo.com
Anonymous
September 14, 2007
i have a htc Ty TN that came with windows mobile 6 i set my phone so it could encrypt the pictures and videos i had, but i had to return the phone due to technical problems it had. I got a replacement, but when i tried to see my pictures i couldn't it says"there is no application associated with "IMAGE_012.jpg.21b2a068". Run the application first, then open this file from within the application." i got no clue what im supposed to do. can you please help me.
Anonymous
September 16, 2007
Sorry fili, those files are lost. If you have encrypted your storage card and you're about to swap out your phone, the best course of action is to backup the files on the storage card to your desktop via activesync. Then you can recopy the files onto your next phone.
Anonymous
September 17, 2007
man thats bad news for me because i had pictures of an accident i had and i was going to use them in court. i also send an email to Microsoft and they told me to call a Microsoft Support Professional, do u think they could help me?
Anonymous
September 18, 2007
Honestly, they probably won't be able to help you. If you could get your original phone back and it hasn't been erased, that might work.
Anonymous
September 20, 2007
I do not know why my some of the files became menc files as i did not hard reset my pda phone. Thinking it could be a error of the phone i did a hard reset and now the files are still in menc extension. Is there anyway to convert it back to the normal file it is?Will really appreciate if that is possible as those are very important files to me.Thanks
Anonymous
September 20, 2007
Kel, the hard reset will definitely make the problem worse, but I'd like to know what happened before that. Did you apply an OS upgrade or anything like that? Were the files written in a different phone than the one you are using?
Anonymous
September 26, 2007
Hi scott, I have done a backup of my system because i had to do a cold reset. I had a lot of problems with my gps and a new program I installed in my eten x500 glofiish. The thing is that when i wanted to restore my file, some restore files till agost 18th are ok but not the one I backed up today. It is encrypted. I tried 10 diferent ways of getting it right allways with the same device....and nothing. I had documents and important pictures inside. PLEASE HELP ME. This solution of encryption in WM6 is a nigthmare for normal users. It is something that when you change of PDA you will not have the posibility to recover, and even you dont know it till happens!!!! I AM SO SAD AND MAD AT THE SAME TIME because I always want the last device and this is the worst. I had photos of my children!!!
Anonymous
October 09, 2007
MY PHONE WAS COLD BOOTED WHILE MY SD CARD WAS INSIDE. I HAD SOME PICTURES IN MY SD CARD THAT I CANNOT VIEW ANYMORE, I TRY TO PASS THEM TO MY COMPUTER BUT THE FILES ARE .MENC FILES, DOES ANYBODY KNOW A SOFTWARE OR HOW I CAN CONVERT THESE FILES SO I CAN VIEW THEM ON MY COMPUTER. PLZ IF ANYBODY KNOWS PLZ HELP THE PICTURES ARE IMPORTANT
Anonymous
October 09, 2007
I'm having a similar, if slightly different problem. I also selected the encryption feature (if there had been some sort of warning when doing so I might have thought twice about it) and then needed to do a hard-reset. However, in my case I cannot even see the files. I recall reading somewhere that only files copied to the card after selecting the encryption feature become encrypted so in theory I should be able to see all my old files? The phone still recognises the fact that the card is full of files if I check the properties) but I cannot view them at all. Please help?
Anonymous
October 10, 2007
Correct, all your old files should still be unencrypted in your case. The issue you're seeing is something else. Do the files show up from a desktop machine?
Anonymous
October 12, 2007
I'm amazed that Microsoft did not set WM6 to give users a big warning when encryption is turned on. All it says is that these files are not readable by other devices (which is clearly a lie, I haven't changed devices and I can't access the files). I made the assumption that it was device based (as the description says) when it's clearly not. Now I'm in the same boat as many other users (device crashed, had to hard reboot, lost keys and now lost files.. thanks MS). Microsoft must have known this could have happened, and I would have expected a large popup window saying, "If you enable this setting, and your device is hard reset you will NOT be able to access your encrypted files ever again. This option is VERY VERY VERY dangerous and could lead to permanent data loss." Without that I would have expected at least some way to restore encrypted files, even if you have to contact MS and confirm it's really your device somehow. Why even bother putting it in there if it's this useless?
Anonymous
October 13, 2007
I agree that the text isn't clear enough. I'm working on changing that string as well as a KB article about that problem.
Anonymous
October 23, 2007
MY PHONE WAS COLD BOOTED WHILE MY SD CARD WAS INSIDE. I HAD SOME PICTURES IN MY SD CARD THAT I CANNOT VIEW ANYMORE, I TRY TO PASS THEM TO MY COMPUTER BUT THE FILES ARE .MENC FILES, DOES ANYBODY KNOW A SOFTWARE OR HOW I CAN CONVERT THESE FILES SO I CAN VIEW THEM ON MY COMPUTER?
Anonymous
October 30, 2007
The comment has been removed
Anonymous
October 30, 2007
IS THERE A FIX FOR THIS OR A WAY WE CAN VIEW THE FILES
Anonymous
November 04, 2007
The comment has been removed
Anonymous
November 05, 2007
No, sorry, there's not any way to decrypt those.
Anonymous
November 13, 2007
The comment has been removed
Anonymous
November 13, 2007
I apparently had the encryption turned on and placed some video files on my device. Same problem as everyone else, had to do a hard reset and now the files are unreadable. Scott, in reading the FAQ, it states something about DPAPI files and in quoting... What algorithm is used? The encryption filter uses DPAPI to encrypt files. By default, this will use AES-128... Am i understanding all the above correctly that despite the knowledge of the algorithm used and how the files are stored, there is no way to decipher the key nor break the code to have the file decrypted to be viewed once again???
Anonymous
November 13, 2007
So surpise, I have a similar problem, lost my files due to a hard reset. But I would like the question answered, if according to above: "What algorithm is used? The encryption filter uses DPAPI to encrypt files. By default, this will use AES-128." If the algorithm is known and you know how the file is stored, can it not be deciphered and therefore decrypt the file with the data in the GUID? Could this info not help to recover the files? rustanvanwyk@yahoo.com
Anonymous
November 14, 2007
To decrypt data you need to know the key as well as the algorithm. The key is the part that is lost when you lose or wipe the device.
Anonymous
November 15, 2007
The comment has been removed
Anonymous
November 15, 2007
Hector, if you're using WM6 to sync to Exchange, you can reset your password via Outlook Web Access. That feature didn't exist in WM5, and we don't have any sort of universal key to devices. There's some info on the feature under "User Pin Reset". If you don't like synchronization as you say, you won't be able to use it though.
Anonymous
November 25, 2007
There is a solution for the Storage Card Problem. Sprite Backup Version 6.1 can backup your device and the entire contents of your Storage Card even when you have WM6 Storage Card encryption enabled. This means that if you create a backup image including the contents of your card you will be able to access all your data after restore. see http://www.htcwiki.com/thread/1019234/Solution+for+the+Storage+Card+Encryption+Problem
Anonymous
December 04, 2007
Office mobile is automatically encrypting excel documents made on my HTC Touch - problem is when they sync to my laptop I can't open them. The encrypt key on the HTC is off so it's not that, any ideas how I can unencrypt the files and prevent future encryptions? Cheers
Anonymous
December 05, 2007
@Graham: You're saying the checkbox is unchecked in Settings->Encryption but new files you create on the storage card are encrypted? I wouldn't expect that to happen. How are you syncing the files? Can the device read the files on the device?
Anonymous
December 05, 2007
Scott I'm using active sync on a cable connection. Yes, I can open, read and edit the file on the HTC. The HTC is a reconditioned unit supplied by my phone provider - in theory 'clean' I can't see any obvious s/ware additions and there are no options within the excel file to encrypt - mysterious huh?
Anonymous
December 05, 2007
Scott - don't know if it assists but the excel file comes up as a .xlsx suffix and a red ring with diagonal rd stripe over the excel 'image' on the front of the file name when opened on the laptop.
Anonymous
December 05, 2007
Scott - worked round by creating an excel on laptop and syncing it to HTC - I can then work on it and re-sync back to lap top as a readable file
Anonymous
December 08, 2007
That doesn't really sound like it's related to encryption. Do you have Office 12 on the desktop? Maybe the device side is creating XLSX (office 12) files and the desktop side can only read XLS files? Regardless, I'm glad you got it working.
Anonymous
December 10, 2007
The comment has been removed
Anonymous
December 10, 2007
Storage card encryption mitigates the threat where the attacker has the storage card but doesn't have access to the device. I agree that the entropy of the user's PIN is far less than 128 bits. We recommend using the local wipe policy to protect the case where the attacker has physical possession of the device and is trying to brute force the password.
Anonymous
December 14, 2007
Select this option to Encrypt all important files on your storage card. Upgrade your ROM or need to hard reset -- opps sorry your files all gone Great work
Anonymous
December 19, 2007
I perfomed an update today from HTC on a mogul 6800. I removed the storage card before the update as once the update was complete the device would be hard reset. Now when I try to open encrypted files on the storage card, they will not open. I followed the advice of another article and moved the files from the storage card to my desktop and then copied them back to the storage card after I turned off encryption on the device. Now when I try to open the files, an error message pops up stating "cannot load file". Any suggestions, or am I hosed?
Anonymous
December 20, 2007
The comment has been removed
Anonymous
December 20, 2007
I have the same question as the guy (BradWood) above! Please email fosicious@yahoo.com with the answer! Thanks, fos
Anonymous
December 20, 2007
Those are good questions, Jim. There are some unsupported ways to store e-mail attachments on the storage card. You should be able to track them down if you search the web. I'm not sure if there is a way to store the mail messages on the storage card. W.R.T. the breach laws - I definitely couldn't give you legal advice there. There are some mitigating factors but I don't know whether or not the law cares about them. For instance, you can use OWA to set the device to be wiped if it is still syncing to exchange. I can't comment on whether your state laws would take that into account though. Feel free to e-mail me if you have further questions and I can try to help.
Anonymous
January 24, 2008
The wm6 encryption feature has successfully encrypted the new files created and stored on my memory card, but, I can't unencrypt them now? Rendering them useless on any of my other devices. Any suggestions?
Anonymous
January 25, 2008
Scott, I made a hard reset of my pda. I cannot open old files on my storage card obviously cause I encrypted them, what should I do to open them?
Anonymous
February 07, 2008
my pic on ppc is end with .jpeg but it does not show up on pc and on pc it is end with .menc i don't understand throught i check "encryt file placed on storgae cards" is there any converter MENC file to JPEG that i can install on pc? thanks
Anonymous
February 09, 2008
Also that same question about MENC file. When i try to open the file error msg appeared and said run the application. So, can anybody help to tell me what ia that application and where to download?
Anonymous
February 11, 2008
I insert an empty SD card into the deivce and it seems to produce a file "EncFiltLog.menc" in the card. But the file can not be seen in deivce. I insert the card into the reader and open it at my PC. Why the file "EncFiltLog.menc" will be auto-produced by the device(WM6.1)?
Anonymous
February 12, 2008
Is there a rule at Microsoft that prohibits you from making your software user friendly or practical, or prevents you from responding to requests for information which would lead to such an outcome? How do I unencrypt the files to use on my PC? Having files on my storage card encrypted is nice, if not necessary, but its utility is nil if the file is permanently held captive to that one device. Did this thing die in committee?
Anonymous
February 12, 2008
You can copy the files off the storage card onto the PC via activesync. If you remove the card from the device and insert it directly into a PC, the files will still be encrypted. (that's the purpose of the feature) If you hard reset the device or otherwise lose the device, the files are not recoverable.
Anonymous
February 19, 2008
Hey scott.. actually i hard reset my device... guess the encryption was on while i did it.. so now all the files in my memory card are encrypted..and they arent opening in my device.. so how to get em workin...they have tht LOck Icon on thm..
Anonymous
February 21, 2008
The comment has been removed
Anonymous
March 03, 2008
This is one of the most unpublished but extremely important issue for all windown mobile 6.0 users ! I just updated ROM with OEM recommendation but now all my data, including SBP Backup, can't be read. Why have not Microsoft make this a better education or alert to all users ? Microsoft, you really disappoint all those loyal supporter !
Anonymous
March 05, 2008
The comment has been removed
Anonymous
March 05, 2008
No, sorry, there is no way to get them back. If the key has been lost, the files can not be decrypted.
Anonymous
March 08, 2008
My phone died and I had to get a new one. How can I get my files off my card if I haven't synched them to my desktop through Active Directory? I am completely hosed?
Anonymous
March 13, 2008
The comment has been removed
Anonymous
March 27, 2008
I was wondering if there's a downloadalbe program that will allow memory card users to decrypt files or will Windows Mobile be creating or making it possible for users to solve this problem in a less stressful manner?
Anonymous
April 11, 2008
With windows Mobile 6.1 out it's possible to encrypt files on the device. What can you encrypt? All files? Only emails or? Please explain Regards, Magnus
Anonymous
April 18, 2008
I was glad to see the encryption option for content on the SD card. I turned it on. 3 months later, my WM6 keeps freezing on me. I had to cold reset it according to some other instructions. Now I cannot recover a lot of critical files I stored on my SD card. THERE SHOULD HAVE BEEN A GREAT RED WARNING ABOUT THIS WHEN USER TURN ON THE ENCRYPTION!!!! I'M SO MAD RIGHT NOW.
Anonymous
April 24, 2008
is there any way to backup those encryption keys and restore after a hard reset
Anonymous
April 28, 2008
i didnt lost my phone i didnt lost my sd card but i reset my phone without the sd card and when i put my card again the file is encrepted how can i recover it and also there is no reset code
Anonymous
April 30, 2008
The comment has been removed
Anonymous
May 02, 2008
The comment has been removed
Anonymous
May 05, 2008
Is there a way to download all email attachments to storage cards? I'd like to set that as a default setting if possible.
Anonymous
May 10, 2008
Hey is there anyway to hide/disable or control the encryption function in settings. Like for example just disable the feature for users to enable it or simple remove the file from settings. As far as i know its an cpl application like the rest? -Alex-
Anonymous
May 22, 2008
From few days I noticed a strange phenomenon :Automatic encription (without activating encription !!) of the content of my SD card. In other words: now I cannot see any files in the SD (but they are there). I can only see a file :" EncfiltLog.menc". I read some of you had the same problem? the only thing I remember is that I often take off the SD card from my HTC (WM6.0) to put in ny laptop.... Thanks in advance
Anonymous
June 03, 2008
Hi, my phone which had storage card encryption swithced on recently died and had to be sent back to provider (TMobile). I was advised to keep the storage card and sim and battery. TMobile could not fix the problem and so sent me a new phone as a replacement. Same model, but essentially a differnt phone from the one that performed the encryption. I've put my encrypted storage card in the new device, but the files are unreadable and have a MENC extention on them. Is there anyway of recovering the data on the card? You mention copying the data from the device to the desktop and back with ActiveSync, but this hasn't worked for me. Storage card encryption is currently off on the new device (once bitten and all that), would I need to switch this on again for the recovery to work? TIA, Colin
Anonymous
June 04, 2008
I'm in agreement with Wayne on this one. This feature is useless without key escrow and recovery. I learned the hard way when I performed a hard reset of my phone. I lost access to all my files. I assume that the keys are also lost during the upgrade of WM 6 to WM 6.1. This is really a major oversight and from here on out, I will recommend to all my clients to not use encryption. What if they have to replace their broken phone with a new one? Guess what, they lost all their files.
Anonymous
June 15, 2008
The comment has been removed
Anonymous
June 16, 2008
is there a Registry (or another "automatic" way) to permanently disable the encryption?
Anonymous
June 16, 2008
I guess it depends what you mean by permanent. You can programmatically control the feature using the CSP and there are some XML examples on MSDN : http://msdn.microsoft.com/en-us/library/bb416357.aspx.
Anonymous
June 17, 2008
Hi, is it possible to modify the encryption key on WM6 and use own keys, (properly signed) instead of that one used by OS ?
Anonymous
June 17, 2008
The comment has been removed
Anonymous
June 24, 2008
The comment has been removed
Anonymous
June 30, 2008
Can the SD card be formatted after its been encrypted? I want to use it across multiple devices :O
Anonymous
July 09, 2008
Ok! Scott, I have seen many references to this but for some reason you don't want to answer????? I have WM6.1 and suddenly without cause all my data is now encrypted with the menc extension. The data is still there however I am unable to see it. We all know there must be a way to access and you are holding it close to vest. I would like to know how I can retreive my information please. It is amazing that a program like this with such apparent flaws exists on a device that business users hold important information on and can completely disable our work. From my understanding, you are partly to blame for this and as such I would expect an answer. Not just me but the hundreds of others suffering this same fate. Please own up and tell us how to get our data back. It is the least you can do!
Anonymous
July 11, 2008
It's the last entry in the FAQ on this page. If the key is lost due to hard reset or changing phones, etc. there is no way to recover the data. We don't have any sort of backdoor or escrow key for it.
Anonymous
July 14, 2008
Scott, this is really messed up, why wouldn't the Mobile team put more of a warning here? My Treo would regularly have to be hard reset and i just had to hard reset my Samsung 6.0 i760 because a program caused it to lock up on booting. So now i lost all my files, if i had known this i wouldn't have used this encryption method. This is a huge flaw in my opinion that MS needs to fix. A simple warning screen to back up the encryption key or to not hard reset your phone no matter what would at least help the problem.
Anonymous
July 15, 2008
The comment has been removed
Anonymous
July 20, 2008
Scott, The other way to look at it is if you lose your phone with the card in it the data is lost too UNLESS YOU BACK IT UP - if you keep important data in one place you can lose it. Once the phone is reset the data is gone but it it would be nice if the user could copy the encrytpion key off for storeage on a laptop or disc or a postit note etc when they turned encrytion on. The idea of encryption is to keep the file and the key seperate - not making the key inacessable.
Anonymous
July 21, 2008
Hi, I have a Interesting problem. I encrypted the files on my TREO 750 but suddenly my treo is not recognizing the minisd, how can I recover the files on the sd?. I have not hard reset the phone, how can i recover the key and install it on my laptop?
Anonymous
July 22, 2008
The comment has been removed
Anonymous
July 25, 2008
Can we save the mail messages directly to SDHC cards ?
Anonymous
July 25, 2008
Hi,

When it mounts cards every times, WM6.1 create 'EncFiltLog.menc"file if there isn't in it?
When it mounts cards every times, WM6.1 overwrite "EncFiltLog.menc"file if there is in it?
Can I read "EncFiltLog.menc" file? I think there is just "0". But the time I have tested, I can read something like that: Bd a t  T e s t F i l e _ 1 0 0 . TESTFI~1DAT ?8? ?8 .......... My test: Sleep -> WakeUp -> Write "%d_TestFile.dat" many times
Can I remove or do not use Enc filter? If it is possible, How?

Anonymous
August 05, 2008
The comment has been removed
Anonymous
August 05, 2008
The feature is off by default. I'd recommend that you don't turn it on unless you think data on your storage card is confidential.
Anonymous
August 07, 2008
The comment has been removed
Anonymous
August 09, 2008
The comment has been removed
Anonymous
August 18, 2008
Having read so many negative comments about WM6 encryption I thought I should point out that for some (most?) people the way encryption is provided is excellent. The user doesn't have to bother with additional passwords. The process really is seamless and very quick, particularly when compared to other products. In fact even when opening large files, WM6 with encryption isn't slower than WM5 without encryption. We run Windows Mobile devices in a special kiosk mode so the user cannot access anything other than we permit. There is a huge amount of intellectual property on the SD Cards. WM6 encryption protects this. I just wish it was available for our WM5 devices. (I'm aware of WM5 encryption products but they require user intervention to enter passwords and/or don/t automount.) Don't change encryption!
Anonymous
August 23, 2008
I upgraded the software on my t-mobile wing and now its not reading the files on my storage card. the files where encrypted before I up dated the software.
Anonymous
September 02, 2008
I have never checked the encryption option. Yet, when I recently upgraded the rom (not sure that's the right name for it) from 6.13 to 6.17 on my Bell HTC, all files stored on my SD card became MENC. It's the same phone. Can anything can be done to recover these files?
Anonymous
September 03, 2008
The comment has been removed
Anonymous
September 05, 2008
is it possible that connecting your phone to active sync and active sync deleting all your contacts could cause your phone to lost the encryption keys... my phone has not been hard reset but i don't know how to access my sd card info it went blank and i have no idea how to get to it :(
Anonymous
September 08, 2008
There's a couple different issues here. tamara, in your case and in that thread, it mentions that the storage card is EMPTY except for encfiltlog.menc. This doesn't have anything to do with the storage card encryption feature. That log file gets created all the time. It means your storage card got erased somehow. There are a variety of reasons why this could happen and they're really hard to troubleshoot.. some of them are: hardware failure, filesystem corruption on the card, driver bugs, operating system bugs. It's really hard to figure out in retrospect, but it's not related to the encryption feature. The presence of that log file is a red herring in this case. In michael's case above, that does sound like the keys were lost. Was that an official ROM upgrade? I doubt there is any way to recover the data - once the keys are gone, they are gone.
Anonymous
September 09, 2008
The comment has been removed
Anonymous
September 09, 2008
I was not aware of the fact that all this affected my files I placed on my phone under encryption and now after being prompted to update my phone have done so and lost years of photos and such of my son only stored through my phone is there any new discoveries on a way to access these files or it it a complete lost cause of 5 years of my sons life? please help single mother with an only child...e-mail reply to upsidedownrainbow@msn.com please Brandy
Anonymous
September 10, 2008
Hey Tamara, I've been monitoring the comments on this blog for a few years and I've seen a steady stream of complaints about lost storage card data, especially in MikeCal's entries about storage cards on this blog. So I suspect there are multiple devices that experience the problem but I don't have any info about if there's any commonality between manufacturers, parts, OS versions, etc. I was definitely seeing the complaints before WM6.0 released. (and storage card encryption was actually in WM6, not 6.1) I definitely agree with your last statement - if I didn't know what that file did, I would suspect it too. I wish we had hidden the file. I'll look at adding a tidbit about it to the FAQ. I'll need to talk to the filesystem team first and make sure the statement will be accurate. :) Thanks! Scott
Anonymous
September 16, 2008
I have the ATT (HTC) Tilt and I upgraded from WM6 to WM6.1. The instructions said to back up using Sprite to the storage card. Then remove card and do the RUU upgrade. Now I have menc files? Is there any hope?
Anonymous
September 19, 2008
I want to open my menc file in my destop pc,how is the possible????, Actually i took some photo from my windows mobile, I want to use these photo in my pc but my pc is not sopport for these file.Why??
Anonymous
November 24, 2008
The comment has been removed
Anonymous
November 26, 2008
The comment has been removed
Anonymous
November 26, 2008
PS I have a brand new ibm 3850 4 quad core and tons of ram I'd use it for 2 years to get back a few recordings that would be life savers in court. Just send info or a script and libs to start a brute force attack.. I have pin and wm lock code if that's of any use...
Anonymous
November 27, 2008
Hi Reflashed my phone and lost some files... ok my mistake (...) I now find my encryption activated from last rom upgrade. NO card in the phone. I remove the tick from the enryption settings icon and press OK. I re-enter to check and I find it is still there. I can remove it 20 times but it will always stick up. How can I remove this via registry editor? I have rescos installed. Re flashing the phone but I always get this setting permanently enabled when I would even disable it permanently: I use FreeOTFEPda which uses container files that are readable from PC's too and that will do for my needs: confidential material will be there. Please if someone knows a reg key to edit or I'd even erase the crypto-whatever-dll... don't need this functionality as I already lost files.... thank you very much! PS are there any paid support teams of real wm professionals to contact? GG
Anonymous
December 04, 2008
Storage card Encryption WM6.1 My recently purchased Non touch screen Windows mobile 6.1 device do not have encryption menu under settings nor under sub folders as indicated in the following link. http://www.microsoft.com/windowsmobile/en-us/help/security/encrypt-storage-card.mspx Help. Thanks, Kumar
Anonymous
December 22, 2008
Hi, I've got two questions:

How can I enable the encryption via registry keys/settings?
I want to copy the files from the storage card to a desktop PC using the RAPI library. Will I need to write code to decrypt these encrypted files? or does the WM 6.0 operating system handles this automatically when transferring? If I need to write the code, how can this be done? Thanks. Ashvin

Anonymous
December 23, 2008

use the CSP w/ DmProcessConfigXML(). see the example at https://blogs.msdn.com/windowsmobile/archive/2007/03/26/windows-mobile-6-storage-card-encryption-faq.aspx#1965746
it will work automatically

Anonymous
December 24, 2008
Scott, I had enabled the encryption on my HTC 8525 and saved some files to my memory card. I was reviewing all the issues above with lossing the encryption key during a hard reset or when replacing my phone so I unchecked the encryption from the settings and tried to backup the data to my computer. However, I noticed that all the files that are transfered from my phone to my computer are still encrypted and any new files that I download are still being encrypted. I checked the encryption option and it still indicates that its off....can you help? Thanks! Kevin
Anonymous
January 06, 2009
I have an iPaq 211, and I can not get it to encrypt the contents on the CF card. I delete all files. Enable encryption. Create a file locally and copy file over via ActiveSync. From what I understand, these files should be encrypted, right? Yet, if I remove the card and insert it into another device, the files are accessible. Thoughts? Thanks Seth
Anonymous
January 06, 2009
The comment has been removed
Anonymous
January 10, 2009
@Seth Hey Seth, It's hard to say without being able to inspect the device, but yes, that should work. Is the storage card mounted as "Storage Card?" One possibility is that the OEM configured the CF card as internal instead of external storage. If so, it wouldn't be encrypted by the feature. Scott
Anonymous
January 12, 2009
@Steve I believe the FILTERHOOK structure did change for 6.1. Can you recompile against the newer version of the headers?
Anonymous
February 01, 2009
Hi Scott - sorry for the slow reply. Yes, the card is mounted as "Storage Card" - although I can change it via a registry setting. I get the same problem on all the Windows Mobile 6.1 devices I’ve tried (Sony Ericsson xperia, XDA Orbit and Palm Treo) so I don’t think is something the OEM has done. Is there a new SDK for 6.1? Any idea where can I get newer versions of the header filed that define FILTERHOOK? Cheers, Steve
Anonymous
April 07, 2009
The comment has been removed
Anonymous
May 06, 2009
The comment has been removed

Share via

Windows Mobile 6 Storage Card Encryption FAQ

Comments

Additional resources