Windows Mobile 6 Storage Card Encryption FAQ


My colleague Jason Langridge wrote a post about the storage card encryption feature in WM6. This is one of the features I worked on, so I'd like to host some FAQs about it here.


 


What scenario is the feature designed to mitigate?


It's fairly easy to remove a storage card from a device, so this mitigates the threat that a storage card with sensitive data is stolen out of a device.


What if the device and the storage card are both stolen?


The best practice is to use a PIN or strong password and local wipe to protect the data on the internal flash. Issue a remote wipe via OWA to wipe out the data on a stolen device as soon as possible. In WM6, a local or remote wipe will also wipe any inserted storage card.


What if I forget the PIN to my device?


(This is only tangentially related to storage card encryption, but here goes) You can escrow a recovery pin up to the exchange server. Retrieve the recovery pin via OWA and use that to locally reset the password on the device.


What happens if the device is cold booted?


If the device is reset and internal flash is cleared, the decryption keys are lost. If the keys were preserved, it would be easy to access the storage card of a stolen device by just cold booting the stolen device and clearing its storage, then re-inserting the stolen card.


What about key escrow and recovery?


There isn't any key escrow or recovery in this release. We realize this is very important to many enterprise customers. Feel free to add your comments about how important this is to your organization as it helps us prioritize the work for the future. If you don't want key escrow, that would also be good to hear.


What algorithm is used?


The encryption filter uses DPAPI to encrypt files. By default, this will use AES-128.


Where are the encryption keys stored?


The DPAPI master key is currently stored on the internal flash. It's unreadable by untrusted applications.


What is the performance impact?


Encryption isn't free, so we expect there to be some performance impact. In most of my scenario testing however, I found the impact to be minimal because the disk I/O was more expensive than the CPU hit for encryption. The one that was most affected in my testing was probably syncing lots of media files via media player to the encrypted storage card. If you are seeing a severe performance degradation, I would like to hear about it. Please e-mail via the contact form on this blog or leave a comment below.


What is the storage overhead?


Encrypted files take up one additional page for the header, plus one page for about every 200K of data. For a very small file, there will be 8K of overhead. For a ~600K file, there will be 16K of overhead.


What's with the MENC extension?


The files are stored on disk with a MENC extension - this lets the encryption filter know quickly which files are encrypted and if they match the key on the device. If you put the storage card in a desktop card reader, or put it in another device, you will see that the files have a MENC extension. The point of the extension is that you can't read those files, so the extension makes it harder for you to try to load those files into an application that won't be able to read them anyway. We also were able to associate a lock icon with the extension to add an additional hint.


If the encryption filter on the device is able to read and decrypt the files, it hides the MENC extension so the file looks like normal.


What's the 7726325a in test.txt.7726325a.menc?


The random data there is part of a GUID that is generated for decryption keys on the device. That GUID lets the encryption filter know at a glance whether or not it will be able to decrypt a given file. For files where the GUID matches, the filter will strip the GUID.MENC extension off of the file and show it to the operating system as the original filename. You can edit the filename on disk to change the GUID of a file so that the encryption filter thinks it can decrypt it, but when the file is actually opened the encryption filter won't be able to decrypt it and you'll get an error.


How can I tell if my files are encrypted on the device?


You can call GetFileAttributes(). Encrypted files will have FILE_ATTRIBUTE_ENCRYPTED. You can also take out the card and put it in another device or card reader. The encrypted files will show up as .MENC files.


Which files are encrypted by this feature?


Once encryption is enabled, all new files on the storage card will be encrypted. Files that already existed on the card stay unencrypted. So if there is a file on the storage card that you know you want to share with someone else, you can create the file on the desktop or create it before enabling encryption. The file will stay unencrypted. If you want to cause an existing file to be encrypted, you can copy it off the storage card and then copy it back again.


I turned on encryption in the control panel, but nothing is happening. What gives?


Only new files on the storage card are encrypted, so your existing files won't change. Did you create a new file? If you did and you're still not seeing the files as encrypted, it's possible that the encryption filter isn't installed on the storage profile that you're using. This shouldn't happen on any retail WM6 device, but if you're seeing that situation please let me know!


How do I migrate an encrypted storage card to a new device?


The easiest way in my opinion is to copy all the encrypted files off the card to an attached desktop machine via Activesync. Then copy them back to the card in the new device.


My files were encrypted and I lost my phone or hard reset it. Can Microsoft help me recover the files?

No, the keys are lost and the files cannot be recovered.

 


Feel free to send me any further questions about the feature or post your comments below.


 


Scott

Comments (161)

  1. Wayne Anderson says:

    It is difficult to recommend a feature like this for widespread adoption when there is really no way for the enterprise to implement any measure of systemic solution for key escrow and recovery.  This is one of the critical components of implementing an effective PKI solution and use of EFS in the enterprise.

    My personal experience with the volume of key recovery requests over time would lead me to believe that implementation of a security schema to protect on-board storage without some measure of protection of the users from themselves is doomed to data loss.

  2. scyost says:

    Thanks for the feedback, Wayne. I’m interested to know what scenarios you’re concerned about for recovery. Is it when a device is lost but the card inside it is not? Is it that the user forgets their PIN and isn’t using exchange password reset? (you would still lose all the data on the device in that case) In what situations do your users have their encrypted data but can’t access it?

  3. Are there any details available on the remote wipe mechanism?  

    I’ve seen it referenced a number of times but have yet to read any definitive description as to how it works.

  4. eram says:

    Is there a way to turn on SD encryption using wap-provisioning? OMA-DM provisioning?

  5. Alexander says:

    how to enable encryption?

    encryption is enabled in settings, but actually it does not encrypt anything.

    did i miss something?

  6. Wayne Anderson says:

    Most of the time in practice with EFS we see situations where the end-point uses encryption to protect files.  So far so good.  Well now, he is changing PCs or laptops, or even just messing around on the one he has.  For whatever reason, the data is transited, encrypted, but the certificate is not on the new machine/new configuration and we restore the certificate, associate it with EFS, and everything is fine.

    In a mobile scenario, there is already a small subset users with WM5 that practice good procedure and use system passwords.  Said password now forgotten.  Device inaccessible.  With tomorrow’s critical presentation.  End-point customer gets … ‘excited’.

    In a situation where we are now looking at extending/combining both of these problems to a transitory storage platform where the recovery mechanism is non-existant, there are situations where we have device replacement (this happens unfortunately more often than we hope for, certain vendor deviecs using the WM5 platform are not as robust as we would hope).  When you extend a PIN-based encryption mechanism to the system, its not very hard to imagine a subset of users with lost PINs and device replacement scenarios who now have a secure and useless miniSD card.

    Its an issue balancing of the confidentiality and  availability aspects of security.  If we could significantly reduce the risk of loss of availibility through either a PIN loss or device loss event, then the encryption becomes something that is far more maintainable at the enterprise level.

  7. JasperM says:

    Coming from a cellphone OEM perspective, I believe the cold-boot destroying the encryption keys is both good, and bad.  I can see the good quite easily, however exporting the keys would seem to be something that could have been implemented with some sort of Exchange server solution.  That would only work if we assume the Exchange server is a secure environment, but then again if the Exchange server is compromised all your emails are exposed as well.  

    During traditional troubleshooting from a phone perspective there are many times in which, as an OEM, we request users to do hard-resets (Especially on CDMA devices, since they do not have as many phone codes as GSM Devices).  Because of the loss of the encryption keys, we will now have to ask the customer, if they are using a Windows Mobile device, if the storage card is encrypted, and if it is, then we will have to tell the customer to copy all the contents onto the device, or disable encryption then recopy all of the data before proceeding with a hard reset.

    So anytime a hard reset needs to be done, by advice of IT or the OEM, then there will be several steps involved before actually being able to perform the hard reset without severe data loss (I would assume it would be severe since if your encrypting your data, it is very sensitive).

    Even though the device is running Windows Mobile, we can’t forget that it is still half a phone, and many times phones, for whatever reason, need a hard reset.

    Also in some of my testing when viewing the encrypted files on through a USB to microSD card reader I see soemthing else in the filename  

    test.txt.bef4ee12.menc

    After Hard reset same file contents

    test.txt.7726325a.menc

    The part between the txt and menc is consistent when writing any files during the same period of hard reset. I understand the menc part, whats the other part?

    -JasperM

  8. scyost says:

    Thanks Jasper, I was wondering if someone would ask that about the file extension. 🙂 I’ll add it to the main body.

  9. scyost says:

    eram: Yes, there is a CSP for the storage card encryption and it’s usable via WAP or OMA-DM. It looks like the documentation hasn’t gone live yet, but you can turn on the encryption filter with XML like this:

    <wap-provisioningdoc>

     <characteristic type="MobileEncryption">

       <parm name="Enable" value="1" />

     </characteristic>

    </wap-provisioningdoc>

  10. JasperM says:

    With larger files approximately 5megs, I’ve noticed about a 3.7% increase in file size, in case anyone was wondering.

  11. scyost says:

    Wayne: You’re right that the data will be lost if the device itself is destroyed but the card is not. For a simple PIN loss, why not use the OWA password reset?

  12. Alexander says:

    hmmm… i have read latest addition to the article… but the encryption still not working…

    it’s not a retail wm6 device. it is a device emulator. i will check if encryption filter is enabled and will report here if it does.

  13. scyost says:

    Hey Alexander:

    Are you using the "shared folder" feature of the Device Emulator to try out the encryption? I’m pretty sure that doesn’t work. (the filter isn’t installed on that filesystem) I think there were some technical reasons why this was impossible because I definitely would have liked to have this during testing. Let me check and see if there’s a way to enable that you’re trying to do.

  14. jz says:

    (1) FILE_ATTRIBUTE_ENCRYPTED(0x00004000) is now different from FILE_ATTRIBUTE_INROM(0x00000040) from WM 6.0. However, when you try to set file attribute to FILE_ATTRIBUTE_ENCRYPTED with SetFileAttributes(), SetFileAttributes() says everything is ok. When you call GetFileAttributes(), it says nothing Changed! Are you sure this has been fixed in WM 6.0 cross the system?

    (1) SD Encryption should be implemented in a manner that has zero impact on the performance! and it can be done. Just dont use the file system filtering stuffs. That’s bad choice. Do encryption at the block device driver level is much more simple, reliable and greater. Or you can just do a proxying….

  15. Matthew says:

    Some of the answers given merely raise new questions.

    You mention a local wipe to protect data in internal storage. By this, you mean a hard reset, right? So, I’m supposed to know someone is about to steal my device so I execute a local wipe before they do so? The remote wipe once its been stolen makes a lot more sense.

    If you’ve forgotten the PIN for the PDA lock, how are you going to use some recovery PIN obtained via OWA to unlock it? How is this recovery PIN generated such that the PDA recognizes it as valid? Is this assuming some communications channel from PDA to server is present?

    Also, your answer for the question of what happens at cold boot really appears to answer the question of what happens on hard reset. Cold boot is what happens any time you put the battery back in, which better not clear the encryption keys.

  16. scyost says:

    I think that’s just the way the FAT filesystem works – it’s masking off attributes that it knows it can’t set and ignoring that you tried to set them. It would probably be better to return FALSE, of course. You can’t change the encryption state using SetFileAttributes.

  17. jz says:

    then there is no way to tell if a file is an encrypted file? (except the encryption filter driver’s author?)

  18. scyost says:

    Matthew:

    What I mean by local wipe is that you use the security policy that will wipe the device after a threshold of incorrect PIN entries. Using this limits the number of attempts that the attacker gets.

    The recovery PIN is generated and escrowed beforehand. There’s an option on the unlock screen to use the recovery PIN. (actually it’s quite a long string) So you select that option, get the pin out-of-band through OWA, and type it in. If it matches, you get to choose a new device password.

    By "cold boot", I mean "hard reset". Internally we refer to a hard reset as a cold boot, and don’t distinguish between a reboot and a boot w/ power loss in between.

  19. scyost says:

    You can tell if a file is encrypted by calling GetFileAttributes. You cannot call SetFileAttributes to change the state of the file.

  20. Alexander says:

    i enabled encryption filter for emulator shared folder and now files can be encrypted.

    thanks for your help.

  21. JasperM says:

    Removing the battery does not erase the encryption keys, not with the unit I am working with at least.

    Why is that the with an encrypted file the file size is reported as the same size as an unencrypted file, even though if same files are viewed on a desktop their size differs.

    Example

    test2.txt = 4b on device; 1KB viewed on Desktop (unencrypted)

    test.txt.7726325a.menc = 4b on device; 9KB viewed on Desktop (encrypted)

    Also, the icon is only showing "encrypted" when viewing with Mobile Word, not regularly File Explorer (Maybe my WM6 build?)

    -JasperM

  22. scyost says:

    When you read from an encrypted file, the encryption filter decrypts the data and returns the decrypted content. So GetFileSize has to show you the size of the content, not the file. There’s only four bytes in that file for you to read, so that’s the size that it shows. Meanwhile, the desktop is showing you the raw data so you see the underlying file size.

  23. Matthew says:

    scyost,

    Is the local wipe policy a new thing in WM6? I do not see it on all my WM5 devices, including one with a beta AKU3 ROM. I also do not see anything about setting up the recovery PIN. If these aspects are all new to WM6, it would be nice to note that. If they are in WM5 but just hidden away, then please elaborate on how to configure these items.

    I figured as much about the cold boot / hard reset. The rest of the world calls it a cold boot when you power on and warm boot when you reset (in any way, soft or hard or nuke or whatever may be applicable to the device).

  24. scyost says:

    Local wipe dates back to MSFP but the PIN reset is new in WM6. There’s a white paper in the works that covers all these things – Jason links to it here.

    http://blogs.msdn.com/jasonlan/archive/2007/03/13/new-whitepaper-security-for-windows-mobile-messaging-in-the-enterprise.aspx

    As soon as you mentioned the cold boot thing I realized the dissonance between what I was thinking and the term I was using. I’m not sure how it happened that the meaning of that term drifted internally. I guess it’s probably because traditional cold and warm boot are functionally identical to us from a software perspective.

  25. Matthew says:

    Syost,

    Thank you for the document link. The pertinent part is on pages 14 – 16. However, the information in both insufficient and inaccurate.

    It states that by the local wipe is an AKU2 addition. The default it to wipe after 7 wrong entries. After 2 wrong entries, a confirmation string is required and an increasing delay before entry attempts is enforced. It mentions changing policy to configure the count before wipe, but it doesn’t exactly say how this is accomplished. I certainly don’t see a setting for it on the device where I set the PIN and the time to lock.

    I tested this on two WM5 Pocket PC devices, one AKU2 and one AKU3 (different mobile operators on the two). However, they don’t behave according to the documentation. I get to try the PIN entry far more than 2 times. On the eighth wrong PIN, when it should wipe itself, I finally get to the point where I have to type "A1B2C3" (what is this, a typing test to prove I can use a keypad?), after which I can keep entering PINs. At this point, the increasing delay between entries comes into play so after another half dozen or so tries I gave up and gave it the right one to see it still let me into my PDA. Either the local device wipe is simply disabled or the threshold is different, but either way this behavior is significantly different from what that document outlines.

    My real interest in local device wipe is executing it myself. The next topic in that document gets right to where I am, an ISV who has made a alternate authentication mechanism in order to use a hard token. About a year ago, at MEDC2006, I posed the question of how to trigger a wipe to another Microsoft developer. I theorized that if it could be triggered remotely from an Exchange server with AKU2, it should be possible to trigger it locally as well as the routine must exist on the local device. The best I could get for an answer was that I should command a format or the local file system. I attempted, but only got errors when telling the file system to format, likely due to it being mounted and running. I would like to get this working so my real interest is in how to run the local wipe, though it is nice to know how Microsoft does it so we can best inform our clients of their options.

  26. scyost says:

    Local wipe doesn’t ship on by default, so you have to change the security policies before you will see it. It’s not exposed in the UI, as it is typically managed over the Exchange connection.

    high level overview of those policies including XML to set them:

    http://msexchangeteam.com/archive/2005/06/20/406586.aspx

    more on MSFP security policies:

    http://msdn2.microsoft.com/en-us/library/aa455832.aspx

    specific docs for codeword and other such registry settings:

    http://msdn2.microsoft.com/en-us/library/ms936997.aspx

    The point of the ‘A1B2C3’ ("codeword") screen is sort of to prove you can use a keypad – primarily it’s to ensure that your pocket or purse isn’t using the keypad so you don’t hit the local wipe threshold via pocket dialing. The codeword itself is configurable in the registry.

    You can hard reset the device locally using the SetCleanRebootFlag and IOCTL_HAL_REBOOT as described here: http://www.pocketpcdn.com/articles/hardreset.html. It’s not the same as the local wipe because it won’t erase every sector of flash and wipe an attached storage card, but it’s a start. The API to trigger the secure local wipe isn’t exposed publically.

  27. JasperM says:

    I might be getting ahead of current implementations in WM, but perhaps it would be helpful to have more user configurable options, instead of all or nothing encryption as it is now.  For instance on the screen for encryption perhaps you could have the following options show up after checking "Encrypt files on Storage Card"

    Drop down Menu with sub-menus:

    Always

    Prompt (prompts user on Save to encrypt files)

    File Types (encrypt based on file-type)

     -Media (mp3, avi, etc…)

     -Photos (jpg, bmp, etc…)

     -Documents (.doc, .pdf, etc…)

     -Presentations (.ppt)

     -Other (User definable)

    Folders

     -Browse

    Allow user to browse to a specific folder to encrypt with the option to encrypt sub-folders checked by default.

    File System (encrypt the file system so it cannot be read or seen by another other device)

    Anyways, just some ideas…

    -JasperM

  28. Matthew says:

    scyost,

    Those directions for the hard reset appear to be a bit dated. The MSDN entry for SetCleanRebootFlag says "When you call this function during a device reset, the OS ignores the contents of the object store and replaces the current data with the default data found in the .bin file." On WM5 and newer, the persistent store is used rather than the object store. If I remember correctly, when I pursued this a year ago, I tried this method and found that it did nothing on all the WM5 devices I tested on. I’ll give it another shot in case I mis-remember.

    The previous attempt was centered around the following tidbit I extracted from any Microsoftie "Beginning with Windows Mobile 5, FormatVolume accepts a new flag: FATUTIL_SECURE_WIPE.  As far as I can tell, it is not documented; but it is in publiccommonsdkincfatutil.h." However, I don’t have that definition in my WINCE500PUBLICCOMMONSDKINCfatutil.h, but I bet I could see it if I had the elusive WINCE501 or WINCE502 directory…

    Thanks for the link over to the Exchange blog. I took a quick look and think that’ll do the trick I if want to configure it as I can make the proper XML myself and push that through DMProcessConfigXML. Maybe I can play some tricks there with setting it to 1 attempt before wipe and then faking an entry or some such hackish trick. None of my clients will ever be connecting their device over the air to an Exchange server. Letting outside connections hit that server is just too much risk for them to accept.

  29. Dave Field says:

    Hello,

    I understand the requirement around key archiving, especially when put into the context of EFS-like scenaios.  However, I don’t think that mobile devices really have the same requirement.  The best practice for devices to sync data with a server or a desktop initially.  Using a device itself or the inserted storage card as the only store for data is asking for trouble even without encyption.  The primary storage location for the data should be off-device on a server or on the user’s PC.

    Best practice for migration from one device to another is to perform an initial sync of data to the device rather then try to keep everything on your storage card.

    So, let’s say you sync sync email, PIM and some photos.  You sync the photos via desktop activesync file sync and email/PIM via Exchange ActiveSync.  You get a new device and configure it to sync to those data stores and you are good to go.

    The 2 scenarios that are really an issue for key archival are:  (1) recovering encrypted data after employee termination and (2) data sharing between a PC and device using a storage card.  Number 1 is enough of an issue to be a non-starter for some financial sector orgs, but I don’t think it is as much of an issue for most.  #2 is a nuisance for users, but does have the work around above.

    Thx,

    Dave

  30. scyost says:

    Hey Matthew,

    I’ve been thinking about your problem a little bit. I had forgotten that we implemented a CSP to manage wipe for WM 6.0. This stuff will be publically documented once the docs go live on MSDN, but for now the XML looks like:

    <wap-provisioningdoc>

      <characteristic type="RemoteWipe">

          <parm name="doWipe" value="1"/>

      </characteristic>

    </wap-provisioningdoc>

    If you send that XML through DmProcessConfigXML() via a trusted app, you should see the device immediately reboot and come back up after deleting all data on persistent storage and any storage card.

  31. mikeyy says:

    a response to WM encryption – encryption key backup recently implememented by Secubox. Though it is commercial – it seems to solve the problem of hard reset and administrator password.

    Here is the article:

    http://www.networkworld.com/news/2007/041307-windows-mobile-6.html

    SecuBox description from the vendor: http://www.aikosolutions.com/products/secubox-for-pocket-pc/

  32. Windows Mobile 6, File Encryption and Incident Response With the advent of Windows Mobile 6 came a file

  33. kentough says:

    Does encryption for Windows Mobile only apply to removable storage?  Is there any way to indicate via filter that some portion of the OS partition (user store) have encryption enabled?

    Thanks

  34. kentough says:

    … (follow on) … Though I guess if the device is unlocked, and the key is in the registry, there’s not much point in encrypting files on the device itself.  (i.e. use case is primarily to prevent access to removable storage other than via the device itself) …

  35. scyost says:

    Right, WM6 doesn’t ship with a way to encrypt the internal storage.

  36. bernie says:

    Hello,

    Storage Card Encryption is an nice feature, BUT there is a big problem on the ohter side. The big problem is the fact, that a provider hotline – for example – here in germany, often tells a customer that he must do a hard reset to solve the Problem. And then???? The customer, using the card Encrytion, has lost all his data. The customer say: this man from the hotline told me to do a hard reset…… it is a very big problem and this is not good!!!!!!!! so this feature is counterproductive. And there is another thing: when the man from the hotline know the problem with card Encryption he can tell the customer to deactivate the option, but then the customer MUST copy and PASTE every cryted file to get it decypted!!!!! It is very stupid and not every customer know which files are cryted or not. After a hardreset it is to late to remember the cryted files…. So Microsoft addes a nice feature, but nobody thought about the consequences with this feature!!!!! So this feature is good to get a lot of trouble at the mobile hotline over the world……. not good ………

  37. Evert says:

    I realise this may not be the best forum to ask this question but here goes.  Recently I upgraded to WM6, and started using the Encryption option for my Storage Card.  The only issue is that there were a few bugs in the Upgrade and I had to do a Cold Boot, and reset everything.  Now from the discussions above that would have wiped the decryption keys from the ROM?  If that is so, I take it the data on the card is non usable, as I am trying to restore my original configurations from the last known good backup.  Is there any way to decrypt the files.

  38. scyost says:

    Sorry, no, the files are not recoverable.

  39. Yen Yin says:

    Before I realize the publish of this content, I have just Hard Reset my device!! All my files on SD card are not able to be read and access! Please help.

  40. Roland says:

    Yes, I’m facing similar problem.

    Was told to hard reset the WM6, now my important doc can no longer be open.

    Please help

  41. Shariq Siddiqui says:

    Is the AES implementation in WM6 FIPS approved?

  42. Mahou Saru says:

    Would this be a possible work around for hard reset?  If a person backs up their PDA with something like SPB Backup and then copies the backup somewhere safe.  After a hard reset if they restore it using another card, I am right in thinking that they then should be able to access their card?

  43. scyost says:

    It really depends on how they implement it so I can’t say for sure.

    Sprite Backup advertises that they support access to encrypted data after a hard reset.

  44. Mahou Saru says:

    I’ve just tested it with spb and it does work (their site actually says it does support it).  So people without access to an OWA policy could preserve their data if they have foresight.

  45. justywong says:

    I can’t make it work on WM6 Emulator shared folder. Would you tell me how to enable it in Emulator? Thx

  46. scyost says:

    Yeah, the emulator shared folder isn’t a true storage card. There isn’t really an easy way to make the feature work on the emulator.

  47. htcuser says:

    Encryption will always introduce a few tricky new use models. I appreciate that Microsoft is taking a short at the problem so that we can learn the practical issues.

    As a private user, I’d like to keep copies of some sensitive data in the phone. But this sensitive data, since it is important, will be backed up elsewhere. Preventing access to the data is critical, but losing the data itself is not a big deal.

    Also, I’d like to store some less important files which are not important enough to back up, but would be an annoyance to lose.

    It would be useful if the encryption was applied to only a section of the card -a folder, as in regular Windows.

    Another issue is convenience of the password. At the moment, the device password gives access to all the data, so it must be long and strong. But it is annoying entering a long password for every call, or when trying to take a photo quickly.

    Some applications – such as the camera, voice notes, games- should not need a password because they will not access sensitive information.

    The device password should give access to the entire phone as today.

    For less sensitive applications -making a call, looking up contacts- there should be an optional simple password.

    When the device asks for the password, the user could enter either the device password or the simple password to get access to all or some features.

    Yep, it can get complicated. No wonder the iPhone ignores security.

    Thanks

  48. David says:

    My device was hard rest by accident and obviously the master key was deleted but i have a menc file i want to decrypt. Is there any way? Shouldn’t the storage card decrypt itself if it is still in the same handset?

  49. Andrei says:

    I have an HTC touch p3450 and never set the encryption on my device or memory card but my files are definitely encrypted…

    I only realised this when I sent the faulty htc p3450 phone back to Orange, then noticed in my new htc touch that all my files are now with the extension *.menc.

    How can I get them back to *.pwi & *.doc extensions decrypted ?

    Kind Regds

    Andrei

  50. scyost says:

    Andrei, it’s possible that your exchange adminstrator set this policy and it was applied to your device when you set up a sync partnership. If they force a PIN lock policy on your device, they probably enforce storage card encryption as well.

  51. scyost says:

    Sorry David, the key was erased so the device can’t decrypt the files anymore.

  52. Jay Brown says:

    the problem is this.. i cleared the storage on my t-mobile Wing. when i did that i had word processing documents saved on the (1 gig). memory card. I’m not sure if they were encrypted or not. when i placed the memory card back in the same device it was unable to read the data.. can you tell me how to recover the ost data. and if possible can you send me a E-mail at….

    JayPlayboy253@yahoo.com

  53. fili says:

    i have a htc Ty TN that came with windows mobile 6 i set my phone so it could encrypt the pictures and videos i had, but i had to return the phone due to technical problems it had. I got a replacement, but when i tried to see my pictures i couldn’t it says"there is no application associated with "IMAGE_012.jpg.21b2a068". Run the application first, then open this file from within the application."

    i got no clue what im supposed to do. can you please help me.

  54. scyost says:

    Sorry fili, those files are lost. If you have encrypted your storage card and you’re about to swap out your phone, the best course of action is to backup the files on the storage card to your desktop via activesync. Then you can recopy the files onto your next phone.

  55. fili says:

    man thats bad news for me because i had pictures of an accident i had and i was going to use them in court. i also send an email to Microsoft and they told me to call a Microsoft Support Professional, do u think they could help me?

  56. scyost says:

    Honestly, they probably won’t be able to help you. If you could get your original phone back and it hasn’t been erased, that might work.

  57. Kel says:

    I do not know why my some of the files became menc files as i did not hard reset my pda phone. Thinking it could be a error of the phone i did a hard reset and now the files are still in menc extension. Is there anyway to convert it back to the normal file it is?Will really appreciate if that is possible as those are very important files to me.Thanks

  58. scyost says:

    Kel, the hard reset will definitely make the problem worse, but I’d like to know what happened before that. Did you apply an OS upgrade or anything like that? Were the files written in a different phone than the one you are using?

  59. Borja says:

    Hi scott,

    I have done a backup of my system because i had to do a cold reset. I had a lot of problems with my gps and a new program I installed in my eten x500 glofiish.

    The thing is that when i wanted to restore my file, some restore files till agost 18th are ok but not the one I backed up today. It is encrypted.

    I tried 10 diferent ways of getting it right allways with the same device….and nothing. I had documents and important pictures inside. PLEASE HELP ME.

    This solution of encryption in WM6 is a nigthmare for normal users. It is something that when you change of PDA you will not have the posibility to recover, and even you dont know it till happens!!!! I AM SO SAD AND MAD AT THE SAME TIME because I always want the last device and this is the worst. I had photos of my children!!!

  60. Vishnu says:

    MY PHONE WAS COLD BOOTED WHILE MY SD CARD WAS INSIDE. I HAD SOME PICTURES IN MY SD CARD THAT I CANNOT VIEW ANYMORE, I TRY TO PASS THEM TO MY COMPUTER BUT THE FILES ARE .MENC FILES, DOES ANYBODY KNOW A SOFTWARE OR HOW I CAN CONVERT THESE FILES SO I CAN VIEW THEM ON MY COMPUTER. PLZ IF ANYBODY KNOWS PLZ HELP THE PICTURES ARE IMPORTANT

  61. Alex says:

    I’m having a similar, if slightly different problem. I also selected the encryption feature (if there had been some sort of warning when doing so I might have thought twice about it) and then needed to do a hard-reset. However, in my case I cannot even see the files. I recall reading somewhere that only files copied to the card after selecting the encryption feature become encrypted so in theory I should be able to see all my old files? The phone still recognises the fact that the card is full of files if I check the properties) but I cannot view them at all. Please help?

  62. scyost says:

    Correct, all your old files should still be unencrypted in your case. The issue you’re seeing is something else. Do the files show up from a desktop machine?

  63. Chris says:

    I’m amazed that Microsoft did not set WM6 to give users a big warning when encryption is turned on. All it says is that these files are not readable by other devices (which is clearly a lie, I haven’t changed devices and I can’t access the files). I made the assumption that it was device based (as the description says) when it’s clearly not. Now I’m in the same boat as many other users (device crashed, had to hard reboot, lost keys and now lost files.. thanks MS).

    Microsoft must have known this could have happened, and I would have expected a large popup window saying, "If you enable this setting, and your device is hard reset you will NOT be able to access your encrypted files ever again. This option is VERY VERY VERY dangerous and could lead to permanent data loss."

    Without that I would have expected at least some way to restore encrypted files, even if you have to contact MS and confirm it’s really your device somehow. Why even bother putting it in there if it’s this useless?

  64. scyost says:

    I agree that the text isn’t clear enough. I’m working on changing that string as well as a KB article about that problem.

  65. Deepak says:

    MY PHONE WAS COLD BOOTED WHILE MY SD CARD WAS INSIDE. I HAD SOME PICTURES IN MY SD CARD THAT I CANNOT VIEW ANYMORE, I TRY TO PASS THEM TO MY COMPUTER BUT THE FILES ARE .MENC FILES, DOES ANYBODY KNOW A SOFTWARE OR HOW I CAN CONVERT THESE FILES SO I CAN VIEW THEM ON MY COMPUTER?

  66. JOE says:

    HELLO I NEED HELP. I  CHOOSE THE OPTION TO ENCRYPT MY INFO BUT KNOW I CANT VIEW THE  INFO. WHEN I PULL UP FOR EXAMPLE MY PICTURES IT DOENS SHOW THAT ITS THERE. I HAVE TO GO INO THE FILE EXPLORER AND  CLICK ONTHE PICTURE. WHEN I CLICK ON IT THOUGH IT SAYS THERE IS NO APPLICAION ASSOCIATE WITH ””’ RUN THE APPLICATION FIRST, THEN OPEN THE FILE FROM WITH  IN THE APPLICATION . WHAT DUE I DUE . I CANT SEE ANYTHIG  THAT I HAVE ENCRYPTED.

  67. JOE says:

    IS THERE A FIX FOR THIS OR A WAY WE CAN VIEW THE FILES

  68. SKP says:

    Hi,

    I was trying to do a review for a new WM6 device and took some screen shots, camera pics etc in the device. I have returned the device back to the manufacturer and I am now ready to post my review.

    The encryption was turned ON and all the files are encrypted now.

    The device as I heard from my source – a hard-reset has been done now…

    As I read from the forum above, I am literally screwed with the files and my sponsors are going to chase me out of the forum – because I cant do the review of the device now…

    NOW – is there any possibility to recover my data from the SD card which is encrypted – without asking for the device again??

    I can send the files to anyone who can do the decrypt process and give me back ‘MY’ files as I need it.

    Thanks,

    SKP

    kumarsps@gmail.com

  69. scyost says:

    No, sorry, there’s not any way to decrypt those.

  70. Angelica says:

    How can I open a picture that I took with my brothers cell on my pc?? I saved it onmy sd card but since its encrypted I cant open it from my desktop :S. I need it for a  homework :s I need help ASAP

  71. I apparently had the encryption turned on and placed some video files on my device. Same problem as everyone else, had to do a hard reset and now the files are unreadable.

    Scott, in reading the FAQ, it states something about DPAPI files and in quoting…

    What algorithm is used?

    The encryption filter uses DPAPI to encrypt files. By default, this will use AES-128…

    Am i understanding all the above correctly that despite the knowledge of the algorithm used and how the files are stored, there is no way to decipher the key nor break the code to have the file decrypted to be viewed once again???

  72. rustanj says:

    So surpise, I have a similar problem, lost my files due to a hard reset.  But I would like the question answered, if according to above:

    "What algorithm is used?

    The encryption filter uses DPAPI to encrypt files. By default, this will use AES-128."

    If the algorithm is known and you know how the file is stored, can it not be deciphered and therefore decrypt the file with the data in the GUID?

    Could this info not help to recover the files?

    rustanvanwyk@yahoo.com

  73. scyost says:

    To decrypt data you need to know the key as well as the algorithm. The key is the part that is lost when you lose or wipe the device.

  74. Hector says:

    I remember that microsoft years ago had a universal cdkey for allmost all the products (it was something like 000000000000-001 My question is For WM5 or Wm6… Does it exist a UNIVERSAL KEY that UNLOCKs a cellphone’s password security when you loose it without doing the HARD RESET thing? I do have a TREO 750 with WM 5 and a Touch with WM 6 and i usually borrow my cellphones to my friends… What will i do if i forget that password since i have been changing it every month? I cant allow me to loose all my contact Info… and more if i can’t save it on my External device… I and don’t like the sincronization stuff. Anyone knows if it exist that universal password key?

  75. scyost says:

    Hector, if you’re using WM6 to sync to Exchange, you can reset your password via Outlook Web Access. That feature didn’t exist in WM5, and we don’t have any sort of universal key to devices. There’s some info on the feature under “User Pin Reset”. If you don’t like synchronization as you say, you won’t be able to use it though.

  76. spritetee says:

    There is a solution for the Storage Card Problem. Sprite Backup Version 6.1 can backup your device and the entire contents of your Storage Card even when you have WM6  Storage Card encryption enabled.  This means that if you create a backup image including the contents of your card you will be able to access all your data after restore. see http://www.htcwiki.com/thread/1019234/Solution+for+the+Storage+Card+Encryption+Problem

  77. Graham says:

    Office mobile is automatically encrypting excel documents made on my HTC Touch – problem is when they sync to my laptop I can’t open them. The encrypt key on the HTC is off so it’s not that, any ideas how I can unencrypt the files and prevent future encryptions? Cheers

  78. scyost says:

    @Graham:

    You’re saying the checkbox is unchecked in Settings->Encryption but new files you create on the storage card are encrypted? I wouldn’t expect that to happen. How are you syncing the files? Can the device read the files on the device?

  79. Graham says:

    Scott

    I’m using active sync on a cable connection. Yes, I can open, read and edit the file on the HTC. The HTC is a reconditioned unit supplied by my phone provider – in theory ‘clean’ I can’t see any obvious s/ware additions and there are no options within the excel file to encrypt – mysterious huh?

  80. Graham says:

    Scott – don’t know if it assists but the excel file comes up as a .xlsx suffix and a red ring with  diagonal rd stripe over the excel ‘image’ on the front of the file name when opened on the laptop.

  81. Graham says:

    Scott – worked round by creating an excel on laptop and syncing it to HTC – I can then work on it and re-sync back to lap top as a readable file

  82. scyost says:

    That doesn’t really sound like it’s related to encryption. Do you have Office 12 on the desktop? Maybe the device side is creating XLSX (office 12) files and the desktop side can only read XLS files? Regardless, I’m glad you got it working.

  83. James T. says:

    Hello:

    How is the password/PIN used to secure or generate the AES key which encrypts all the files?  Is the PIN hashed with SHA-256?  Is the hash salted?  Where is the encrypted AES key stored?

    This is critical because the advertised encryption strength (128-bit AES) is really determined by the length and randomness of the password/PIN, whose entropy will almost always be far less than 128 bits.

    Thanks,    

      James T.

  84. scyost says:

    Storage card encryption mitigates the threat where the attacker has the storage card but doesn’t have access to the device.

    I agree that the entropy of the user’s PIN is far less than 128 bits. We recommend using the local wipe policy to protect the case where the attacker has physical possession of the device and is trying to brute force the password.

  85. Another Annoyed says:

    Select this option to Encrypt all important files on your storage card.

    Upgrade your ROM or need to hard reset — opps sorry your files all gone

    Great work

  86. BradWood says:

    I perfomed an update today from HTC on a mogul 6800.  I removed the storage card before the update as once the update was complete the device would be hard reset.  Now when I try to open encrypted files on the storage card, they will not open.  I followed the advice of another article and moved the files from the storage card to my desktop and then copied them back to the storage card after I turned off encryption on the device.  Now when I try to open the files, an error message pops up stating "cannot load file".  Any suggestions, or am I hosed?

  87. Jim Moore says:

    We are reviewing our list of acceptable devices for carrying RIT Confidential information (which includes all "Private Data" as defined by New York’s Security Breach Notification law — e.g. SSNs, Driver’s license numbers, Credit Cards # etc).  It is required that RIT Confidential Information be encrypted in transit and at rest for mobile devices.

    People have been asking about windows mobile 6.  I read about the encryption on the SD card, and said "sure, go ahead", then I got a phone with WM6. My greatest concern is email.  Confidential information is sometimes in the body of email, and not in attachments.  Is there any way to store the messaging folder on the SD card encrypted?

    Or to answer the bigger question, what happens when you lose a WM6 device if you live in a state with a breach notification law, and you send, receive and store information.  The NYS law also says that if the information is encrypted, and the key is acquired, then you still have a breach (which follows the pattern set by the Gramm-Leach-Bliley act for financial information at the federal level).  

    This really is our bottom line.  We want devices, especially for executives that travel, that may contain confidential information and PII where we don’t have to do notifications, because we know that the information is secure, and unaccessible even if the device is in the hands of a 3rd party.

  88. fosicious says:

    I have the same question as the guy (BradWood) above! Please email fosicious@yahoo.com with the answer!

    Thanks,

    fos

  89. scyost says:

    Those are good questions, Jim.

    There are some unsupported ways to store e-mail attachments on the storage card. You should be able to track them down if you search the web. I’m not sure if there is a way to store the mail messages on the storage card.

    W.R.T. the breach laws – I definitely couldn’t give you legal advice there. There are some mitigating factors but I don’t know whether or not the law cares about them. For instance, you can use OWA to set the device to be wiped if it is still syncing to exchange. I can’t comment on whether your state laws would take that into account though.

    Feel free to e-mail me if you have further questions and I can try to help.

  90. KJ Hebert says:

    The wm6 encryption feature has successfully encrypted the new files created and stored on my memory card, but, I can’t unencrypt them now? Rendering them useless on any of my other devices. Any suggestions?

  91. Frank says:

    Scott, I made a hard reset of my pda. I cannot open old files on my storage card obviously cause I encrypted them, what should I do to open them?

  92. ll says:

    my pic on ppc is end with .jpeg but it does not show up on pc and on pc it is end with .menc

    i don’t understand throught i check "encryt file placed on storgae cards"

    is there any converter MENC file to JPEG that i can install on pc?

    thanks

  93. mugunthan.k says:

    Also that same question about MENC file. When i try to open the file error msg appeared and said run the application.

    So, can anybody help to tell me what ia that application and where to download?

  94. Mason says:

    I insert an empty SD card into the deivce and it seems to produce a file "EncFiltLog.menc" in the card. But the file can not be seen in deivce. I insert the card into the reader and open it at my PC. Why the file "EncFiltLog.menc" will be auto-produced by the device(WM6.1)?

  95. KJ Hebert says:

    Is there a rule at Microsoft that prohibits you from making your software user friendly or practical, or prevents you from responding to requests for information which would lead to such an outcome?

    How do I unencrypt the files to use on my PC? Having files on my storage card encrypted is nice, if not necessary, but its utility is nil if the file is permanently held captive to that one device.

    Did this thing die in committee?

  96. scyost says:

    You can copy the files off the storage card onto the PC via activesync. If you remove the card from the device and insert it directly into a PC, the files will still be encrypted. (that’s the purpose of the feature)

    If you hard reset the device or otherwise lose the device, the files are not recoverable.

  97. Rohn says:

    Hey scott.. actually i hard reset my device… guess the  encryption was on while i did it.. so now all the files in my memory card are encrypted..and they arent opening in my device.. so how to get em workin…they have tht LOck Icon on thm..

  98. JM says:

    why i cant copy my device data to my desktop? is it because my data already encrypted?

  99. Phun says:

    This is one of the most unpublished but extremely important issue for all windown mobile 6.0 users ! I just updated ROM with OEM recommendation but now all my data, including SBP Backup, can’t be read. Why have not Microsoft make this a better education or alert to all users ? Microsoft, you really disappoint all those loyal supporter !

  100. Tim says:

    Hi there

    I have an HTC Tytn II. It broke so I replaced it and swopped the card to the new machine. I never realised that the photos would not be there until I now see they are there but I cant read them. There must be a way to get them back?

  101. scyost says:

    No, sorry, there is no way to get them back. If the key has been lost, the files can not be decrypted.

  102. Leslie says:

    My phone died and I had to get a new one. How can I get my files off my card if I haven’t synched them to my desktop through Active Directory? I am completely hosed?

  103. ikaiser says:

    guys, I also have this problem, i Hard Reset my htc phone, and i was noticed that all the files in the sd card can not be read any more, my files include my important photos and docs, any one have solution to recover it?

    Microsoft, i’m so disappointed of u, what the hell have u done~~

    God, help me…

  104. Anthony says:

    I was wondering if there’s a downloadalbe program that will allow memory card users to decrypt files or will Windows Mobile be creating or making it possible for users to solve this problem in a less stressful manner?

  105. Magnus says:

    With windows Mobile 6.1 out it’s possible to encrypt files on the device. What can you encrypt? All files? Only emails or?

    Please explain

    Regards,

    Magnus

  106. Thanh says:

    I was glad to see the encryption option for content on the SD card. I turned it on. 3 months later, my WM6 keeps freezing on me. I had to cold reset it according to some other instructions.  Now I cannot recover a lot of critical files I stored on my SD card.

    THERE SHOULD HAVE BEEN A GREAT RED WARNING ABOUT THIS WHEN USER TURN ON THE ENCRYPTION!!!!

    I’M SO MAD RIGHT NOW.

  107. indika says:

    is there any way to backup those encryption keys and restore after a hard reset

  108. richard says:

    i didnt lost my phone i didnt lost my sd card but i reset my phone without the sd card and when i put my card again the file is encrepted how can i recover it and also there is no reset code

  109. Markus says:

    Hi guys. I had the same issue as many of you concerning hard reset. Fortunately, I was reading some White Papers on the Microsoft Website and RTFM (Read the fine manual) is also a good idea (in my case, I have a Palm Treo500(v)). The Palm manual has some directions, what the impact of turning encryption on really means. But of course, this does not help many of you (who lost all SD card data). I think it would be good if there will be a message on a WM6 device, if you turn on encryption. Also it would be good for the future, if turning on/off encryption, the data is recalculated and password dependent, like on the SecuBox SW. This would be the way to go in my opinion. But it´s also important to encrypt pushed e-mails. I know this is nearly impossible to adress from a SW developer point of view, because in every country there are different ways, how the net provider handles this (own services, hotmail/windows live, wap portals etc.).

    Syncing or creating a Backup is always a good idea (save early, save often, like IT professionals say).

  110. scyost says:

    Hey Markus,

    Thanks for your feedback.

    The message in the control panel is quite a bit more explicit in WM6.1 now, based in part on feedback from this blog post. I don’t think we would make the storage card encryption password dependent at this point unless it was a configurable option. The user’s PIN is in most cases quite a bit weaker than the encryption key we use so it would make the solution a lot less valuable for some customers.

    Scott

  111. Mike says:

    Is there a way to download all email attachments to storage cards? I’d like to set that as a default setting if possible.

  112. Alex says:

    Hey is there anyway to hide/disable or control the encryption function in settings.

    Like for example just disable the feature for users to enable it or simple remove the file from settings. As far as i know its an cpl application like the rest?

    -Alex-

  113. From few days I noticed a strange phenomenon :Automatic encription (without activating encription !!) of the content of my SD card.

    In other words: now I cannot see any files in the SD (but they are there).

    I can only see a file :" EncfiltLog.menc".

    I read some of you had the same problem?

    the only thing I remember is that I often take off the SD card from my HTC (WM6.0) to put in ny laptop….

    Thanks in advance

  114. Colin says:

    Hi, my phone which had storage card encryption swithced on recently died and had to be sent back to provider (TMobile).  I was advised to keep the storage card and sim and battery.  TMobile could not fix the problem and so sent me a new phone as a replacement.  Same model, but essentially a differnt phone from the one that performed the encryption.

    I’ve put my encrypted storage card in the new device, but the files are unreadable and have a MENC extention on them.

    Is there anyway of recovering the data on the card?  You mention copying the data from the device to the desktop and back with ActiveSync, but this hasn’t worked for me.  Storage card encryption is currently off on the new device (once bitten and all that), would I need to switch this on again for the recovery to work?

    TIA,

    Colin

  115. Mike says:

    I’m in agreement with Wayne on this one.  This feature is useless without key escrow and recovery.  I learned the hard way when I performed a hard reset of my phone.  I lost access to all my files.  I assume that the keys are also lost during the upgrade of WM 6 to WM 6.1.  This is really a major oversight and from here on out, I will recommend to all my clients to not use encryption.  What if they have to replace their broken phone with a new one?  Guess what, they lost all their files.  

  116. Marie says:

    I have the htc mogul 6800, recently went to setting, system, encryption and checked  the box to encrypt files on the storage card.  Now I try to delete files on the main memory or on the card, it says cannot delete access denied , be certain the file is not write protected or not currently in use. I remove the storage card and try to erase a file on the main memory but I get the same problem. I used to sync perfectly, now I cannot; after I plug the pocket pc to my desktop or laptop, the active sync start running and stop with an error message.  Even though I go back to settings & uncheck the encryption box, the problem stays the same.  Went back to setting to and find the check mark back in the encryption box where I just removed it.  I would like to do a hard reset to install the new version of htc (update) but because I cannot sync my info  I don’t know what to do.  please let me know how to fix that.

    Thanks,

    mikatou@hotmail.com

  117. YACO says:

    is there a Registry (or another "automatic" way) to permanently disable the encryption?

  118. scyost says:

    I guess it depends what you mean by permanent. You can programmatically control the feature using the CSP and there are some XML examples on MSDN : http://msdn.microsoft.com/en-us/library/bb416357.aspx.

  119. Hans-Juergen says:

    Hi, is it possible to modify the encryption key on WM6 and use own keys, (properly signed) instead of that one used by OS ?

  120. Raghuchaitra says:

    How do I exclude a directory or partition on the Internal storage?

    After I check the checkbox to encrypt files on storage card and copy a file to my Internal flash and clean the persistent store, The file copied is ecrypted.

  121. WTF says:

    I am screwed!!

    I did my homework and used spb backup, but the backup file rendered useless after a hard reset!

    Why does life has to be so cruel?

  122. Mark says:

    Can the SD card be formatted after its been encrypted?  

    I want to use it across multiple devices :O

  123. Dave says:

    Ok! Scott, I have seen many references to this but for some reason you don’t want to answer?????

    I have WM6.1 and suddenly without cause all my data is now encrypted with the menc extension.  The data is still there however I am unable to see it.

    We all know there must be a way to access and you are holding it close to vest.  I would like to know how I can retreive my information please.

    It is amazing that a program like this with such apparent flaws exists on a device that business users hold important information on and can completely disable our work.  From my understanding, you are partly to blame for this and as such I would expect an answer.  Not just me but the hundreds of others suffering this same fate.

    Please own up and tell us how to get our data back.  It is the least you can do!

  124. scyost says:

    It’s the last entry in the FAQ on this page. If the key is lost due to hard reset or changing phones, etc. there is no way to recover the data. We don’t have any sort of backdoor or escrow key for it.

  125. STOJR says:

    Scott,

    this is really messed up, why wouldn’t the Mobile team put more of a warning here? My Treo would regularly have to be hard reset and i just had to hard reset my Samsung 6.0 i760 because a program caused it to lock up on booting. So now i lost all my files, if i had known this i wouldn’t have used this encryption method.

    This is a huge flaw in my opinion that MS needs to fix. A simple warning screen to back up the encryption key or to not hard reset your phone no matter what would at least help the problem.

  126. DSLaBuda says:

    I updated the rom in my pda phone from wm6 to 6.1 and my key was lost…  I wouldn’t be so ticked about it except for the fact there were quite a number of files I had just transferred off my old phone via bluetooh and hadn’t copied them to the pc yet.  One of the last photos I had of my father a few days before he died was one of them.

    Why in the hell when upgrading the OS isn’t the decryption key preserved?  at least a pop-up warning when running the installer when it detects encryption enabled telling you to copy the entire contents of your card?  It is not that hard to implement.

    I know MS isn’t affected one way or another if I get my data or not as long as the profit comes in, but mine and the above user experiences could only serve to convince people to never use encryption to save the hassle.  That’s like running without AV, firewall, or anti-spyware software on your desktop PC.

    I really have nothing else to say, I’m just left with my severe disappointment and contempt in/for MS now.  No reply needed.

  127. Mutley says:

    Scott,

    The other way to look at it is if you lose your phone with the card in it the data is lost too UNLESS YOU BACK IT UP – if you keep important data in one place you can lose it.

    Once the phone is reset the data is gone but it it would be nice if the user could copy the encrytpion key off for storeage on a laptop or disc or a postit note etc when they turned encrytion on. The idea of encryption is to keep the file and the key seperate – not making the key inacessable.

  128. Tomas says:

    Hi, I have a Interesting problem.  I encrypted the files on my TREO 750 but suddenly my treo is not recognizing the minisd, how can I recover the files on the sd?.  I have not hard reset the phone, how can i recover the key and install it on my laptop?

  129. scyost says:

    @STOJR,

    We made the message a lot more explicit in WM6.1 in response to some of the feedback in this page. However, that message doesn’t really cover all the scenarios – lots of OEMs write their own hard reset apps and we can’t control the text they choose to put in them. We’ve worked with some of the major OEMs to make the scenario better there.

    In my unofficial opinion the best fix would be for the storage card encryption key to be escrowed to Exchange so it can be restored in roughly the same manner that you can do a PIN reset with Exchange. That’s a feature I would definitely like to have, but I don’t know when we would be able to do it.

  130. Wisetechie says:

    Can we save the mail messages directly to SDHC cards ?

  131. ddrkcode says:

    Hi,

    1. When it mounts cards every times,

      WM6.1 create ‘EncFiltLog.menc"file if there isn’t in it?

    2. When it mounts cards every times,

      WM6.1 overwrite "EncFiltLog.menc"file if there is in it?

    3. Can I read "EncFiltLog.menc" file?

      I think there is just "0".

      But the time I have tested, I can read something like that:

        Bd a t   

        T e s t F  i l e _ 1 0   0 .

        TESTFI~1DAT   ?8?  ?8  ……….

      My test:

        Sleep -> WakeUp -> Write "%d_TestFile.dat" many times

    4. Can I remove or do not use Enc filter?

      If it is possible, How?

  132. Daniel Wood says:

    i think its dump, what if your phone for some reason or other is dead and i mean wrote off, you call up insurance they take your old phone, you keep your memory card with all your precious memories and data thinking they are safe, you would be correct they are that safe no one can ever access them again could you not make some sort of program that you could access them from with your imei and pin or something its not like everyone is carrying around plans for some weapon of mass destruction that could fall into the wrong hands.

  133. scyost says:

    The feature is off by default. I’d recommend that you don’t turn it on unless you think data on your storage card is confidential.

  134. shawn says:

    is there a way i can disable the encryption perm. so i never have to worry bout it encrypting data? i have confid. data and would like to use this feature, but if i have a choice between having my device stolen or losing all data forever (encryption)!! i will choose the possibilty of it being stolen. it seems to me that ms has really screwed the pooch with the encryption.

  135. Ci Long says:

    I have suffered the same problem as some of the users here. The encryption box wasn’t tick at all but my memory card has the menc file there. Why is this happening? And to make things worst, sometimes it won’t be able to scan the SDMMC folder because of it. I’m using an Eten M800 with a Boge developed custom firmware

  136. Steve says:

    Having read so many negative comments about WM6 encryption I thought I should point out that for some (most?) people the way encryption is provided is excellent. The user doesn’t have to bother with additional passwords. The process really is seamless and very quick, particularly when compared to other products. In fact even when opening large files, WM6 with encryption isn’t slower than WM5 without encryption. We run Windows Mobile devices in a special kiosk mode so the user cannot access anything other than we permit. There is a huge amount of intellectual property on the SD Cards. WM6 encryption protects this. I just wish it was available for our WM5 devices. (I’m aware of WM5 encryption products but they require user intervention to enter passwords and/or don/t automount.) Don’t change encryption!

  137. jscott1014 says:

    I upgraded the software on my t-mobile wing and now its not reading the files on my storage card. the files where encrypted before I up dated the software.

  138. michael says:

    I have never checked the encryption option. Yet, when I recently upgraded the rom (not sure that’s the right name for it) from 6.13 to 6.17 on my Bell HTC, all files stored on my SD card became MENC. It’s the same phone. Can anything can be done to recover these files?

  139. tamara says:

    It’s horrible (WM 6.1)! I experienced the same thing that many of the users point – NEVER ACTIVATED ENCRYPTION (the box is still unchecked). NEVER DID HARD RESET.

    All of a sudden, all my files and folders disappeared, and i got the EncfiltLog.menc thing. I cannot read them, I cannot recover them, and since i just bougth the HTC TyTN II, I even didn’t back it up yet! I had TOMTOM installed and all the maps were in the SD card. Everything gone and TomTom applications responds "No maps found".

    They are still there but i cannot recover them. I ran tons of data recovery utilities but in vain.

    I do not communicate with Exchange (haven’t even set my email delivery to the TyTB II yet and i do not intend to)! I am the perfect stand-alone PDA user, so no policies are enforced on me. Based on this post, I should be able to view my files on my device BUT I CAN’T. THERE MUST BE A WAY TO ACCESS THEM, the key must be there, I never deleted or hard-reset anything!

    H-E-L-P PLEASE!

    I frantically googled for any help – this seems to be a problem for many more! http://forum.ppcgeeks.com/showthread.php?t=31549

  140. josh says:

    is it possible that connecting your phone to active sync and active sync deleting all your contacts could cause your phone to lost the encryption keys… my phone has not been hard reset but i don’t know how to access my sd card info it went blank and i have no idea how to get to it 🙁

  141. scyost says:

    There’s a couple different issues here.

    tamara, in your case and in that thread, it mentions that the storage card is EMPTY except for encfiltlog.menc. This doesn’t have anything to do with the storage card encryption feature. That log file gets created all the time. It means your storage card got erased somehow. There are a variety of reasons why this could happen and they’re really hard to troubleshoot.. some of them are: hardware failure, filesystem corruption on the card, driver bugs, operating system bugs. It’s really hard to figure out in retrospect, but it’s not related to the encryption feature. The presence of that log file is a red herring in this case.

    In michael’s case above, that does sound like the keys were lost. Was that an official ROM upgrade? I doubt there is any way to recover the data – once the keys are gone, they are gone.

  142. tamara says:

    Scott:

    First, I thank you so much for taking the time to reply! Honestly, i didn’t expect it so i am VERY impressed. I was thinking myself too that something else must have happened and the encryption may be the red herring. The card is empty but the files are still there – the space used says "1.3 gb" (meaning TomTon folders and files are there) and I can see in some data recovery tools the files with the lost FAT chain. Yes, indeed, this may be due to file system corruption.

    What lead me to believe it was somehow the encryption was because of other posts (including a few in this blog) and the link I gave before (i add some more). The only other thing that comes to my mind is that this happened after I installed and used Newsbreak (podcatching software). I found another post related to this problem and Newsbreak.

    I do not say it’s Newsbreak fault (I was  convinced it was the encryption of WM 6.1 but your kind reply convinces me to look elsewhere too) but I of course removed Newsbreak just in case.

    However, i would still insist that a pattern emerges here from reading the posts: 1) many experience sudden disappearance of their files 2) all are experiencing it with WM 6.1 and 3) many link it to the encryption menc file which suddenly appears on their card! And I wanted to be sure this is not a bug in WM 6.1 and that i can control it to some extent.

    Since many posters assume that if they see the log file, it is the encryption to blame, probably it would help if your team posts in the FAQ a more detailed description of the role of this file with the lock icon on it.

    Again, T-H-A-N-K  Y-O-U!!!!!

    http://forum.ppcgeeks.com/showpost.php?p=127268&postcount=28

    http://pdaphonehome.com/forums/samsung-sch-i760/116086-memory-card-problem.html

    http://www.clieuk.co.uk/forum/showthread.php?p=115860

    http://forum.xda-developers.com/showthread.php?p=2607202

  143. Brandy says:

    I was not aware of the fact that all this affected my files I placed on my phone under encryption and now after being prompted to update my phone have done so and lost years of photos and such of my son only stored through my phone is there any new discoveries on a way to access these files or it it a complete lost cause of 5 years of my sons life?   please help single mother with an only child…e-mail reply to upsidedownrainbow@msn.com please

    Brandy

  144. scyost says:

    Hey Tamara,

    I’ve been monitoring the comments on this blog for a few years and I’ve seen a steady stream of complaints about lost storage card data, especially in MikeCal’s entries about storage cards on this blog. So I suspect there are multiple devices that experience the problem but I don’t have any info about if there’s any commonality between manufacturers, parts, OS versions, etc. I was definitely seeing the complaints before WM6.0 released. (and storage card encryption was actually in WM6, not 6.1)

    I definitely agree with your last statement – if I didn’t know what that file did, I would suspect it too. I wish we had hidden the file. I’ll look at adding a tidbit about it to the FAQ. I’ll need to talk to the filesystem team first and make sure the statement will be accurate. 🙂

    Thanks!

    Scott

  145. Patrick.B says:

    I have the ATT (HTC) Tilt and I upgraded from WM6 to WM6.1.  The instructions said to back up using Sprite to the storage card.  Then remove card and do the RUU upgrade.  Now I have menc files?  Is there any hope?

  146. bimal says:

    I want to open my menc file in my destop pc,how is the possible????,

    Actually i took some photo from my windows mobile, I want to use these photo in my pc but my pc is not sopport for these file.Why??

  147. Jake says:

    I work at a warranty service center for one of the major cell phone companys. i am seeing this list of people stating that they are having issues with loosing data and it seems they are being ignored with a no not possible to recover. i now have dealt with a customer who had a hard reset performed on thier device and now has this issues where all of thier data is .MENC  and cannot be accessed. who thought of putting this feature on a device and ontop of that selecting it to be on by default witch it was after hard reseting the device it was on by default again.

    if any one has any information on helping plz post it. i will be looking for my own answers as well and will post here if i find a way.

  148. Jo says:

    Hi all,

    I am another victim of not documenting myself before using a MS encryption routine.

    1. the damn decryption key should be prompted to be exported/saved somewhere on the phone or emailed or wtf you choose.

    2. there should be a decrypter to use it with on a windows pc (or better if java portable application for mac and linux pcs.)

    3. the user should be heavily molested by the prompts announcing the no chance recovery of any files written from now on if not on the phone.

    I am very disappointed in the management of this functionality.

    At least you should release a bruteforcer application for us idiots who did not google wm6 card encryption issues before starting to use it…

    If the key is based on the pin or the lock code can’t it be recovered in some way? I saved all my application data dir is it somewhere in that folder?

    Jo (a pm with a brute forcer would be appreciated; my email with no ats&dots: menc gm3consulting com)

  149. Jo says:

    PS I have a brand new ibm 3850 4 quad core and tons of ram I’d use it for 2 years to get back a few recordings that would be life savers in court.

    Just send info or a script and libs to start a brute force attack.. I have pin and wm lock code if that’s of any use…

  150. GG says:

    Hi

    Reflashed my phone and lost some files… ok my mistake (…)

    I now find my encryption activated from last rom upgrade.

    NO card in the phone.

    I remove the tick from the enryption settings icon and press OK.

    I re-enter to check and I find it is still there. I can remove it 20 times but it will always stick up.

    How can I remove this via registry editor? I have rescos installed.

    Re flashing the phone but I always get this setting permanently enabled when I would even disable it permanently: I use FreeOTFEPda which uses container files that are readable from PC’s too and that will do for my needs: confidential material will be there.

    Please if someone knows a reg key to edit or I’d even erase the crypto-whatever-dll… don’t need this functionality as I already lost files…. thank you very much!

    PS are there any paid support teams of real wm professionals to contact?

    GG

  151. kumar says:

    Storage card Encryption WM6.1

    My recently purchased Non touch screen Windows mobile 6.1 device do not have encryption menu under settings nor under sub folders as indicated in the following link.

    http://www.microsoft.com/windowsmobile/en-us/help/security/encrypt-storage-card.mspx

    Help.

    Thanks,

    Kumar

  152. moiashvin says:

    Hi,

    I’ve got two questions:

    1. How can I enable the encryption via registry keys/settings?

    2. I want to copy the files from the storage card to a desktop PC using the RAPI library. Will I need to write code to decrypt these encrypted files? or does the WM 6.0 operating system handles this automatically when transferring? If I need to write the code, how can this be done?

    Thanks.

    Ashvin

  153. scyost says:

    1) use the CSP w/ DmProcessConfigXML(). see the example at https://blogs.msdn.com/windowsmobile/archive/2007/03/26/windows-mobile-6-storage-card-encryption-faq.aspx#1965746

    2) it will work automatically

  154. Kevin says:

    Scott,

    I had enabled the encryption on my HTC 8525 and saved some files to my memory card.  I was reviewing all the issues above with lossing the encryption key during a hard reset or when replacing my phone so I unchecked the encryption from the settings and tried to backup the data to my computer.  However, I noticed that all the files that are transfered from my phone to my computer are still encrypted and any new files that I download are still being encrypted.  I checked the encryption option and it still indicates that its off….can you help?

    Thanks!

    Kevin

  155. SethF says:

    I have an iPaq 211, and I can not get it to encrypt the contents on the CF card.

    I delete all files.

    Enable encryption.

    Create a file locally and copy file over via ActiveSync.

    From what I understand, these files should be encrypted, right?

    Yet, if I remove the card and insert it into another device, the files are accessible.

    Thoughts?

    Thanks

    Seth

  156. Steve Harkins says:

    I’ve written a File System Filter to secure data stored on a Smart SD card (keys stored in the smart card component of the SD).

    This works well with WM 6.0. I’ve recently tested on a Palm Treo Pro running WM 6.1 and it fails any idea what could be wrong?

    My first thought was that the FILTERHOOK structure has changed.

    Any help would be appreciated.

    Cheers,

                Steve

  157. scyost says:

    @Seth

    Hey Seth,

    It’s hard to say without being able to inspect the device, but yes, that should work. Is the storage card mounted as "Storage Card?" One possibility is that the OEM configured the CF card as internal instead of external storage. If so, it wouldn’t be encrypted by the feature.

    Scott

  158. scyost says:

    @Steve

    I believe the FILTERHOOK structure did change for 6.1. Can you recompile against the newer version of the headers?

  159. Steve Harkins says:

    Hi Scott – sorry for the slow reply.

    Yes, the card is mounted as "Storage Card" – although I can change it via a registry setting.

    I get the same problem on all the Windows Mobile 6.1 devices

    I’ve tried (Sony Ericsson xperia, XDA Orbit and Palm Treo) so I don’t think is something the OEM has done.

    Is there a new SDK for 6.1? Any idea where can I get newer versions of the header filed that define FILTERHOOK?

    Cheers,

    Steve

  160. KevinR says:

    Hello,

    Management wants to have our WinMo 5 and 6.1 phones "encrypted" we don’t allow staff to use flash cards.

    Is there any way/reason to encrypt the internal storage? Do we require a third party tool? can’t find any tools that mention working with more recent versions of windows mobile.

    We have the devices protected by a pin from exchange. Are there any security recommendations for win mo?

  161. Vladimir says:

    What I have:

     At&t tilt with windows mobile 6.1

     Kingston 4Gb flash card (I use it for file transfer between phone and computer)

     I have never used Storage Card Encryption.

    What I did:

     Insert TMobil SIM card

     Turn phone on. Phone is locked to At&t so it asked   me for unlock key. I didn’t do anything just turn it off and put back my At&t SIM card.

    What I got:

     There is only one file card EncFiltLog.menc on the flash, I  have never seen it before.

     All my files gone. Flash card doesn’t look empty. I tried to check it using R-Studio software and it recovered all my files… Files were not just hidden.

    What was happen? If card was encrypted why it happened without my permission and why it is so easy to recover it?

Skip to main content