Cryptography and Identity Authentication Technology-principles and practical applications of PKI & lt; 3 & gt;

Implement encryption protection for office build applications

Word:

A. By default, word uses the rc4 encryption algorithm.

B. Understand the risk of passwords.

1. Set the office password.

2. Crack the office password. Use Accent Office Password Recovery.

3. Process:

A. Install software

B. Start the software.

C. Open the cracked file and click Start.

D. the pop-up prompt shows whether your password has certain characters.

E. Character Set, next step

F. Note: Do you remember part of the password.

G. Select the password range.

H. Length of the password. Start to search for characters. next

I. Set the parameter display.

4. The time for cracking the file is related to the password strength.

Deploy EFS encrypted file system and restore proxy

1. Basic EFS knowledge:

· It is a hybrid encryption system used on the NTFS encryption system.

· Transparent during encryption.

· Working Process: 1.EFS driver calls "Microsoft encryption service provider MCP" to generate a "file encryption key FEK

Generally, a 128-bit key is generated. 2. EFS uses FEK to encrypt the file. Note that only the file data is encrypted, and other attributes are authorized.

Limits remain unchanged. 3. EFS stores encrypted files on NTFS. 4. the EFS calls "MCP" again to obtain the public IP address of the EFS.

Key. Note: When encrypting the file system, you can encrypt another copy of the FEK with a public key. The password can be restored. Reduced security

But the document can be restored to reduce the possibility of document loss.

2. encrypt the file system and restore the Proxy:

· 1. Create three users on the computer.

· 2. Create a document and perform encryption and NTFS partitioning.

· 3. the private key of user1 is on the certificate. MMc to export the Private Key

· 4. user2 fails to decrypt the document because there is no private key.

· 5. The private key from user2 to user1 is successfully viewed.

· Features of a hybrid file system.

3. Start the recovery proxy before encrypting the file.

-- Gpedit. msc --> Public Authorization Policy --》recovery proxy --》cmd--》cipher.exe/r: dra generates a certificate for the recovery proxy

.

-- Group Policy -- recovery agent of the encrypted file system -- add certificate -- Restore agent import computer

-- Import certificate to computer

This article is from the "Security_net" blog, please be sure to keep this http://yxh1157686920.blog.51cto.com/7743046/1299565