locked
Win32 OpenEncryptedFileRaw() fails for BITLOCKER under Windows 7. RRS feed

  • Question

  • Hello,

    I have a Win7 Ultimate development computer.  The application is running elevated by an Administrator.  We have the SEBACKUPNAME token.  The code works under Vista and WinXP, but not under Win7.

    To ensure that my code, which performs backups and restores of NTFS encrypted files, is working properly under Win7, I created an encrypted drive and placed a few files on it.  Without unlocking the encrypted drive by entering my password, I ran my application which simply tries to successfully OpenEncryptedFileRaw().  The code works perfectly under WinXP and Vista, but it fails under Win7.  When I try to OpenEncryptedFileRaw() on a file on the encrypted drive without opening the drive with our password, I receive the following error:

    Error Code: 0x80310000
    Error Msg: This drive is locked by BitLocker Drive Encryption. You must unlock this drive from Control Panel.

    Since our code is a backup and restore utility, it must be able to backup encrypted files without knowing the encryption password.  We should be able to use the OpenEncryptedFileRaw(), ReadEncryptedFileRaw(), WriteEncryptedFileRaw(), and CloseEncryptedFile() functions, but they never work under Win7 even with the simplest test program.  One strange thing that I noticed is that when OpenEncryptedFileRaw() fails, we get a non-zero return code, which is correct, however GetLastError() always returns that the operation had successful completed...  So... strange.

    By the way, we also need to determine whether a file is encrypted so we can use the proper method to back it up, so we use FileEncryptionStatus() to answer this question.  Unfortunately, it is doing exactly the same thing as the previously mentioned functions.  HELP!!!  :)  Is there a new process priv that we need to do this work under Win7?  Do I need to report this as an issue to MS?

    Anyway, I'd appreciate any help with this issue and I am wondering whether this is an error in Win7 or a "cockpit error" by me.

    Thanks for your help,

    Mike

    • Edited by ABOHAK Sunday, October 11, 2009 2:52 AM
    Saturday, October 10, 2009 4:25 AM

Answers

  • I have found a way to detect whether a drive is BitLocker encrypted, but it uses the WMI interface:

    ------------------------------------------------------
    GetIdentificationField Method of the Win32_EncryptableVolume Class
    The GetIdentificationField method of the Win32_EncryptableVolume class returns the identifier string available in the volume's metadata.

    Syntax
    uint32 GetIdentificationField([out]  string Identifier);
    Parameters
    Identifier [out]  A string that specifies the identifier that is assigned to the volume.

    Return Value
    This method returns one of the following codes or another error code if it fails.
    -------------------------------------

    My experience with WMI is that it can be pretty slow.  Is there another way to determine whether a volume it BitLocker'ed (i.e. Win32)?


    ================================================
    Alternatively, I've just found the following Win32 function, which requires
    at least Vista.


    DetectEncryptedVolume Function

    Determines whether the volume is encrypted with BitLocker technology. If the volume is encrypted, the function determines whether it is unlocked.

    Syntax
    C++ BOOL WINAPI DetectEncryptedVolume(
      __in   PFILE_RESTORE_CONTEXT Context,
      __out  PDWORD VolumeEncryptionInfo
    );
    Parameters
    Context [in]
    A pointer to the file restore context that was created by calling the CreateFileRestoreContext function.

    VolumeEncryptionInfo [out]
    The status of the volume. The value can be VOLUME_INFO_ENCRYPTED or VOLUME_INFO_LOCKED.

    Return Value
    If the function succeeds, the return value is nonzero.

    If the function fails, the return value is zero. To get extended error information, call GetLastError.

    Requirements
    Minimum supported client Windows Vista
    Minimum supported server Windows Server 2008
    Header Fmapi.h
    Library Fmapi.lib
    DLL Fmapi.dll

    • Proposed as answer by Fisnik Hasani Sunday, October 11, 2009 8:08 AM
    • Edited by ABOHAK Thursday, October 15, 2009 9:06 AM
    • Marked as answer by ABOHAK Thursday, October 15, 2009 9:06 AM
    Sunday, October 11, 2009 6:28 AM

All replies

  • Hello Mike and Welcome to the MSDN Forums Community:

    According to some research on Internet, you have already posted a Question at Expert Exchange, right?
    As far as I can tell you is, read at MSDN Library and check the function() references, here is a direct link.

    I hope the above helps...

    Have a nice day...

    Best regards,
    Fisnik


    Coder24.com
    Saturday, October 10, 2009 12:46 PM
  • Hi Fisnik,

    Thanks for your reply and the link.  Yes, the contents of the link are very familiar to me since I have code that uses that function and it works properly on  WinXP and Vista.  But, the issue is that the same code does not work under Win7...  I have scoured the Internet and MSDN, but have had no luck in finding updated information for Win7.  I hope that someone can tell me how to get around this issue.

    Thanks and have a great weekend,

    Mike
    Sunday, October 11, 2009 2:27 AM
  • Hmmm...  I may have found a part of the answer...  I think that I have been confusing BitLocker with EFS...  I assumed they were the same thing, but they are not...  I found an article that compared the two technologies.  My application was trying to access a BitLock'ed file whereas under Vista and WinXP, I was accessing and EFS file.  If I try to access an EFS file under Win7, I will bet that it will work (I will verify tomorrow).  BUT...  The refined questions are the following: (1) How can I permit our backup and restore application to backup and restore encrypted files under BitLocker; and (2) How to tell whether BitLocker or EFS is being used for an encrypted file?
    Sunday, October 11, 2009 2:42 AM
  • Hmmm...  I have not found anything specifically stating that VSS must be used to backup/restore a BitLocker volume, but it makes sense...  Still searching for the answer...
    Sunday, October 11, 2009 3:06 AM
  • I have found a way to detect whether a drive is BitLocker encrypted, but it uses the WMI interface:

    ------------------------------------------------------
    GetIdentificationField Method of the Win32_EncryptableVolume Class
    The GetIdentificationField method of the Win32_EncryptableVolume class returns the identifier string available in the volume's metadata.

    Syntax
    uint32 GetIdentificationField([out]  string Identifier);
    Parameters
    Identifier [out]  A string that specifies the identifier that is assigned to the volume.

    Return Value
    This method returns one of the following codes or another error code if it fails.
    -------------------------------------

    My experience with WMI is that it can be pretty slow.  Is there another way to determine whether a volume it BitLocker'ed (i.e. Win32)?


    ================================================
    Alternatively, I've just found the following Win32 function, which requires
    at least Vista.


    DetectEncryptedVolume Function

    Determines whether the volume is encrypted with BitLocker technology. If the volume is encrypted, the function determines whether it is unlocked.

    Syntax
    C++ BOOL WINAPI DetectEncryptedVolume(
      __in   PFILE_RESTORE_CONTEXT Context,
      __out  PDWORD VolumeEncryptionInfo
    );
    Parameters
    Context [in]
    A pointer to the file restore context that was created by calling the CreateFileRestoreContext function.

    VolumeEncryptionInfo [out]
    The status of the volume. The value can be VOLUME_INFO_ENCRYPTED or VOLUME_INFO_LOCKED.

    Return Value
    If the function succeeds, the return value is nonzero.

    If the function fails, the return value is zero. To get extended error information, call GetLastError.

    Requirements
    Minimum supported client Windows Vista
    Minimum supported server Windows Server 2008
    Header Fmapi.h
    Library Fmapi.lib
    DLL Fmapi.dll

    • Proposed as answer by Fisnik Hasani Sunday, October 11, 2009 8:08 AM
    • Edited by ABOHAK Thursday, October 15, 2009 9:06 AM
    • Marked as answer by ABOHAK Thursday, October 15, 2009 9:06 AM
    Sunday, October 11, 2009 6:28 AM
  • Hi again:

    Good that you finally found a SOLUTION to your PROBLEM!
    Yes, I agree, WMI can be pretty slow some times.

    Thanks for telling me about the solution!

    Have a nice day...

    Best regards,
    Fisnik
    Coder24.com
    Sunday, October 11, 2009 8:07 AM