Sign in or 
| Version | User | Scope of changes |
|---|---|---|
| Sep 2 2009, 8:42 AM EDT (current) | talontsi07 | 4 words added, 2 words deleted |
| Feb 10 2009, 7:54 PM EST | rabidraccoon |
Changes
Key: Additions Deletions
Windows Mobile 6 Storage Card Encryption Windows Mobile 6 based Pocket PC and Smartphone devices support encryption of data stored in external removable storage cards. Specifically: Encrypt data written from the mobile device to removable media. The data will be encrypted for use on the encrypting device only. Enable "Over The Air" provisioning of encryption via Microsoft Exchange or other OTA Device Management solution. Encryption is transparent to applications and user – minus performance impacts. Desktop access to encrypted data files via Microsoft ActiveSync®ActiveSync® (AS) file explorer. User control over mobile encryption configuration.
How to use Storage Card Encryption
Determining which files are encrypted
You will be able to tell the difference when you can remove the storage card and insert it in another device or card reader. Encrypted files will be displayed as .MENC files, with the following filename convention:
[filename].[extension].[GUID].menc
The [GUID] is the encryption key that determines whether the file can be decrypted on the device where the storage card is inserted. The .menc extension is the indicator that tells whether a file is encrypted. The purpose of the extension is to indicate that you can't open those files. A Lock icon is also associated with the encrypted files.
When you insert the storage card back to your device where the files were encrypted, the [GUID] will match with the decryption key on your device and the [GUID].menc extension will not be displayed. Encrypted files will appear just like normal files and they can be opened.
Decrypting files:
To decrypt files that are encrypted, the current solution is to transfer them from the storage card to a computer via ActiveSync or Windows Mobile Device Center, and then copy them back to the storage card after the Storage Card Encryption has been disabled on the device.
When Storage Card Encryption is enabled, the DPAPI master key (decryption key) is stored on the devices internal flash. If the device is hard rest/cold booted, the encryption key will be deleted and cannot be retrieved! When a customer is doing a Hard Reset/ColdReset/Cold Boot, if the device detects that Storage Card Encryption is enabled, it will give them a warning to back up the files from their card so they can be retrieved once the encryption key is deleted during the Hard Reset process. For more information, refer to the Windows Mobile 6 Storage Card Encryption FAQ at the following URL:
http://blogs.msdn.com/windowsmobile/archive/2007/03/26/windows-mobile-6-storage-card-encryption-faq.aspx
How to use Storage Card Encryption
- Windows Mobile 6-powered devices support encryption of data stored in external removable storage cards and provide the ability to remotely wipe the device.
- The encryption can either be enabled by the user or enforced through an Exchange 2007 policy.
- WARNING: If the device is Hard Reset/Cold Booted, the encryption keys will be permanently deled and cannot be retrieved to decrypt the card! SEE THREAD BELOW FOR A SOLUTION
- Insert Storage Card into the device.
- Go to Start>Settings>System Tab>Encryption.
- Check the box that says “Encrypt files placed on the storage card.”
- Tap OK.
Determining which files are encrypted
You will be able to tell the difference when you can remove the storage card and insert it in another device or card reader. Encrypted files will be displayed as .MENC files, with the following filename convention:
[filename].[extension].[GUID].menc
The [GUID] is the encryption key that determines whether the file can be decrypted on the device where the storage card is inserted. The .menc extension is the indicator that tells whether a file is encrypted. The purpose of the extension is to indicate that you can't open those files. A Lock icon is also associated with the encrypted files.
When you insert the storage card back to your device where the files were encrypted, the [GUID] will match with the decryption key on your device and the [GUID].menc extension will not be displayed. Encrypted files will appear just like normal files and they can be opened.
Decrypting files:
To decrypt files that are encrypted, the current solution is to transfer them from the storage card to a computer via ActiveSync or Windows Mobile Device Center, and then copy them back to the storage card after the Storage Card Encryption has been disabled on the device.
- To disable Storage Card Encryption:
- Go to Start>Settings>System Tab>Encryption.
- Uncheck the box that says “Encrypt files placed on the storage card.”
- Tap OK.
When Storage Card Encryption is enabled, the DPAPI master key (decryption key) is stored on the devices internal flash. If the device is hard rest/cold booted, the encryption key will be deleted and cannot be retrieved! When a customer is doing a Hard Reset/ColdReset/Cold Boot, if the device detects that Storage Card Encryption is enabled, it will give them a warning to back up the files from their card so they can be retrieved once the encryption key is deleted during the Hard Reset process. For more information, refer to the Windows Mobile 6 Storage Card Encryption FAQ at the following URL:
http://blogs.msdn.com/windowsmobile/archive/2007/03/26/windows-mobile-6-storage-card-encryption-faq.aspx
