While setting up the first ShareFile StorageZone Controller you need to enter a Passphrase. The Passphrase will be used to protect your file encryption key (SCKeys.txt) which is located in the CIFS root folder. Without the Passphrase you won’t be able to add additional StorageZone Controllers, reinstall or recover the current StorageZone or create configuration backups. A running StorageZone controller will still work fine, but you can’t make any changes. I can’t stress out the importance of this passphrase!

Be sure to archive the ShareFile Passphrase and encryption key (SCKeys.txt) in a secure location 🙂 !

Of course you will archive the ShareFile Passphrase and encryption key (SCKeys.txt) in a secure location, but in case the ShareFile Passphrase gets lost Citrix won’t be able to help. According to the eDocs and ShareFile support the Storage Zone should be considered as lost.

Citrix support won’t be able to recover your Passphrase!

While experiencing a lost Passphrase at a customer, we (Daniel Nikolic and Rink Spies) both had the idea it should be possible to recover a lost PassPhrase as long as one of the StorageZone Controller is still up and running. We took a deeper look at how the StorageZone Controllers were configured. Next we reversed engineered the processes which are used by the StorageZone Controller. Soon we had a detailed overview how and where the ShareFile PassPhrase is encrypted and also decrypted!

Now we know how the process works it isn’t that hard to recover the ShareFile PassPhrase. Since decrypting the ShareFile PassPhrase isn’t supported by Citrix and we really want to help the community we decided to write the ShareFileRecoverer.exe program, which could be used by anyone. We compiled a single executable which does the recovery trick for you, without reverse engineering the ShareFile processes yourself.

ShareFileRecoverer.exe is able to recover your ShareFile Passphrase!

First start by downloading the ShareFileRecoverer.exe application (registration required) to the path c:\temp (if the folder doesn’t exist, create it). 

Your Name (required)

Your Email (required)

Logon to the primary StorageZone Controller, launch the Task Scheduler and create a new Task:


Assign the new Task a name, and click the “Change User or Group” button :


 Run the task as “Network Service” :


 Select the Actions tab :


 Click the “New” button :


 Select the ShareFileRecoverer.exe process which you download before :


 Open a command prompt with elevated rights and start the scheduled task:

schtasks /run /TN “ShareFileRecoverer”


 The ShareFileRecoverer process will start doing it’s magic and finally create a txt file with the following contents (open a notepad with the recovered Passphrase information).


We tested ShareFile PassPhrase Recoverer on ShareFile StorageZone Controller version 4.12.50, 4.14.0, StorageCenter_4.1.0.3599, StorageCenter_4.3.0.4299, StorageCenter_5.1.0.5073

  • HĂ©ctor M. Guerrero

    It really works! tested also on 4.14.0. Thanks for sharing.

    Regards from MĂ©xico.

  • It worked with older versions. But with the latest version it doesn’t work anymore. Whereupon I assume it’s an .NET issue as Eventlog states:

    Application: ShareFileRecoverer.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ArgumentNullException
    at System.Text.Encoding.GetString(Byte[])
    at ..(System.String)
    at ..(System.String[])

    Maybe you could have a look at it?

  • Joe

    Hello. I am new to Sharefile and was trying backup the SZC config outlined in the process here: http://docs.citrix.com/en-us/storagezones-controller/3-4/sf-manage-storagezone-controller/sf-install-backup-szc-config.html

    When prompted for the SZC passphrase I blanked and I believe that is why it is not working. So glad to have come across your article here but wanted to make sure I am running a version that the tool supports. How would I go about that? I looked for a config file to possibly display it and on the SZC admin page it is nowhere to be found. Thanks for any help.


  • Philip

    Thanks, I can confirm this works on SZC 3.2.0

  • Jose Daniel

    Works like a charm!
    Tested on Version

  • Vojtech Levy


    i have SZ in version 4.2.0 . Script run OK, but i cant find .txt file with password. Can you tell me where is saved?


    • I don’t think this script works anymore unfortunately.

      • Carlo,

        We did some testing, but in our lab environment the tool still seems to work, even with a 5.x version.

  • Joe

    Yeah, I have the same question as the last post. Where is the output file? I searched the whole drive and cannot find a .txt file that has the info in it.

  • AndrewEvans

    Thanks this worked for me also. For those asking FYI the txt file is output to C:\Temp.

  • Jake

    I also can’t seem to find the text file. I’m guessing that this no longer works unfortunately.

    • The output file “ShareFileRecoverer.txt” will be in the same directory where the ShareFileRecover.exe is placed. In the example above this will be C:\Temp

      Just tested the ShareFileRecover.exe with these versions, which by the way al seemed to work in my lab.

      – StorageCenter_4.1.0.3599
      – StorageCenter_4.3.0.4299
      – StorageCenter_5.1.0.5073

  • Michael Cox

    Hi Team,

    When I run the tool. For the first time it gave me a file with no password.


    Welcome to the ShareFile PassPhrase Recoverer!

    Contact us @

    Daniel Nikolic: d.nikolic@pepperbyte.com

    Rink Spies: rink.spies@open-groupe.nl

    Retrieving the PassPhrase now…
    StorageCenter.OnPremise::GetPassPhrase Enter
    OnPremise::getRegistryValue -Enter
    OnPremise::getRegistryValue Reading value for TempData1
    OnPremise::getRegistryValue Read value for TempData1 =
    StorageCenter.OnPremise::GetPassPhrase TempData1:
    StorageCenter.OnPremise::GetPassPhrase before unprotect
    StorageCenter.OnPremise::Unprotect Enter
    StorageCenter.OnPremise::Unprotect Enter
    StorageCenter.OnPremise::Unprotect EXCEP: Key not valid for use in specified state.

    StorageCenter.OnPremise::GetPassPhrase after unprotect

    From the next time, it does not even give an out put file

    Any pointers will be of great help.

    Thank you.

    • Hi Michael,

      Which version of the StorageCenter?

      • Michael Cox

        I get the above text file, when I run the recovery exe file directly.
        if I run the schtasks there is no file created. The storage zone controller version is The service account that I am using has admin privileges. Any pointers what is happening? Am I missing anything here?

Post Navigation