While setting up the first ShareFile StorageZone Controller you need to enter a Passphrase. The Passphrase will be used to protect your file encryption key (SCKeys.txt) which is located in the CIFS root folder. Without the Passphrase you won’t be able to add additional StorageZone Controllers, reinstall or recover the current StorageZone or create configuration backups. A running StorageZone controller will still work fine, but you can’t make any changes. I can’t stress out the importance of this passphrase!
Be sure to archive the ShareFile Passphrase and encryption key (SCKeys.txt) in a secure location 🙂 !
Of course you will archive the ShareFile Passphrase and encryption key (SCKeys.txt) in a secure location, but in case the ShareFile Passphrase gets lost Citrix won’t be able to help. According to the eDocs and ShareFile support the Storage Zone should be considered as lost.
Citrix support won’t be able to recover your Passphrase!
While experiencing a lost Passphrase at a customer, we (Daniel Nikolic and Rink Spies) both had the idea it should be possible to recover a lost PassPhrase as long as one of the StorageZone Controller is still up and running. We took a deeper look at how the StorageZone Controllers were configured. Next we reversed engineered the processes which are used by the StorageZone Controller. Soon we had a detailed overview how and where the ShareFile PassPhrase is encrypted and also decrypted!
Now we know how the process works it isn’t that hard to recover the ShareFile PassPhrase. Since decrypting the ShareFile PassPhrase isn't supported by Citrix and we really want to help the community we decided to write the ShareFileRecoverer.exe program, which could be used by anyone. We compiled a single executable which does the recovery trick for you, without reverse engineering the ShareFile processes yourself.
ShareFileRecoverer.exe is able to recover your ShareFile Passphrase!
First start by downloading the ShareFileRecoverer.exe application (registration required) to the path c:\temp (if the folder doesn't exist, create it).
Logon to the primary StorageZone Controller, launch the Task Scheduler and create a new Task:
Assign the new Task a name, and click the “Change User or Group” button :
Run the task as “Network Service” :
Select the Actions tab :
Click the “New” button :
Select the ShareFileRecoverer.exe process which you download before :
Open a command prompt with elevated rights and start the scheduled task:
schtasks /run /TN “ShareFileRecoverer”
The ShareFileRecoverer process will start doing it’s magic and finally create a txt file with the following contents (open a notepad with the recovered Passphrase information).
We tested ShareFile PassPhrase Recoverer on ShareFile StorageZone Controller version 4.12.50, 4.14.0, StorageCenter_18.104.22.16899, StorageCenter_22.214.171.12499, StorageCenter_126.96.36.19973