[英]Automatically accessing Truecrypt/Keepass etc. using Windows 7 password
I basically want to automatically mount a (non-system) Truecrypt volume or start Keypass just protected with a single (secure) password, the one windows 7 use for default authentification. 我基本上想自动安装一个(非系统)Truecrypt卷或启动一个受单个(安全)密码保护的Keypass,这是Windows 7用于默认身份验证的密码。 I'm using C#.
我正在使用C#。
For 1. I couldn't find anything (the password is not stored anywhere, just a hash of the password is stored) 对于1.我什么也找不到(密码未存储在任何地方,仅存储密码的哈希值)
For 2. I already tryed some things. 对于2.我已经尝试了一些东西。 I got a program to execute before a user logs on using
GPEDIT.MSC
Computer Configuration -> Windows Settings -> Scripts -> StartUp . 在用户使用
GPEDIT.MSC
计算机配置-> Windows设置->脚本->启动之前,我有一个要执行的程序。 Then I tryed to get the password using global key hooks (tryed GetAsyncKeyState
and SetWindowsHookEx
). 然后,我尝试使用全局密钥挂钩(
GetAsyncKeyState
使用GetAsyncKeyState
和SetWindowsHookEx
)来获取密码。 Both work well when I try to capture keys when I'm already logged in, but not during the login process. 当我尝试在已经登录时(但在登录过程中)无法捕获键时,两者都可以正常工作。
But I found a keylogging software (Elite Keylogger) which is actually able to get the password that way (when logging in). 但是我发现了一个键盘记录软件(Elite Keylogger),该软件实际上能够以这种方式(登录时)获得密码。 (I tryed the trial version in VMWare).
(我在VMWare中尝试了试用版)。 The other things if tryed in VM Ware and also on a real machine.
如果要在VM Ware和真实计算机上尝试其他操作。
Thank you for any help or tips. 感谢您的帮助或提示。
I'm doing something similar with batch scripting in order to automatically mount a Truecrypt (or Veracrypt if you prefer) volume upon Windows login with Windows 10. I use a KeePass file setup to use Windows Authentication to securely house the encrypted volume password. 我正在执行与批处理脚本类似的操作,以便在Windows 10上登录Windows时自动挂载Truecrypt(如果需要,可以选择Veracrypt)卷。我使用KeePass文件设置来使用Windows身份验证来安全地存储加密的卷密码。
Here's the process: 1) Create your truecrypt or veracrypt non-system volume 2) Create a KeyPass file to hold an entry containing the password to the encrypted volume. 过程如下:1)创建您的truecrypt或veracrypt非系统卷2)创建一个KeyPass文件,以保存包含加密卷密码的条目。 Setup the KeyPass file to use windows authentication under the login you will use when you want the drive to automatically mount.
希望您自动安装驱动器时,将KeyPass文件设置为使用Windows身份验证进行登录。 3) Use a batch script like the one below to open the encrypted volume.
3)使用下面的批处理脚本打开加密的卷。 By housing the password in the KeyPass file with windows authentication you prevent exposing the password in plain-text in the batch file.
通过Windows身份验证将密码保存在KeyPass文件中,可以防止在批处理文件中以纯文本形式公开密码。 You'll need to modify this script to your specific system.
您需要将此脚本修改为您的特定系统。
@ECHO Mounting Secure Drive (S:)
@ECHO OFF
SETLOCAL EnableDelayedExpansion
SET x=0
FOR /F "usebackq" %%F IN (`"C:\Program Files (x86)\KeePass Password Safe 2\KPScript.exe" -c:GetEntryString C:\<LocationOfYourKeePassFile>\<keepassfilename>.kdbx -useraccount -ref-Title:<entrytitle> -Field:Password`) DO (
SET Pass!x!=%%F
set /a x+=1
)
"C:\Program Files\TrueCrypt\truecrypt" /v \Device\Harddisk0\Partition4 /ls /s /q /p %Pass0% /b /h n /w
4) Lastly, set up a windows Task Scheduler to run the batch upon windows login. 4)最后,设置Windows任务计划程序以在Windows登录时运行批处理。 Trigger should be "at log on" for the target user account.
目标用户帐户的触发器应为“登录时”。 Action should be "Start a Program" with the target the full path to the batch script
操作应为“启动程序”,目标为批处理脚本的完整路径。
Another feature I like about this approach is that I can save the encrypted file volume password elsewhere incase the windows account is corrupted or deleted. 我喜欢这种方法的另一个功能是,我可以将加密文件卷密码保存在其他地方,以防Windows帐户被破坏或删除。 Ie I may lose access to the KeyPass file that is setup to use windows authentication but if I've saved the actual encrypted disk password somewhere else, I can still restore access to the encrypted volume.
也就是说,我可能无法访问设置为使用Windows身份验证的KeyPass文件,但是如果我将实际的加密磁盘密码保存在其他位置,我仍然可以恢复对加密卷的访问。
You change your KeePass database to use your Windows account as the master key, then install the TrueCrypt
plugin for KeePass. 您更改您的KeePass数据库以使用Windows帐户作为主密钥,然后为KeePass安装
TrueCrypt
插件。 You then have an entry in KeePass that contain the password for the TrueCrypt
mount also registered with the TrueCrypt
plugin. 然后,您会在KeePass中有一个条目,其中包含
TrueCrypt
安装的密码,该密码也已通过TrueCrypt
插件注册。
With that in place, after you've logged in, open KeePass and select the entry and click Ctrl + T and you have the volume mounted in TrueCrypt
. 将其放置到位后,登录后,打开KeePass并选择条目,然后单击Ctrl + T,然后将卷装入
TrueCrypt
。
There is a way of unlocking a KeePass database with its master password automatically after the Windows log on. Windows登录后,有一种方法可以使用其主密码自动解锁KeePass数据库。 You can use the same database on other computer, because it will not be bound to your Windows user account.
您可以在其他计算机上使用同一数据库,因为它不会绑定到Windows用户帐户。 See this Super User answer for details.
有关详细信息,请参见此超级用户答案 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.