Demystifying the ShareFile StorageZone Controller Passphrase

While setting up the first ShareFile StorageZone Controller you need to enter a Passphrase. The Passphrase will be used to protect your file encryption key (SCKeys.txt) which is located in the CIFS root folder. Without the Passphrase you won’t be able to add additional StorageZone Controllers, reinstall or recover the current StorageZone or create configuration backups. A running StorageZone controller will still work fine, but you can’t make any changes. I can’t stress out the importance of this passphrase!

Be sure to archive the ShareFile Passphrase and encryption key (SCKeys.txt) in a secure location 🙂 !

Of course you will archive the ShareFile Passphrase and encryption key (SCKeys.txt) in a secure location, but in case the ShareFile Passphrase gets lost Citrix won’t be able to help. According to the eDocs and ShareFile support the Storage Zone should be considered as lost.

Citrix support won’t be able to recover your Passphrase!

While experiencing a lost PassPhrase at a customer, we (Rink Spies and Daniel Nikolic) both had the idea it should be possible to recover a lost PassPhrase as long a one of the StorageZone Controller is still up and running. We took a deeper look at how the StorageZone Controllers were configured. Next we reversed engineered the processes which are used by the StorageZone Controller. Soon we had a detailed overview how and where the ShareFile PassPhrase is encrypted and also decrypted! Now we know how the process works it isn’t that hard to recover the ShareFile PassPhrase. Since decrypting the ShareFile PassPhrase isn’t supported by Citrix and we really want to help the community we decided to write the ShareFileRecoverer.exe program, which could be used by anyone. We compiled a single executable which does the recovery trick for you, without reverse engineering the ShareFile processes yourself.

ShareFileRecoverer.exe is able to recover your ShareFile Passphrase!

First start by downloading the ShareFileRecoverer.exe application to the path c:\temp (if the folder doesn’t exist, create it). Logon to the primary StorageZone Controller, launch the Task Scheduler and create a new Task: Task-1 Assign the new Task a name, and click the “Change User or Group” button: Task-2 Run the task as “Network Service”: Task-3   Task-4 Select the Actions tab: Task-5 Click the “New” button and select the ShareFileRecoverer.exe process which you download before: Task-6 Open a command prompt with elevated rights and start the scheduled task: cmd schtasks /run /TN “ShareFileRecoverer” The ShareFileRecoverer process will start doing it’s magic and create a txt file with the following contents (open a notepad with the recovered Passphrase information). Result   We tested ShareFile PassPhrase Recoverer on ShareFile StorageZone Controller version 4.12.50 & 4.14.0. Daniel Nikolic

Is interested in everything connected to technology. Has a passion for cloud, virtualization and software development. Always finds appropriate IT solutions for customers that match their needs strategically, technically and financially.

Core qualities

Quick thinker, result driven, ambitious, customer-friendly, enthusiastic

Running, listening to music, good food and doing fun things with family

Job description
CTO PepperByte, LoadGen, and BlueParq