Q

Win32 API for Windows 2000 Encryption File System

My question is concerning the use of Win32 API for Windows 2000 Encryption File System (EFS). In particular, I'm wondering how to use AddUsersToEncryptedFile(). One of the parameters required is PENCRYPTION_CERTIFICATE_LIST pUsers. I don't know how to provide the correct input for this parameter. Can you help me on this problem?

As the name implies, the AddUsersToEncryptedFile API function adds user keys to a specified encrypted file. I've not personally used this API, but according to the Microsoft documentation, the syntax for this API is:

DWORD AddUsersToEncryptedFile(
  LPCWSTR lpFileName,                  // file name
  PENCRYPTION_CERTIFICATE_LIST pUsers  // user keys
);

lpFileName is a pointer to a null-terminated Unicode string that specifies the name of the encrypted file.

pUsers is a pointer to a certificate list structure that contains the list of new user keys to be added to the file (so you can do more than one at a time).

The ENCRYPTION_CERTIFICATE_LIST looks like this:

typedef struct _ENCRYPTION_CERTIFICATE_LIST {
  DWORD nUsers;
  PENCRYPTION_CERTIFICATE *pUsers;
} ENCRYPTION_CERTIFICATE_LIST, *PENCRYPTION_CERTIFICATE_LIST;

nUsers is the number of certificates in the list and pUsers is a pointer to the first encryption certificate structure in the list. But wait, we are not done yet! The ENCRYPTION_CERTIFICATE has the following structure:

typedef struct _ENCRYPTION_CERTIFICATE {
  DWORD cbTotalLength;
  SID *pUserSid;
  PEFS_CERTIFICATE_BLOB pCertBlob;
} ENCRYPTION_CERTIFICATE, *PENCRYPTION_CERTIFICATE;

In this structure, the cbTotalLength is the length of the structure (bytes) and the pUserSid is the SID (security identifier) of the user who owns the certificate. EFS_CERTIFICATE_BLOB is the structure where you define the certificate encoding type. The values can be:

CRYPT_ASN_ENCODING
CRYPT_NDR_ENCODING
X509_ASN_ENCODING
X509_NDR_ENCODING

Hope this helps.

This was first published in February 2002

Dig deeper on Windows legacy operating systems

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close