Ask the Expert

Win32 API for Windows 2000 Encryption File System

My question is concerning the use of Win32 API for Windows 2000 Encryption File System (EFS). In particular, I'm wondering how to use AddUsersToEncryptedFile(). One of the parameters required is PENCRYPTION_CERTIFICATE_LIST pUsers. I don't know how to provide the correct input for this parameter. Can you help me on this problem?

As the name implies, the AddUsersToEncryptedFile API function adds user keys to a specified encrypted file. I've not personally used this API, but according to the Microsoft documentation, the syntax for this API is:

DWORD AddUsersToEncryptedFile(
  LPCWSTR lpFileName,                  // file name
  PENCRYPTION_CERTIFICATE_LIST pUsers  // user keys
);

lpFileName is a pointer to a null-terminated Unicode string that specifies the name of the encrypted file.

pUsers is a pointer to a certificate list structure that contains the list of new user keys to be added to the file (so you can do more than one at a time).

The ENCRYPTION_CERTIFICATE_LIST looks like this:

typedef struct _ENCRYPTION_CERTIFICATE_LIST {
  DWORD nUsers;
  PENCRYPTION_CERTIFICATE *pUsers;
} ENCRYPTION_CERTIFICATE_LIST, *PENCRYPTION_CERTIFICATE_LIST;

nUsers is the number of certificates in the list and pUsers is a pointer to the first encryption certificate structure in the list. But wait, we are not done yet! The ENCRYPTION_CERTIFICATE has the following structure:

typedef struct _ENCRYPTION_CERTIFICATE {
  DWORD cbTotalLength;
  SID *pUserSid;
  PEFS_CERTIFICATE_BLOB pCertBlob;
} ENCRYPTION_CERTIFICATE, *PENCRYPTION_CERTIFICATE;

In this structure, the cbTotalLength is the length of the structure (bytes) and the pUserSid is the SID (security identifier) of the user who owns the certificate. EFS_CERTIFICATE_BLOB is the structure where you define the certificate encoding type. The values can be:

CRYPT_ASN_ENCODING
CRYPT_NDR_ENCODING
X509_ASN_ENCODING
X509_NDR_ENCODING

Hope this helps.

This was first published in February 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: