As the name implies, the AddUsersToEncryptedFile API function adds user keys to a specified encrypted file. I've not personally used this API, but according to the Microsoft documentation, the syntax for this API is:
DWORD AddUsersToEncryptedFile( LPCWSTR lpFileName, // file name PENCRYPTION_CERTIFICATE_LIST pUsers // user keys );
lpFileName is a pointer to a null-terminated Unicode string that specifies the name of the encrypted file.
pUsers is a pointer to a certificate list structure that contains the list of new user keys to be added to the file (so you can do more than one at a time).
The ENCRYPTION_CERTIFICATE_LIST looks like this:
typedef struct _ENCRYPTION_CERTIFICATE_LIST {
DWORD nUsers;
PENCRYPTION_CERTIFICATE *pUsers;
} ENCRYPTION_CERTIFICATE_LIST, *PENCRYPTION_CERTIFICATE_LIST;
nUsers is the number of certificates in the list and pUsers is a pointer to the first encryption certificate structure in the list. But wait, we are not done yet! The ENCRYPTION_CERTIFICATE has the following structure:
typedef struct _ENCRYPTION_CERTIFICATE {
DWORD cbTotalLength;
SID *pUserSid;
PEFS_CERTIFICATE_BLOB pCertBlob;
} ENCRYPTION_CERTIFICATE, *PENCRYPTION_CERTIFICATE;
In this structure, the cbTotalLength is the length of the structure (bytes) and the pUserSid is the SID (security identifier) of the user who owns the certificate. EFS_CERTIFICATE_BLOB is the structure where you define the certificate encoding type. The values can be:
CRYPT_ASN_ENCODING
CRYPT_NDR_ENCODING
X509_ASN_ENCODING
X509_NDR_ENCODING
Hope this helps.
This was first published in February 2002
Join the conversationComment
Share
Comments
Results
Contribute to the conversation