Encryption Process
Every time EFS encrypts a file, it generates a random number to use as the DESX cipher. This file encryption key (FEK) is encrypted under a user's public key in the Data Decryption Field (DDF) and also under the Data Recovery Field (DRF), which is the recovery agent's public key, as shown in Figures 21.2.
Figure 21.2. EFS encryption flow chart.
In Windows 2000 you have two ways to encrypt a file (or directory): using the NT Explorer interface and checking the Encrypted dialog box in the advanced properties or using the Cipher, a command-line tool. Both of them call the EncryptFile Win32 API that the advanced Win32 API DLL ...
Get Microsoft® Windows® 2000 Security Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
