RE: Getting a Symmetric Key From Windows



I did some more research and what I want to do is a lot like the Encrypting
File System (EFS) on NTFS. Documentated best here:

http://en.wikipedia.org/wiki/Encrypting_File_System

What I would like to do is get the File Encryption Key, or FEK and the
public key that is associated with the user who encrypted the file (unnamed
in the wikipedia article). If I can't get the FEK that is used in EFS I
could create my own, however I would need to do it at the domain level so I
could share across machines in that domain. However, getting the users
public key is probably the trick here.

Just to note, I am creating my own virtual user space file strore and not
using NTFS, so I can't use the RAW APIs which are one directional.

-Wayne


.



Relevant Pages

  • Re: Encryption Across Network File Shares
    ... the user should be able to decrypt and work on the EFS files. ... for Delegation" and the user that is encrypting/decrypting will have to be ... certificate/private key into your domain account, by encrypting a file ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Encryption Across Network File Shares
    ... The computer with the share that you want to contain EFS files and the ... certificate/private key into your domain account, by encrypting a file while ... "Rick Blake" wrote in message ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS Certificate Needed
    ... Backup and save on non-degrading media the EFS DRA .pfx file ... Foe sure I will follow "Windows Recommendations". ... that recovery agent will only have ... Best practices for the Encrypting File System ...
    (microsoft.public.security)
  • Re: EFS Certificate Issue
    ... It's most useful for EFS certs when users have roaming profiles. ... user's Personal cert store, ... >> Keys are stored in a user's profile. ... >> generate) another keypair when encrypting a file. ...
    (microsoft.public.win2000.security)
  • Re: More CryptImportKey/NTE_BAD_KEY issues
    ... > generate and maintain a selection of keys to be kept within our own keystore ... > for encrypting this data. ... >> key is apparently a public key that correspond to private key stored on ... >> computer A in a key container that you are opening with CryptAcquireContext ...
    (microsoft.public.platformsdk.security)