Home > Articles > Operating Systems, Server > Microsoft Servers

  • Print
  • + Share This

KCS Keys

The file encryption key used for the DESX encryption must be stored along with the file so that the encrypting user can decrypt the file on demand. To protect the file encryption key, EFS uses an asymmetric cryptography protocol derived from public key cryptography standards, or PKCS, and licensed from RSA Technologies. This protocol involves the use of two keys:

  • Public key—Used to encrypt the FEK
  • Private key—Used to decrypt the FEK

The public key is freely available. In fact, EFS stores a copy of the public key right along with the file in a special structure called a data decryption field, or DDF. The DDF is stored using a new NTFS 5 record attribute called the Logged Utility Stream.

You don't really need to remember these acronyms. It's enough to know the following:

  • The key to unlock an encrypted file is stored along with the file.
  • The encrypted file must reside on an NTFS 5 volume.
  • The user's private key must be available to decrypt the file.
  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.