2.2.2.2.2 EFSX Datum
The EFSX Datum represents the base type for every datum within the Version 4 and Version 5 EFSRPC Metadata and MUST be formatted as follows.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
StructureSize |
Role |
||||||||||||||||||||||||||||||
|
Type |
Flags |
||||||||||||||||||||||||||||||
StructureSize (2 bytes): The size in bytes of the EFSX Datum. It MUST be a 16-bit unsigned integer in little-endian format.
Role (2 bytes): Specifies the EFSX Datum role. It MUST be a 16-bit unsigned integer in little-endian format.
-
Value
Meaning
0x0000
The EFSX Datum has no defined role.
0x0001
The EFSX Datum contains a reference to a user's certificate store. This reference could be, for example, a certificate hash or the public key from a certificate.
0x0002
The EFSX Datum contains data specific to a protector type. See section 2.2.2.2.5 for valid protector types and their associated protector data format.
0x0003
The EFSX Datum contains information that is suitable for user display. For example, this could be the user name associated with a protector.
0x0004
The EFSX Datum contains information that identifies a private key container.
0x0005
The EFSX Datum contains information that identifies the provider name of a CSP or KSP.
0x0006
The EFSX Datum contains a user SID.
0x0007
The EFSX Datum contains the encrypted File Master Key (FMK).
0x0008
The EFSX Datum contains a user's public key.
0x0009
The EFSX Datum contains an ephemeral public key.
0x000a
The EFSX Datum contains the encrypted File Encryption Key (FEK).
0x000b
The EFSX Datum contains the file Initialization Vector (IV).
0x000c
The EFSX Datum contains a protector descriptor string.<15> This datum role MUST only be used when EFS_VERSION is 5.
Type (2 bytes): Specifies the EFSX Datum type. It MUST be a 16-bit unsigned integer in little-endian format.
-
Value
Meaning
Reserved
0x0000
Reserved. Local use only.
EFSX_TYPE_BLOB
0x0001
The EFSX Datum MUST be formatted as specified in section 2.2.2.2.3.
EFSX_TYPE_DESCRIPTOR
0x0002
The EFSX Datum MUST be formatted as specified in section 2.2.2.2.4.
EFSX_TYPE_KEY_PROTECTOR
0x0003
The EFSX Datum MUST be formatted as specified in section 2.2.2.2.5.
EFSX_TYPE_PROTECTOR_INFO
0x0004
The EFSX Datum MUST be formatted as specified in section 2.2.2.2.6.
EFSX_TYPE_KEY_AGMT_DATA
0x0005
The EFSX Datum MUST be formatted as specified in section 2.2.2.2.7.
EFSX_TYPE_FEK_INFO
0x0006
The EFSX Datum MUST be formatted as specified in section 2.2.2.2.8.
EFSX_TYPE_DPAPI_NG_DATA
0x0007The EFSX Datum MUST be formatted as specified in section 2.2.2.2.9. This type MUST only be used when EFS_VERSION is 5.<16>
Flags (2 bytes): Specifies datum flags. It MUST be a 16-bit unsigned integer in little-endian format. The value of this field MUST be zero (0x0000) or a union of one or more of the following values.
-
Value
Meaning
0x0001
The EFSX Datum is nested inside a parent structure.
0x0002
The EFSX Datum is a complex datum containing nested datum structures.