2.2.19 ENCRYPTION_PROTECTOR

The ENCRYPTION_PROTECTOR type is used to represent a single DPAPI-NG protector<30>, as specified in sections 2.2.2.2.5 and 2.2.2.2.9, or a Rights Management Services-based protector as specified in section 2.2.2.3.

 typedef struct _ENCRYPTION_PROTECTOR {
   DWORD cbTotalLength;
   RPC_SID* UserSid;
   [string] wchar_t* lpProtectorDescriptor;
 } ENCRYPTION_PROTECTOR, * PENCRYPTION_PROTECTOR;

cbTotalLength: The length, in bytes, of the structure.

UserSid: The SID of the user who owns the key. This is intended as a hint only. It MAY be set to zero if no such hint is available. The structure of an RPC SID is as specified in [MS-DTYP] section 2.4.2.3.

lpProtectorDescriptor: A string that contains a protector rule associated with the key. It MUST be non-NULL, non-empty, and otherwise follow the format rules for the ProtectorDescriptor field specified in section 3.1.4.2.19.