2.2.2.2 EFSRPC Metadata Version 2
This metadata format is specified by an EFS Version of 4 or 5 in the EFSRPC metadata header<12>. This new metadata format is referred to as "Version 2" of the EFSRPC metadata, but do not confuse this with the EFS Version field specified within the metadata header. The format used for Version 2 EFSRPC metadata is significantly different from Version 1 described in section 2.2.2.1. Servers SHOULD support Version 2 of the EFSRPC Metadata.<13> A server that supports Version 2 of the EFSRPC Metadata MUST also fully support EFSRPC Metadata Version 1.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Length |
|||||||||||||||||||||||||||||||
Reserved1 |
|||||||||||||||||||||||||||||||
EFS_Version |
|||||||||||||||||||||||||||||||
Reserved2 |
|||||||||||||||||||||||||||||||
EFS_ID (16 bytes) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
DDF_Offset |
|||||||||||||||||||||||||||||||
DRF_Offset |
|||||||||||||||||||||||||||||||
FekInfo_Datum |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
Data_Fields (variable) |
|||||||||||||||||||||||||||||||
... |
Length (4 bytes): This field MUST contain a 32-bit unsigned integer equal to the length, in bytes, of the EFSRPC Metadata.<14>
Reserved1 (4 bytes): MUST be set to zero and ignored upon receipt.
EFS_Version (4 bytes): This field represents the highest EFS version supported by the implementation that created this metadata. It MUST be a 32-bit unsigned integer in little-endian format. It MUST be set to 0x00000004 for EFS Version 4 or 0x00000005 for EFS Version 5.
Reserved2 (4 bytes): MUST be set to zero and ignored upon receipt.
EFS_ID (16 bytes): A 16-byte GUID value that MUST be unique for the computer that created this metadata.
DDF_Offset (4 bytes): This field MUST contain the offset, in bytes, of the DDF protector list from the start of the EFSRPC Metadata. It MUST be a 32-bit unsigned integer in little-endian format. The DDF protector list lies completely within the Data Fields and does not overlap the DRF protector list (if present).
DRF_Offset (4 bytes): This field MUST contain the offset, in bytes, of the DRF protector list from the start of the EFSRPC Metadata. It MUST be a 32-bit unsigned integer in little-endian format. A zero value in this field indicates that the DRF protector list is absent and no DRAs have been applied to the file. If present, the DRF protector list MUST lie completely within Data_Fields and MUST NOT overlap the DDF protector list.
FekInfo_Datum (12 bytes): This field contains the encrypted Fek and the File IV. It also contains the ALG_ID for the Fek. The FekInfo_Datum MUST conform to the format described in section 2.2.2.2.8.
Data_Fields (variable): This field MUST contain the following two items in any order at the locations indicated by the respective Offset fields previously listed. Both items MUST conform to the protector list format specified in section 2.2.2.2.1. The DDF key list MUST NOT overlap with the DRF key list (if present).
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1DDF_protector_list (variable)
...
DRF_protector_list (variable)
...
-
DDF_protector_list (variable): This field MUST contain one or more entries, each of which consists of a key protector as specified in section 2.2.2.2.5. Each key protector in this list is protected with a user public key.
-
DRF_protector_list (variable): This MUST contain one or more entries, each of which consists of a key protector as specified in section 2.2.2.2.5. Each key protector in this list is protected with the public key of a DRA authorized to access the file. This MUST only be present if the value in the DRF offset field is nonzero.