Share via

3.1.4.2.12 Receiving an EfsRpcFileKeyInfo Message (Opnum 12)

  • Article

The EfsRpcFileKeyInfo method is used to query and modify information about the keys used to encrypt a given object.

 DWORD EfsRpcFileKeyInfo(
   [in] handle_t binding_h,
   [in, string] wchar_t* FileName,
   [in] DWORD InfoClass,
   [out] EFS_RPC_BLOB** KeyInfo
 );

binding_h: This is an RPC binding handle parameter, as specified in [C706] and [MS-RPCE] section 2.

FileName: An EFSRPC identifier, as specified in section 2.2.1.

InfoClass: One of the values in the following table. With the exception of UPDATE_KEY_USED (0x00000100), a server SHOULD support all of these values. A server MAY choose to support UPDATE_KEY_USED.<46>

Value

Meaning

BASIC_KEY_INFO

0x00000001

Request information about the keys used to encrypt the object's contents. On success, the server will return the information in an EFS_KEY_INFO (2.2.14)structure in the KeyInfo parameter.

CHECK_COMPATIBILITY_INFO

0x00000002

Requests the EfsVersion for the encrypted file. On success, the server will return the information in an EFS_COMPATIBILITY_INFO structure in the KeyInfo parameter.

UPDATE_KEY_USED

0x00000100

Update the user certificates used to give a specific user access to an object. The server will populate the KeyInfo parameter with a zero-terminated, wide character Unicode string that contains a newline-separated list of names of objects successfully updated.

CHECK_DECRYPTION_STATUS

0x00000200

Request a hint from the server as to whether the given object could be successfully decrypted without further user intervention or higher-level events. The server will return this information in an EFS_DECRYPTION_STATUS_INFO structure in the KeyInfo parameter.

CHECK_ENCRYPTION_STATUS

0x00000400

Request a hint from the server as to whether the given object could be successfully encrypted without further user intervention or higher-level events. The server will return this information in an EFS_ENCRYPTION_STATUS_INFO structure in the KeyInfo parameter.

KeyInfo: Returned by the server, as previously specified.

Return Values: The server MUST return 0 if it successfully processes the message received from the client. The server MUST return a nonzero value if processing fails.

If no object exists on the server with the specified name the server MUST return a nonzero value.

If the InfoClass parameter is not equal to CHECK_ENCRYPTION_STATUS and the object with the specified name is not encrypted, the server MUST return a nonzero value.

If the value in the InfoClass parameter is unsupported by the server, the server MUST return a nonzero value.

If the value in the InfoClass parameter is equal to BASIC_KEY_INFO, the server SHOULD read the EFSRPC Metadata of the object referred to by the FileName argument and return information about its FEK in an EFS_KEY_INFO structure within the KeyInfo argument.

If the value in the InfoClass parameter is equal to UPDATE_KEY_USED, the implementation supports this value, and the FileName parameter does not satisfy the implementation-specific requirements for this operation<47>, the server MUST return a nonzero value.

If the value in the InfoClass parameter is equal to UPDATE_KEY_USED, the implementation supports this value, and the FileName parameter does satisfy all implementation-specific requirements, the server MUST update the EFSRPC Metadata of all the data objects referred by FileName in an implementation-specific way<48>, and return a newline-separated list of EFSRPC Identifiers thus updated in the KeyInfo parameter.

If the value in the InfoClass parameter is equal to CHECK_ENCRYPTION_STATUS, the server MUST return an EFS_ENCRYPTION_STATUS_INFO structure in the KeyInfo parameter, which provides a hint to the client what error code would be returned if encryption was attempted on this object without any further user interaction or higher-level events.

If the value in the InfoClass parameter is equal to CHECK_DECRYPTION_STATUS, the server SHOULD return ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION ([MS-ERREF] section 2.2). The server MAY, instead, return an EFS_DECRYPTION_STATUS_INFO structure in the KeyInfo parameter, which provides a hint to the client what error code would be returned if decryption were attempted on this object without any further user interaction or higher-level events.

If the value of the InfoClass parameter is equal to CHECK_COMPATIBILITY_INFO, the server MUST return an EFS_COMPATIBILITY_INFO structure in the KeyInfo parameter, which provides the EFSVersion of the EFSRPC metadata associated with the file.