2.2.2.1.2 Key List Entry
Each individual Key List Entry MUST be formatted as follows.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Length |
|||||||||||||||||||||||||||||||
|
Offset to Public Key Information |
|||||||||||||||||||||||||||||||
|
Encrypted FEK Length |
|||||||||||||||||||||||||||||||
|
Offset to Encrypted FEK |
|||||||||||||||||||||||||||||||
|
Flags |
|||||||||||||||||||||||||||||||
|
Data Fields (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Length (4 bytes): MUST be equal to the length of this key list entry in bytes. It MUST be a 32-bit unsigned integer in little-endian format.
Offset to Public Key Information (4 bytes): MUST contain the offset to the Public Key Information field in bytes from the start of this entry. It MUST be a 32-bit unsigned integer in little-endian format. The Public Key Information field MUST be completely contained inside the Data Fields.
Encrypted FEK Length (4 bytes): MUST be set to the length of the data in the Encrypted FEK field, in bytes. It MUST be a 32-bit unsigned integer in little-endian format.
Offset to Encrypted FEK (4 bytes): MUST contain the offset to the Encrypted FEK field, in bytes from the start of this entry. It MUST be a 32-bit unsigned integer in little-endian format. The Encrypted FEK MUST be completely contained inside the Data fields.
Flags (4 bytes): This field MUST indicate the algorithm used to encrypt the FEK in this key list entry. It MUST be a 32-bit unsigned integer in little-endian format. EFSRPC servers SHOULD support all the values listed below, and MUST ignore any unsupported values.
-
Value
Meaning
0x00000000
The Encrypted FEK field is encrypted using RSA, with a public key belonging to a user or DRA.
0x00000001
The Encrypted FEK field is encrypted using AES-256, with a key that is obtained by signing the non-terminated Unicode string "MICROSOFTE" (20 bytes long) with the user's RSA and computing the SHA-256 hash of the result.
This value is used when a user's private key is stored on a smart card to improve performance by minimizing the number of smart card accesses.<10>
Data Fields (variable): This field MUST contain the following items, in any order, at the locations indicated by the respective Offset fields previously listed. These items MUST be completely contained inside this field and MUST NOT overlap each other. There MUST NOT be unused areas within this field spanning more than 8 contiguous bytes.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1Public Key Information (variable)
...
Encrypted FEK (variable)
...
-
Public Key Information (variable): This field MUST contain information about the X.509 certificate that contains the RSA public key, which is used to encrypt the Encrypted FEK field. It MUST be formatted as specified in section 2.2.2.1.3.
-
Encrypted FEK (variable): This field MUST contain information about the FEK, encrypted as indicated by the contents of the Flags field. It MUST be formatted as specified in section 2.2.2.1.5.