Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Goals
Decrypt a file.
Context of Use
The file owner is decrypting a file.
Actors
Admin Tool: A Microsoft Management Console (MMC) component, which is used by the administrator to configure the storage on the server.
Admin Client: The Admin Client is the primary actor. The Admin Client is code that is running on the administrator's computer. The Admin Client implements client-side protocol components and consumes the storage services that are offered by the storage server. The Admin Client's interest is to correctly interpret, execute, and display the results of the commands that are issued by administrator.
EFS service: The Encrypting File System service is the server-side implementation of the protocol described in [MS-EFSR].
Stakeholders
File owner: The user who is the owner of the encrypted file that is required to be decrypted.
Preconditions
The file owner user has identified the encrypted file that is required to be decrypted.
The file owner user has the required EFS certificates.
Main success scenario
Trigger: The file owner requests to decrypt the encrypted file by using the Admin Tool.
The Admin Tool requests that the Admin Client establish a communication channel to the EFS service of the Storage Services protocols.
The Admin Client contacts the EFS service to query information about the keys that are used to encrypt the file by using the EfsRpcFileKeyInfo method, as described in [MS-EFSR] section 3.1.4.2.12.
The EFS service responds with the required keys information.
The Admin Client contacts the EFS service to decrypt the file by using the EfsRpcDecryptFileSrv method, as described in [MS-EFSR] section 3.1.4.2.6.
The EFS service decrypts the requested file.
Postcondition
The required decryption of the file has finished successfully.
Extensions
If the communication channel for the Encrypting File System Remote (EFSRPC) Protocol cannot be established, or it becomes disconnected, the Admin Client attempts to establish a connection multiple times until it fails. Whether the required decryption of the file has finished or not depends on when the connection failed.