Encrption And Decrption of data in both Encrypted file system (EFS) and File Volume Encryption i.e. volume encrption using bitlocker RRS feed

  • Question

  • Hi all,

             I am doing the study on how encryption and decryption of the file are done in windows.i go through some pdf and articles and through that i come to know about EFS(encrypted file system) and FVE_FS(file volume encryption done through bitlocker).In windows 7 machine we all know about the file encryption facility provided in  the advance attribute for any file or folder.Internally each files data is protected or encrypted by key called FEK(file encrption key) using a symmetric key or public key alogorithm and again this key is encrypted using private key of user(may be user account password or digital certificate) and store this FEK in file record in file itself.for doing this there generates two files DDF(data Decryption Field ) and  DRF(data Recovery Field) now i want to decrypt  the data for that  NTFS actually identifies the files as being encrypted, and then submits a request for decryption through to the EFS drive The EFS driver next obtains the data decryption field (DDF) and sends it to the EFS service The EFS service obtains the private key of the user. It uses this key to decrypt the DDF Once the EFS service has decrypted the DDF and obtained the FEK, it sends the FEK on to the EFS driver The EFS driver utilizes the FEK it received from the EFS service to decrypt the data in the file The EFS driver then passes the decrypted data to NTFS.My question is how the EFS  driver obtains the data decryption field (DDF) ? Is there any library available in .net framework for  decryption of data ? Plese Help......








    Tuesday, September 4, 2012 6:34 AM


All replies