Encryption Controls

NTFSD
2

Ken,

Both of these FSCTLs are private to the encryption engine and there is no documentation available for them. In fact all of the data in the input/output buffers is encrypted except for the EncryptionOperation field in the FSCTL_SET_ENCRYPTION fsctl. This is so you can see if the file is being encrypted or decrypted.

Even thought the original design would allow for some streams of a file to be encrypted and some not, today this is not supported. Today either all streams of a file or encrypted or no streams are encrypted (that is what the FILE_SET_ENCRYPTION and FILE_CLEAR_ENCRYPTION operations mean). You should never see the STREAM_SET_ENCRYPTION or STREAM_CLEAR_ENCRYPTION operations used.

Neal Christiansen
Microsoft File System Filter Group
?
This posting is provided “AS IS” with no warranties, and confers no rights.

-----Original Message-----
From: Ken Galipeau [mailto:xxxxx@legato.com]
Sent: Tuesday, May 07, 2002 11:33 AM
To: File Systems Developers
Subject: [ntfsd] Encryption Controls

Where can I find information on how these FSCTL’s are used.
?
FSCTL_ENCRYPTION_FSCTL_IO has no information other then its definition. There is no indication of the structure that it uses.
?
FSCTL_SET_ENCRYPTION is used to set and clear encryption, however I don’t understand how the stream subcommands works. Won’t it just operate on the file associated with the file object. Are they all?streams changed? Does the FILE_SET_ENCRYPTION only work on main data stream or all streams?
?
Thanks,
Ken
?

You are currently subscribed to ntfsd as: xxxxx@Windows.Microsoft.com
To unsubscribe send a blank email to %%email.unsub%%

3

Neal,
Thanks for the info. In playing with it I’ve found the
Irp->AssociatedIrp.SystemBuffer does not contain a pointer to
PENCRYPTION_BUFFER like control controls do. In fact it is NULL. Wher=
e do I
find the buffer?
Thanks,
Ken

-----Original Message-----
=46rom: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Neal Christianse=
n
Sent: Wednesday, May 15, 2002 1:55 AM
To: File Systems Developers
Subject: [ntfsd] RE: Encryption Controls

Ken,

Both of these FSCTLs are private to the encryption engine and there i=
s no
documentation available for them. In fact all of the data in the
input/output buffers is encrypted except for the EncryptionOperation =
field
in the FSCTL_SET_ENCRYPTION fsctl. This is so you can see if the fil=
e is
being encrypted or decrypted.

Even thought the original design would allow for some streams of a fi=
le to
be encrypted and some not, today this is not supported. Today either=
all
streams of a file or encrypted or no streams are encrypted (that is w=
hat the
FILE_SET_ENCRYPTION and FILE_CLEAR_ENCRYPTION operations mean). You =
should
never see the STREAM_SET_ENCRYPTION or STREAM_CLEAR_ENCRYPTION operat=
ions
used.

Neal Christiansen
Microsoft File System Filter Group
=A0
This posting is provided “AS IS” with no warranties, and confers no r=
ights.

-----Original Message-----
=46rom: Ken Galipeau [mailto:xxxxx@legato.com]
Sent: Tuesday, May 07, 2002 11:33 AM
To: File Systems Developers
Subject: [ntfsd] Encryption Controls

Where can I find information on how these FSCTL’s are used.
=A0
FSCTL_ENCRYPTION_FSCTL_IO has no information other then its definitio=
n.
There is no indication of the structure that it uses.
=A0
FSCTL_SET_ENCRYPTION is used to set and clear encryption, however I d=
on’t
understand how the stream subcommands works. Won’t it just operate on=
the
file associated with the file object. Are they all=A0streams changed?=
Does the
FILE_SET_ENCRYPTION only work on main data stream or all streams?
=A0
Thanks,
Ken
=A0

You are currently subscribed to ntfsd as: xxxxx@Windows.Microsoft.co=
m
To unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntfsd as: xxxxx@legato.com
To unsubscribe send a blank email to %%email.unsub%%