4 Protocol Examples
This section contains a complete example of how EFSRPC is used. In the following example, a user (User) uses a Windows XP client to encrypt a file on a Windows SMB file server (Server1). The User then gives a colleague (Colleague) authorized access to this file, and requests one of the employees (Employee) to place the file on a second Windows SMB file server (Server2) so that the Colleague can access it.
Before starting this process, the User has obtained the Colleague's user certificate through some implementation-specific method. The User has also imported that certificate into the certificate stores on both the client computer and Server1. No explicit action from the User or Colleague is required for this step if User and Colleague are members of the same Active Directory domain and the domain has been configured to automatically publish users' EFS user certificates to the Active Directory.
First, the User creates a file with the information he wants to share and places it on Server1. He then accesses the file's properties through the Windows Explorer user interface and marks the file as encrypted. This causes Windows Explorer to send an EfsRpcEncryptFileSrv message to Server1, and as a result the EFSRPC server encrypts the file located on Server1's disk to allow access to the file by the User alone. The User has now created an encrypted file on Server1 using EFSRPC.
To give the Colleague authorized access to this newly encrypted file, the User accesses the file's properties once more through Windows Explorer, and examines the list of user certificates that are authorized to decrypt the file. This causes Windows Explorer to send an EfsRpcQueryUsersOnFile message to the server to retrieve the list of authorized user certificates. After this call succeeds, Windows Explorer retrieves the list of authorized DRAs for the file by sending an EfsRpcQueryRecoveryAgents message to the server. The authorized user certificates and DRAs are then displayed in the user interface. The User can now see that he or she is currently the only user authorized to access the file.
The User then accesses the user interface to select the Colleague's user certificate, and chooses to authorize this user certificate to access the file. The Windows Explorer user interface sends an EfsRpcAddUsersToFile message to the server, which processes the request successfully. The Windows Explorer user interface once again sends an EfsRpcQueryUsersOnFile message and an EfsRpcQueryRecoveryAgents message to the server. The results are displayed to the User. The User can now see that both the Colleague and the User are authorized to access the file.
The User then leaves instructions with the Employee to transfer the file to another server, so that the Colleague can more easily obtain it. (The Employee has backup permissions on Server1 and restore permissions on Server2, but does not have a user or DRA private key that would allow authorized access to the encrypted file.) The Employee runs the ntbackup.exe utility to create a backup of the file from Server1 on the client machine. The ntbackup.exe utility sends an EfsRpcOpenFileRaw message to Server1. When Server1 responds successfully, the ntbackup.exe utility sends an EfsRpcReadFileRaw message to Server1 and writes the data returned over the associated pipe to a file on the Employee's client computer. When Server1 indicates that the end of the file has been reached, the ntbackup.exe utility sends an EfsRpcCloseRaw message to the Server1. At this point, the Employee has a file on the client computer that contains the encrypted file from Server1 in the EFSRPC Raw Data Format.
To complete the transfer of the encrypted file from Server1 to Server2, the Employee runs the ntbackup.exe utility again. This time, ntbackup.exe is invoked to restore the file on to Server2 from the backup file on the Employee's client computer. The ntbackup.exe utility sends an EfsRpcOpenFileRaw message to Server2. After receiving a successful response from Server2, the ntbackup.exe utility sends an EfsRpcWriteFileRaw message to Server2. The ntbackup.exe utility reads the data from the EFSRPC Raw Data Format file and sends that data over the pipe associated with the EfsRpcWriteFileRaw message. When the end of the EFSRPC Raw Data Format file has been reached, the ntbackup.exe utility flushes the pipe by performing a 0-byte write, and sends an EfsRpcCloseRaw message to Server2.
Now, the encrypted file has been recreated on Server2. The Colleague can access this file using SMB and work with it as needed. The User has successfully utilized EFSRPC to allow the Colleague access to a critical file, using only secure EFSRPC methods.