3.2.4.4 R_SetData (Opnum 9)
The data value referenced by the pbMDData field of the METADATA_RECORD MUST be encrypted if the METADATA_SECURE attribute is set.
Check whether the dwMDAttributes member of the METADATA_RECORD structure has a METADATA_SECURE flag set.
If the METADATA_SECURE secure flag is set:
Negotiate the secure session (see section 3.1.4.1.1) if it was not negotiated yet.
Encrypt the data value based on the procedure described in section 3.1.4.1.2. The encrypted data blob will be stored in the IIS_CRYPTO_BLOB message format with the BlobSignature field set to ENCRYPTED_DATA_BLOB_SIGNATURE.
Set the pbMDData and dwMDDataLen fields in the METADATA_RECORD message (referenced by pmdrMDData). The pbMDData field MUST be updated to point to the IIS_CRYPTO_BLOB message built in the previous step. The dwMDDataLen field MUST be set to the total length in bytes of the IIS_CRYPTO_BLOB message built in the previous step.
If the METADATA_SECURE flag is not set, the cleartext data value will be referenced by the pbMDData field of the METADATA_RECORD message, and the dwMDDataLen field will be set to the length of that cleartext data.