3.1.4.2.8 Receiving an EfsRpcQueryRecoveryAgents Message (Opnum 7)

The EfsRpcQueryRecoveryAgents method is used to query the EFSRPC Metadata of an encrypted object for the X.509 certificates of the data recovery agents whose private keys can be used to decrypt the object.

 DWORD EfsRpcQueryRecoveryAgents(
   [in] handle_t binding_h,
   [in, string] wchar_t* FileName,
   [out] ENCRYPTION_CERTIFICATE_HASH_LIST** RecoveryAgents
 );

binding_h: This is an RPC  binding handle parameter, as specified in [C706] and [MS-RPCE] section 2.

FileName: An EFSRPC identifier as specified in section 2.2.1.

RecoveryAgents: A list of certificate hashes, represented by an ENCRYPTION_CERTIFICATE_HASH_LIST structure.

Return Values: The server MUST return 0 if it successfully processes the message received from the client. The server MUST return a nonzero value if processing fails.

If no object exists on the server with the specified name, or if the object exists and is not encrypted, the server MUST return a nonzero value. Otherwise, the server MUST read the object's EFSRPC Metadata and return a list of the hashes of all the DRA certificates that have access to the object in the RecoveryAgents parameter. The server MUST NOT include any certificates that were not added by virtue of being defined as DRAs in administrative policy. If no DRAs are defined on the object, the call MUST return success and this list MUST be empty.