'Re: I owe you a treat !!!!! ---->>>>EFS, $EFS and FEK blues'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: I owe you a treat !!!!! ---->>>>EFS, $EFS and FEK blues
From:       Raman Nagpal <ramannagpal () HOTMAIL ! COM>
Date:       1999-08-31 21:50:19
[Download RAW message or body]


Thanks a lot ... lot for such a prompt reply. I am going ahead with your
guidelines and will stay in touch.

In fact if I was any where close to Seattle, you could have had a treat by
now!!!!

Raman Nagpal.

>From: "Jeff Spelman (Exchange)" <jeffspel@EXCHANGE.MICROSOFT.COM>
>Reply-To: Microsoft Cryptographic API <CryptoAPI@DISCUSS.MICROSOFT.COM>
>To: CryptoAPI@DISCUSS.MICROSOFT.COM
>Subject: Re: EFS, $EFS and FEK blues
>Date: Tue, 31 Aug 1999 09:09:25 -0700
>
>Raman
>Problem 1
>   It sounds to me like the second call to CryptGetProvParam is updating
>the
>length of the buffer you are passing to the third call, and this buffer
>length is not long enough.  What you should do is make the call with
>CRYPT_FIRST and NULL as the pbData, this should give you the max container
>name length.  Then alloc the buffer and set the length to this max length
>before each call to CryptGetProvParam in the loop.
>
>Problem 2
>   In order to export a PRIVATEKEYBLOB the key must have been generated
>with
>the CRYPT_EXPORTABLE flag.  The error you are receiving indicates that the
>private key was designated as not exportable when it was generated.
>
>Thanks Jeff
>
>-----Original Message-----
>From: Raman Nagpal [mailto:ramannagpal@HOTMAIL.COM]
>Sent: Tuesday, August 31, 1999 5:08 AM
>To: CryptoAPI@DISCUSS.MICROSOFT.COM
>Subject: Re: EFS, $EFS and FEK blues
>
>
>Jeff,
>
>I'm very thankful to you for providing us with some authoritative insight
>into the EFS details. We were more than delighted to see your emphatic
>reply.
>
>Actually we had reasons to believe that multiple users could be added to a
>file since Platform SDK Beta 3, mentions some APIs to do this:
>Add/RemoveUsersToEncryptedFile(). These supposedly add FEKs encrypted by
>Users’ public keys to the DDFs (Data Decryption Field) in $EFS.
>
>It seems, however, that this is either not yet supported or I’m
>interpreting
>it wrongly. Kindly provide some insight if possible.
>
>We would also like to know your ideas about two of our other problems which
>are even more critical than the preceding one. I wish you could provide
>some
>help:
>
>1. As you might know, we are still having some problems with enumerating
>all
>the containers on the system. We are able to enlist 2-3 but not all.
>
>(i) I actually call CryptAcquireContext with NULL as Provider & Container
>for defaults, & CRYPT_VERIFYCONTEXT in dwFlags.
>(ii) The handle is acquired.
>(iii) I pass the handle to CryptProvParam with PP_CONTAINER to get the
>default          container name.
>(iv) I then call it again to enumerate the first container with
>ENUM_CONTAINERS & CRYPT_FIRST.(first with NULL for container name to get
>its
>length, then after allocating space, again with the allocated buffer for
>container name)
>(v) Then I call it in while loop with ENUM_CONTAINERS & 0(for flags.
>CRYPT_MACHINE_KEYSET returns ‘invalid flags specified’ error:0x80090009).
>(vi)Now this goes well for 2 containers. I get them enlisted, acquire
>contexts for them by calling CryptAcquireContext, get their key pair
>handles
>by calling CryptGetUserKeys. The third one although passes the length of
>container successfully returns a 0x103:More Data available error. I tried
>it
>with allocating memory even up to 10mB, it still does that.
>
>Here gentleman the program fails.
>
>The second problem is to do with creation of Private Key Blobs.
>(i)I am able to create/export a public key blob of a containers public key.
>I can even import it to get a handle to the Public Key.
>(ii) If I however give this handle to naw create a Private Key Blob of a
>container. It gives either error:0x8009000b/3(‘Key not valid for use in
>specified state’/’Bad Key’).
>
>
>That’s it. Any help or query is most welcome.
>
>Thanks.
>
>
> >From: "Jeff Spelman (Exchange)" <jeffspel@EXCHANGE.MICROSOFT.COM>
> >Reply-To: Microsoft Cryptographic API <CryptoAPI@DISCUSS.MICROSOFT.COM>
> >To: CryptoAPI@DISCUSS.MICROSOFT.COM
> >Subject: Re: EFS, $EFS and FEK blues
> >Date: Mon, 30 Aug 1999 14:14:13 -0700
> >
> >Raman
> >
> >1) On Windows 2000 with EFS, only the user who encrypts the file and a
> >recovery agent may decrypt the file (as you have noticed).
> >
> >2) To enumerate key containers, you should use the PP_ENUMCONTAINERS
> >parameter value with CryptGetProvParam, most commonly used with a verify
> >context (NULL for the container name and CRYPT_VERIFYCONTEXT in the
>dwFlags
> >parameter).
> >
> >Thanks Jeff
>
>______________________________________________________
>Get Your Private, Free Email at http://www.hotmail.com
>
>----------------------------------------------------------------
>Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
>contains important info including how to unsubscribe.  Save time, search
>the archives at http://discuss.microsoft.com/archives/index.html
>
>----------------------------------------------------------------
>Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
>contains important info including how to unsubscribe.  Save time, search
>the archives at http://discuss.microsoft.com/archives/index.html
>

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic