2.2.1.2.2 EfsKey

The EfsKey packet contains an EFS key.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Length1

Length2

SID offset

Reserved1

Certificate length

Certificate offset

Reserved2

...

SID (variable)

...

Certificate

Length1 (4 bytes): This field MUST be equal to the length of the key structure in bytes, as measured from the beginning of the Length1 field to the end of the Certificate field. This field MUST be a 32-bit unsigned integer in little-endian format.

Length2 (4 bytes): This field MUST be equal to the length of the key structure in bytes, as measured from the beginning of the Length2 field to the end of the Certificate field. This field MUST be a 32-bit unsigned integer in little-endian format. Note that the value of Length2 is always four bytes less than the value of Length1. This redundancy is due to historical reasons.

SID offset (4 bytes): This field MUST be equal to the offset of the SID field in bytes, starting from the beginning of the Length2 field. This field MUST be a 32-bit unsigned integer in little-endian format.

Reserved1 (4 bytes): This field MUST be set to 0x02 0x00 0x00 0x00. This field MUST be a 32-bit unsigned integer in little-endian format.

Certificate length (4 bytes): This field MUST be equal to the length of the Certificate field in bytes. This field MUST be a 32-bit unsigned integer in little-endian format.

Certificate offset (4 bytes): This field MUST be equal to the offset of the Certificate field in bytes, starting from the beginning of the Length2 field. This field MUST be a 32-bit unsigned integer in little-endian format.

Reserved2 (8 bytes): All bits within this field SHOULD be set to zero. The client MUST ignore any nonzero values.

SID (variable): (Optional field.) This field MAY<1> contain the security identifier (SID) of a valid user within the domain. When set to a nonzero value, this field is intended to be used as a hint indicating which user created the key, and it does not affect the protocol processing at either the client or the server, as specified in [MS-DTYP] section 2.4.2.

Certificate (4 bytes): This field MUST contain the ASN.1 representation, in DER encoding, of an X.509 certificate from among the EFS recovery agent certificates described earlier.