Structure of an Encrypted File

There are a number of standard formats for encrypted files and messages. These are designed to make it easier for different applications to communicate. An explanation of these formats falls outside the scope of this document. For a list of additional reading material, refer to Related Documentation.

After a file or message has been encrypted, the following data must be stored by the application and is usually kept bundled together:

• The encrypted data. When a block cipher is used, the data is padded out to a multiple of the cipher's block size. Padding is often added even when the original message is already an even multiple. When a stream cipher is used, the encrypted data is generally the same size as the original plaintext.
• One or more key blobs, each containing the session key used to encrypt the message. Each of these key blobs is encrypted with the key exchange public key of a user who will later decrypt the data. Note that these are not stored if the key was derived from a password. Instead, when it is time to decrypt the message, the session key is recreated from the password. The password itself must be remembered by the user.
• Any salt values that were specified as the data was being encrypted. When the data is decrypted, these values will have to be specified (by using the CryptSetKeyParam function) in the same manner as the data encryption process.
• Any initialization vectors that were specified as the data was being encrypted. These values are handled in much the same way as the salts.

All parameters that were specified with the CryptSetKeyParam function as the message was being encrypted must also be specified as the message is decrypted. It may be appropriate to store some of these parameters with the encrypted message as well.