[This is preliminary documentation and subject to change.]
Because backup operators typically do not have access to users' cryptographic keys, operators cannot encrypt and decrypt users' files. Therefore, backup operators must use raw mode to perform backup and restore operations on encrypted files. When reading in raw mode, the system returns the data in all streams as a single stream of encrypted bytes. When writing in raw mode, the caller must return the stream of encrypted bytes exactly as it was read. EFS reconstructs the encrypted file.
Raw file data does not contain security or property set information for the file. Backup operators must obtain and back up this information separately for encrypted files. Neither the security nor the property set information is encrypted, so it may be read and written as for any other file.
A backup application performing operations on an encrypted file must first call the OpenRaw function to get a system-defined context block. This context block is used as a parameter to the other raw-mode backup functions. To back up the file, make a single call to the ReadRaw function, providing the context block and a pointer to an export callback function. The system calls the callback function with blocks of file data until all data has been processed.
Restoring an encrypted file is similar to backing it up. To restore the file, make a single call to the WriteRaw function, providing the context block and a pointer to an import callback function. The system calls the callback function, and the application fills in file data until all data has been processed.
The OpenRaw, ReadRaw, and WriteRaw function parameters also include an application-defined context block. You can use this block for internal tracking of information, such as the file handle and the current offset in the file.
When the operation is complete call the CloseRaw function to free allocated system resources and close the file.