Support Encrypted Files |
Windows 2000 introduces the Encrypted File System (EFS) as a way to protect the privacy of user data. Users or administrators can selectively encrypt files and folders on NTFS 5 file systems. The encryption/decryption is totally transparent to the user, which means that your program needs to be smart in dealing with files.
There are a few things that your application must do to ensure this protection is not broken. The core Windows file APIs are aware of EFS and do the right thing. The EFS information is an attribute of the file. Typically this isn’t read when reading from the file. If your application were to read the file into memory and then write it to a temporary location, this information would be lost. Instead, use CopyFile and ReplaceFile. These APIs are EFS aware and will handle the encryption and decryption for you, as well as move the encryption information with the file. The encryption status of a file can easily be determined by using FileEncryptionStatus. Alternatively, call GetFileAttributes and examine the FILE_ATTRIBUTE_ENCRYPTED flag in the return value.
When making a file copy, always use CopyFile.
When moving a file, always use MoveFile.
When replacing a file, always use ReplaceFile.