2.5.4.2 Encrypt a File
Goals
Encrypt a file.
Context of Use
The file owner is encrypting a file.
Actors
Admin Tool: A Microsoft Management Console (MMC) component, which is used by the administrator to configure the storage on the server.
Admin Client: The Admin Client is the primary actor. The Admin Client is code that is running on the administrator's computer. The Admin Client implements client-side protocol components and consumes the storage services that are offered by the storage server. The Admin Client's interest is to correctly interpret, execute, and display the results of the commands that are issued by the administrator.
EFS service: The Encrypting File System service is the server-side implementation of the protocol described in [MS-EFSR].
Stakeholders
File owner: The user who is the owner of the file that needs to be encrypted.
Preconditions
The file owner user has identified the file that needs to be encrypted.
The file owner user has the required EFS certificates.
Main success scenario
Trigger: The file owner requests to encrypt a file by using the Admin Tool.
The Admin Tool requests that the Admin Client establish a communication channel to the EFS service of the Storage Services protocols.
The Admin Client contacts the EFS service to query information about the keys that are used to encrypt the file by using the EfsRpcFileKeyInfo method, as described in [MS-EFSR] section 3.1.4.2.12.
The EFS service responds with the required keys information.
The Admin Client contacts the EFS service to encrypt the file by using the EfsRpcEncryptFileSrv or EfsRpcEncryptFileExSrv method, as described in [MS-EFSR] sections 3.1.4.2.5 and 3.1.4.2.19.
The EFS service encrypts the requested file.
Postcondition
The required encryption of the file has finished successfully.
Extensions
If the communication channel for the Encrypting File System Remote (EFSRPC) Protocol cannot be established, or it becomes disconnected, the Admin Client attempts to establish a connection multiple times until it fails. Whether the required encryption of the file has finished or not depends on when the connection failed.