2.2.7 EFS ECC Self-Signed Certificate Algorithm Identifier
Key: Software\Policies\Microsoft\Windows NT\CurrentVersion\EFS
Value: "SuiteBAlgorithm" or one of the special values in [MS-GPREG] section 3.2.5.1.
Type: REG_SZ.
Size: Equal to size of the Data field.
Data: A variable-length, null-terminated Unicode string. This setting specifies the algorithm that EFS uses when generating an ECC self-signed certificate. Such a certificate is generated when a user with no existing EFS keys attempts to create a new encrypted file or to convert an existing plain text file to encrypted form, and EFS fails to enroll the user for a suitable certificate from a certificate authority (CA).
Implementations SHOULD<9> choose to support this option. If this option is supported, the flag to disable self-signed certificates (defined as 0x00000004 in section 2.2.3) MUST be supported.
An implementation that supports this option MUST support the following identifiers.
|
Algorithm Identifier |
Description |
|---|---|
|
"ECDH_P256" |
The 256-bit prime elliptic curve Diffie-Hellman key exchange algorithm. |
|
"ECDH_P384" |
The 384-bit prime elliptic curve Diffie-Hellman key exchange algorithm. |
|
"ECDH_P521" |
The 521-bit prime elliptic curve Diffie-Hellman Key exchange algorithm. |
If the client supports this option but the option is not present, the client SHOULD use the default value "ECDH_P256".