Compartir a través de


2.2.2.2.8 Fek Info Datum

 The Fek Info datum encapsulates the algorithm ID (ALG_ID) used for the FEK, the encrypted FEK, and the File IV. The FEK and File IV are both protected using advanced encryption standard (AES) keywrap, with the FMK as the wrapping key.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

EFSX_Datum

...

AlgorithmID

Data_Fields (variable)

...

EFSX_Datum (8 bytes): MUST be formatted as specified in section 2.2.2.2.2. The datum Type MUST be EFSX_TYPE_FEK_INFO (0x0006). The datum Flags SHOULD include 0x0002, indicating a complex datum.

AlgorithmID (4 bytes): The symmetric cryptographic algorithm associated with this key. It MUST be a 32-bit unsigned integer in little-endian format. Possible values are specified in section 2.2.13.

Data_Fields (variable): This field contains any number of nested EFSX_Datum structures. The nested datum structures MUST NOT overlap, and MUST be entirely contained within the Fek Info datum. This field MUST contain at least two datum structures of type EFSX_TYPE_BLOB (0x0001). These blobs MUST have Role fields set to 0x000a (for the encrypted FEK) and 0x000b (for the encrypted File IV), respectively. The BlobType for these blobs MUST be 0x0004, indicating that the blob data contains a key wrapped with an AES 256 key encryption key, as defined in [RFC3394].