Backup and Restore of Encrypted Files

The Encrypting File System (EFS) filters the opening of an encrypted file in such a way that the application that opened the file gets access to the unencrypted information, provided of course it has the proper credentials to access the file and get the key necessary to decrypt the file. Subsequent read operations on this file will yield unencrypted text. This is very desirable for typical access to encrypted files, and keeps the encryption and decryption of the files transparent. However, it hinders backup of encrypted files, because if backup is attempted with the standard file I/O calls like CreateFile, ReadFile, and WriteFile, the files backed up will be the plain text version.

The raw encryption functions are provided to solve this problem. Backup applications are a primary intended user for these functions. Raw encryption functions differ from other file system functions in that open, read, and write functions allow access to the raw encrypted data streams and also allow reading/writing of the $EFS stream. Therefore, the caller of the raw encryption functions does not need access to the cryptographic keys that decrypt the file. The following raw encryption APIs are available for use with backup and restore applications: