When a Solution’s Policy DLL determines that a newly created file should be encrypted, FESF subsequently calls the Policy DLL’s PolGetKeyNewFile. In response to this callback the Policy DLL returns encryption key information, as well as an initial copy of Policy DLL defined Header Data for FESF to store with the newly created file.
The Policy DLL defined Header Data may contain any data the Solution may require to derive the encryption key information for the file on subsequent accesses. However, FESF will attempt to significantly optimize storage of Header Data that is “small.” FESF currently defines “small” as being less than 200 bytes in length. This value is subject to change in subsequent FESF releases, as is the manner and extent that FESF chooses to optimize storage for small files.
The only supported method for a Solution to retrieve or update the Header Data stored with an FESF encrypted file is by using documented functions, such as those supplied by FesfUtil2 (while FESF is installed) or FesfSa (when FESF is not installed on the system) and described later in this document.