As previously described, each time a new file is created, the Client Solution Policy DLL is called by FESF. If the Policy DLL indicates that data written to the newly created file should be encrypted, the Solution returns three things to FESF:
1. Header Data: This data – which is entirely defined by the Client Solution – will be stored by FESF in the newly created file exactly as provided by the Client Solution. This Header Data will be provided by FESF to the Client Solution whenever the file is subsequently opened and the key is required. The Header Data may contain any information useful to the Solution, with the restriction that having determined decrypted access is desired, the Solution must be able to derive the key data for the file given this Header Data.
2. Algorithm ID: This indicates which encryption algorithm (and associated properties) FESF will use to encrypt/decrypt the file's data.
3. Key: The key data to be used to encrypt and/or decrypt the file's data.
When an existing encrypted file is opened, the Client Solution Policy DLL is called with the path of the file being opened and the Header Data that was previously stored in the file (along with other data). This Header Data was supplied by the Solution when the file was created. Using this Header Data, the Client Solution is responsible for returning an Algorithm ID and Key Data for FESF to use to decrypt the file's data and encrypt any data that may be subsequently written to the file.