For each new file that's created, FESF calls the Client Solution's Policy DLL at its PolGetPolicyNewFile callback function to determine the Policy for that file. In other words, FESF calls the Policy DLL to determine whether the data written to the file should be encrypted. If the Solution indicates that the data should be encrypted, FESF next calls the Policy DLL's PolGetKeyNewFile to get the Header Data, Algorithm ID, and encryption Key data for the newly created file.
Using the provided Algorithm ID and Key, FESF transparently encrypts data written to the file and decrypts data read from the file. In addition, FESF adds control and consistency metadata information to the file, including the Client-defined Header Data, to enable later validation and decryption.
If the Policy DLL indicates the data should not be encrypted, FESF performs no additional processing on the file's data. The file's data is written without modification. The Policy DLL's PolGetKeyNewFile is not called, and FESF adds no additional information to this file.