Encrypting File System (EFS) - Decryption Process

• When an application need to access the encrypted file, since the encryption attribute is set, NTFS hands over the data stream to Encrypting File System (EFS).

• Encrypting File System (EFS) then obtain the user's private key with the help of Microsoft Crypto Provider.

• File Encryption Key (FEK), which is stored in the Data Decryption Field (DDF) of the file, is decrypted using the user’s private key.

• The encrypted file is decrypted using the decrypted File Encryption Key (FEK) and then File Encryption Key (FEK) delivers the decrypted data to the application.