PolicyEncrypter API

Last updated
Save as PDF

PolicyEncrypter API

This API is an alternative to the Script API for managing EgoSecure Full Disk Encryption installations.

The caller is responsible for generating correctly-structured unencrypted (plain) policies.

Because there are some values in policies which need to be converted to hashed values, the PolicyEnrypter API also converts passwords, keys, and APKEK values into the right format on-the-fly during encryption.

The following dynamic linked library contains the API:

PolicyEncrypter.dll

List of EgoSecure Public Report API functions

Header file	Method description
PolicyEncrypter.h	EncryptPolicy(const char szAdminPassword, POLICY_TYPE policyType, const char* szScriptPath, const char* szPolicyTargetPath)* Encrypt a policy file of the types FDE, PBA, or UPGRADE into the encrypted format. As described later, some values will be converted on-the-fly.

Header file

Method description

PolicyEncrypter.h

EncryptPolicy(const char* szAdminPassword, POLICY_TYPE policyType, const char* szScriptPath, const char* szPolicyTargetPath)

Encrypt a policy file of the types FDE, PBA, or UPGRADE into the encrypted format. As described later, some values will be converted on-the-fly.

Policy types

There are three different policy types:

FDE_POLICY
PBA_POLICY
UPGRADE_POLICY

For FDE and PBA policies the administration password parameter is not needed and should be set to NULL.

For generating upgrade policies, the administration password parameter is mandatory.

Policy syntax

Policy description and documentation is not part of this guide. There is an external document to cover this. Please contact the Matrix42 support if you need this.

Conversion Process

Because some values needed to convert into internal used Formats, the PolicyEncrypter API will change the following values on the fly during encryption:

Script value	Input format	Converted format
AdminPW	Encaplustated string	Hashed value in hexadecimal 2-tuple.
SafePassword	Encaplustated string	Hashed value in hexadecimal 2-tuple.
Key	Encaplustated string	Hashed value in hexadecimal 2-tuple.
Password	Encaplustated string	Hashed value in hexadecimal 2-tuple.
PublicKey	APKEK key: Plain APKEK string (32 characters). For example: 9015E3447A017DF2EDA6651164DE430.	Will be encrypted and included in hexadecimal format.
PublicKey	Helpdesk Key: Helpdesk key files are password encrypted. So, you must use the ConvertHDKey function from the PBA Script API to convert these files into a string, which can be added in the PublicKey field as it is.	Same as input format