I'm reading NTFS file encryption explanation from ntfs.com, and I think I have understood it quite well, except a baffle with a statement:
Protected Storage encrypts all private keys with Session Key, derived from 512 bit Master Key, and stores them in
%UserProfile%\Application Data\Microsoft\Crypto\RSA\User SID....
The overall security could be significantly enhanced by encrypting private keys with System Key. The syskey.exe utility can be used to store System Key on a floppy disk and remove it from computer.
I interpret the first half sentence as this: Windows does not store private keys's plain text, but store their cipher text, through some cipher algorithm with Session Key as the encryption key.
Then I have two questions.
One, is that cipher algorithm symmetric or asymmetric?
Two, whose private keys? I don't think it's a normal user's EFS certificate private key, then whose?
As far as I know, normal user's EFS private key is calculated from the very user's password hash and a pre-stored EFS-certificate-associated cipher text(please name it), which is not related to the Session Key.
