---
title: "Concepts"
slug: "filesystem-encryption-for-windows-concepts"
updated: 2026-04-01T08:09:46Z
published: 2025-07-17T17:30:06Z
canonical: "support.fortanix.com/filesystem-encryption-for-windows-concepts"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Concepts

The Fortanix-Data-Security-Manager (DSM) Filesystem Encryption solution, based on the open-source **cppcryptfs**, uses a daemon agent to manage mounting, encryption, decryption, and policy enforcement. This setup integrates seamlessly with existing applications, requiring no changes.

When using Dokany - a software interface similar to Filesystem in Userspace (FUSE) but designed for Windows, the filesystem controls all input and output operations. The Windows kernel routes these operations to the Fortanix DSM agent using the Dokany driver, which processes them according to the defined policies and communicates responses back to the application.

*To discover the architecture and key hierarchy of Filesystem Encryption on Windows, refer to*[*Filesystem Encryption for Windows as a Service - Concepts*](https://fortanix.zendesk.com/hc/en-us/articles/28826310416276-Filesystem-Encryption-for-Windows-as-a-Service-Concepts).

Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.