How can one decrypt an encypted file without modifying file timestamp?

[Enquiring Mind]

Hi,

I have a desktop computer and a laptop computer both running Windows XP with
NTFS file system. On the desktop I have an encrypted folder containing
several files. I need to make a copy of the encrypted folder on the laptop.
I copy the source folder to the Shared Documents folder of the desktop
computer, then I would like to copy it from there to the My Documents folder
of the laptop. The laptop and the desktop are networked together, of course.

The problem is this. If the folder in the Shared Documents folder is still
encrypted, it cannot be copied to the laptop's My Documents folder. However
if you decrypt the folder to enable it to be copied, all the file timestamps
are changed to the time the folder is decrypted. But I want the original
time stamp to be retained, because the unencrypted *source* data in the
folder files has not been modified by the operation. Any suggestions how
this can be done?

TIA,

Enquiring Mind

 

[Enquiring Mind]

Well, if you have Cygwin installed, just make a small file with the
timestamp
you want and set the files you want with that timestamp

Many thanks for the guidance. What you seem to be saying is that it's not
possible to do what I wish to do using the XP OS GUI commands alone. It's
necessary to write a couple of scripts to accomplish the task (one for each
computer).

The steps the scripts would have to perform would seem to be:
1.Save the file date and time stamps for all the files in the encrypted
directory in the source computer in a temporary file.
2.Decrypt the files
3. Copy the unencrypted files and the temporary timestamp file to the
destination folder on the destination computer.
4. Encrypt the files on the destination folder (using a possibly different
login password).
5. Reinstate the date and time stamps by retrieving them from the temporary
file and assigning them to the appropriate files.

As I am not a Linux user myself, I could not use the shell commands in your
sample scripts. I presume that there are equivalent Windows shell commands
that do more or less the same. Alternatively one could write a little
utility to accomplish the task.

Any comments?

Regards,

EM

 

[Twayne]

Hi,

I have a desktop computer and a laptop computer
both
running Windows XP with NTFS file system. On the
desktop
I have an encrypted folder containing several
files. I
need to make a copy of the encrypted folder on
the
laptop. I copy the source folder to the Shared
Documents
folder of the desktop computer, then I would
like to copy
it from there to the My Documents folder of the
laptop.
The laptop and the desktop are networked
together, of
course.
The problem is this. If the folder in the Shared
Documents folder is still encrypted, it cannot
be copied
to the laptop's My Documents folder. However if
you
decrypt the folder to enable it to be copied,
all the
file timestamps are changed to the time the
folder is
decrypted. But I want the original time stamp to
be
retained, because the unencrypted *source* data
in the
folder files has not been modified by the
operation. Any
suggestions how this can be done?
TIA,

Enquiring Mind

You could try zipping the files maybe? Most zip
programs allow you to zip and encode at the same
time. The date/times inside a zip file remain and
aren't affected, so there at least is one location
for the dates to remain the same.

Aside, just in case:
BTW, if you're using XP encryption methods, you do
know that you must export and record your crypt
keys, right? Without them, a move to another
drive, a reinstall on the original drive, etc.
etc., will render them unreadable and
unrecoverable; permanently.

 

[Enquiring Mind]

You could try zipping the files maybe? Most zip programs allow you to zip
and encode at the same time. The date/times inside a zip file remain and
aren't affected, so there at least is one location for the dates to remain
the same.

Aside, just in case:
BTW, if you're using XP encryption methods, you do know that you must
export and record your crypt keys, right? Without them, a move to another
drive, a reinstall on the original drive, etc. etc., will render them
unreadable and unrecoverable; permanently.

I was aware that this is recommended, but I have never got round to doing
it. I had a quick look at the Windows help files, and the process seems to
be quite complex. It's beginning to dawn on me that it's perhaps better
*not* to use the NTFS encryption facilities at all, due to the difficulty of
synchronizing encrypted files between different computers, and the risk of
data loss if the private keys are not safely and permanently stored in a
place away from the computer.

If I were to change policy and decrypt all my encrypted folders in order to
avoid the chore of private key management using MMC etc., all my files would
lose their original datetime stamp (unless saved along the lines suggested
by Ron) - not very clever!

It would be nice if there were a plug-in that enables a folder to be
encrypted using a key that the user has to enter every time he/she wishes to
access a file in the folder. This would enable the same encrypted files to
be accessed on any computer by a user that knows the key. The encrypted
files could then be exposed in share folders and sent over an insecure
network without any need for temporary decryption/encryption.

Regards,

EM

 

[M.I.5¾]

Hi,

I have a desktop computer and a laptop computer both running Windows XP
with NTFS file system. On the desktop I have an encrypted folder
containing several files. I need to make a copy of the encrypted folder on
the laptop. I copy the source folder to the Shared Documents folder of the
desktop computer, then I would like to copy it from there to the My
Documents folder of the laptop. The laptop and the desktop are networked
together, of course.

The problem is this. If the folder in the Shared Documents folder is still
encrypted, it cannot be copied to the laptop's My Documents folder.
However if you decrypt the folder to enable it to be copied, all the file
timestamps are changed to the time the folder is decrypted. But I want the
original time stamp to be retained, because the unencrypted *source* data
in the folder files has not been modified by the operation. Any
suggestions how this can be done?

You should be able to *copy* the encrypted folder without dectrypting it.

 

[Enquiring Mind]

You should be able to *copy* the encrypted folder without dectrypting it.

The experience I recently had is that you can copy an encrypted file if you
are logged in as the user that originally checked the "Encrypt contents to
secure data" checkbox in the file properties sheet, but not if you are
logged in as a different user on another computer in the same network. Thus
if the source encrypted file is in the "My Documents" folder of user "Peter"
on computer A, Peter after logging in can copy the file to the "Shared
Documents" folder of computer A. If Peter then logs into computer B, and
tries to copy the encrypted file from computer A's "Shared Documents" folder
to his "My Documents" folder on computer B, the operation is prohibited,
even if he uses the same password on both computers. This seems to make
sense because each computer probably uses a different key for user Peter,
therefore the encrypted file would be different on each computer.

Is that the case or was I probably doing something wrong along the way?

Regards,

EM

 

[Twayne]

in message

The experience I recently had is that you can
copy an
encrypted file if you are logged in as the user
that
originally checked the "Encrypt contents to
secure data"
checkbox in the file properties sheet, but not
if you are
logged in as a different user on another
computer in the
same network. Thus if the source encrypted file
is in the
"My Documents" folder of user "Peter" on
computer A,
Peter after logging in can copy the file to the
"Shared
Documents" folder of computer A. If Peter then
logs into
computer B, and tries to copy the encrypted file
from
computer A's "Shared Documents" folder to his
"My
Documents" folder on computer B, the operation
is
prohibited, even if he uses the same password on
both
computers. This seems to make sense because each
computer
probably uses a different key for user Peter,
therefore
the encrypted file would be different on each
computer.
Is that the case or was I probably doing
something wrong
along the way?
Regards,

EM

I think that's the case, but this is where having
the exported keys comes into play. With them, the
process can then be made to work. The keys of
course should NOT be left resident on that
computer.

Note: If you don't yet have those exported keys,
EVERY single bit of encrypted data is seriously at
risk!
Either do the export, or unencrypt them and
find some 3rd party app to do it for you. Won't
be quite as secure, obviously, but it may well
suffice for your purposes.

Any disk drive is simply something waiting for a
problem to quit working. It WILL happen anytime
between a second ago and the next few years. It's
a dangerous gamble, IMO.

BTW, there are also "touch" programs that can set
the dates on files/folders for you. Look for one
that can use batch mode if you have many of them.

WinZip can compress/encrypt with a password all in
one pass, too. That may work for you. Not sure
WinZip is free anymore; heard the free version was
cancelled.

HTH

Twayne