Folder Encryption

  • Thread starter Thread starter SirThanxALot
  • Start date Start date
S

SirThanxALot

Dear all,

I want to protect a large number of files (say 3000) from unauthorised access.
With protect, I mean: kind of vanished.

As little as possible information should be given.
key factors:
- number of files
- the data in the files (of course)
- only accessible to a few own to-be-developped applications (in C#)
- easy to add/remove files

I think this is he equivalent of a virtual partition or disk image
that is mounted for an individual applicaton **instead of the windows file system**
If the 'image' is possible we would probably encrypt the files individually, however an entirely
encrypted image is also good.

Does anyone knows an API that implements this or something very similiar.
It may be a commercial package also, though an open source or code sample
is preferred.

Kind regards,
SirThanxaALot
 
SirThanxALot,

I don't think that what you want to do is possible with managed code.
Something like this, you would probably have to write some sort of driver
for.

You ^might^ be able to get away with a shell extension, but I dobut it.

I am curious, why not just use NTFS permissions to forbid access to the
directory that the files are in? This way, only authorized users can see
the contents of the directory.
 
I've heard of other folks doing similar things. You want to be able to
download files to the local hard drive but the contents of the files are
proprietary, and you don't want the users to know how to open and retrieve
their contents. This is essentially "security by obscurity."

If you want to hide some things use obscurity techniques, why not use
Isolated Storage? It gives you a "file system" that you can write to that
is not so obvious to your users...
http://msdn.microsoft.com/library/d...y/en-us/cpguide/html/cpconIsolatedStorage.asp

Also, perhaps it would be a good idea to pick the specific file with the
information that is fundamental to the success of your app, and encrypt it
in such a way as the user can decrypt it via your app into memory, where
your app uses it. Once again, the decryption key has to be secured, but as
long as you check the file for tampering (using a hash or a signature,
perhaps), then simply storing the decryption key within your application's
string table may be OK.

I hope this helps,

--
--- Nick Malik [Microsoft]
MCSD, CFPS, Certified Scrummaster
http://blogs.msdn.com/nickmalik

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a
programmer helping programmers.
 
I am curious, why not just use NTFS permissions to forbid access to the
directory that the files are in? This way, only authorized users can see
the contents of the directory.
Click to expand...

Well, the the software will run on remote client machines that are remote.
The company rents the pcs, but the clients have oncontrollable physical access
to it, so the can access the files, either by bypassing the Administrator account,
either by using the hard drive in another machine.

kind regards,
SirThanxALot
 
So your company controls the client pcs? That makes NTFS feasable. Did I
misunderstand?

If your company controls the systems, there is no reason to believe that,
just because the end users have physical access to the machines, that you
can't secure the files using NTFS. If you are using XP or Windows 2003 for
your client workstations, and the end user logs in with a non-administrator
account, then they won't be able to change those permissions. This is a
COMMON strategy in very large companies, where admin access is routinely not
granted to end users (to prevent installation of odd utilities, and lower
the incidence of viruses and other malware).

--
--- Nick Malik [Microsoft]
MCSD, CFPS, Certified Scrummaster
http://blogs.msdn.com/nickmalik

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a
programmer helping programmers.
--
 
Back
Top