all,
on an efs enabled volume, is thr a way from user land to signal the os
NOT to encrypt a particular file. some flags in createfle maybe?
nothing illegal, just asking whether these is such a feature.
if not, is it possible thru kernel drivers without subventing the
rules? i need to store some meta data in a file which need to read
read from any os or boot device.
thanks
ab
–
On 6/9/2010 10:56 AM, amitr0 wrote:
all,
on an efs enabled volume, is thr a way from user land to signal the os
NOT to encrypt a particular file. some flags in createfle maybe?
nothing illegal, just asking whether these is such a feature.
You can not have some of the data encrypted while other portions not
encrypted, if that is what you are asking. I one point I played around
with preventing individual files from being encrypted by altering the fs
control behavior for the given file, I ended up not going that route.
That said, it might be possible with the right combination of processing
on those fs controls.
Pete
if not, is it possible thru kernel drivers without subventing the
rules? i need to store some meta data in a file which need to read
read from any os or boot device.thanks
ab
–
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295
thanks pete, is it possible to let me know those fs controls? i really
dont want to go this route, but would still like to explore it as part
of the reaearch process for the doable solution.
knowing how efs combines the user pwd to generate the private key and
putting it in meta data makes me think, we shouldnt be messing there.
but i need to keep my meta data unencrypted as we will be accessing it
when the os is offline or through different boot scenarios.
any other suggestions from your experience. currently we r a vol
filter, but with the need so strong, if it is a doable soln, we might
add other drivers to the stack.
one option i thought of was doing extent based io from the vol filter,
but that aint as easy to get right as well.
On 6/10/10, Peter Scott wrote:
> On 6/9/2010 10:56 AM, amitr0 wrote:
>> all,
>>
>> on an efs enabled volume, is thr a way from user land to signal the os
>> NOT to encrypt a particular file. some flags in createfle maybe?
>> nothing illegal, just asking whether these is such a feature.
>>
>
> You can not have some of the data encrypted while other portions not
> encrypted, if that is what you are asking. I one point I played around
> with preventing individual files from being encrypted by altering the fs
> control behavior for the given file, I ended up not going that route.
> That said, it might be possible with the right combination of processing
> on those fs controls.
>
> Pete
>
>> if not, is it possible thru kernel drivers without subventing the
>> rules? i need to store some meta data in a file which need to read
>> read from any os or boot device.
>>
>> thanks
>>
>> ab
>>
>
> –
> Kernel Drivers
> Windows File System and Device Driver Consulting
> www.KernelDrivers.com
> 866.263.9295
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
- amitr0
> knowing how efs combines the user pwd to generate the private key and
putting it in meta data
FEK is in the metadata and is encrypted (by ksecdd I think, which in turn calls LSA) by the user’s password.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
what abt the system account, who is the password for that generated?
On Thu, Jun 10, 2010 at 3:51 AM, Maxim S. Shatskih
wrote:
> > knowing how efs combines the user pwd to generate the private key and
> > putting it in meta data
>
> FEK is in the metadata and is encrypted (by ksecdd I think, which in turn
> calls LSA) by the user’s password.
>
> –
> Maxim S. Shatskih
> Windows DDK MVP
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
- amitr0