I want to encrypt a volume from user app. For that i have written an
application to read ,encrypt and write to that volume. For the POC I have
used XOR as an encryption function. First time when I encrypt the volume it
becomes unusable as I have changed the data (no one can recognize FS now).
But next time when I encrypt again, FS is not mounting itself again on the
top of that volume. I am not able to understand this behaviour. Encrypt
already encypted data will give the original data as I am using XOR as an
encryption function
~Tim
there is a perfect book might be usable for you:
Windows NT File System Internals
Thanks kcynice for the suggestion. I am not reading volume through FS, I am
directly reading from volume. May be i am doing some thing wrong. It would
be helpful if you a have a look at and point out error in opening volume
HANDLE volumeHandle = CreateFile(“\\.\e:”, GENERIC_READ|GENERIC_WRITE,
// no access to the drive
FILE_SHARE_READ | // share mode
FILE_SHARE_WRITE,
NULL, // default security attributes
OPEN_EXISTING, // disposition
FILE_ATTRIBUTE_NORMAL, // file attributes
NULL);
Thanks in advance
~Tim
On Wed, Oct 29, 2008 at 1:12 PM, wrote:
> there is a perfect book might be usable for you:
> Windows NT File System Internals
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
When a volume is seen by the OS, the system calls a set of file system
recognizers that read parts of the volume and determine from the data the
type of file system on the volume. Once you apply your encryption that
data is not going to be recognized, so your volume is unusable. This is
why encryption is normally done at the file system level and since it is why
it takes a lot of time and money to do right.
–
Don Burn (MVP, Windows DDK)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“Tim Parker” wrote in message news:xxxxx@ntfsd…
>I want to encrypt a volume from user app. For that i have written an
> application to read ,encrypt and write to that volume. For the POC I have
> used XOR as an encryption function. First time when I encrypt the volume
> it
> becomes unusable as I have changed the data (no one can recognize FS now).
> But next time when I encrypt again, FS is not mounting itself again on the
> top of that volume. I am not able to understand this behaviour. Encrypt
> already encypted data will give the original data as I am using XOR as an
> encryption function
>
> ~Tim
>
Thanks Don for the reply. I am sorry i could not be precise on what i meant
to say. Actually the problem is i think misunderstood here.
Problem statement is
I am using XOR as an excryption function so it means that if I encrypt data
twice I will get the orignal data. I am encrypting data twice but did not
get orignal data. I infered this because FS should automatically mount
itself on top of volume, but this is not happening. I am dismounting volume
first before doing encryption.
~Tim
On Wed, Oct 29, 2008 at 6:10 PM, Don Burn wrote:
> When a volume is seen by the OS, the system calls a set of file system
> recognizers that read parts of the volume and determine from the data the
> type of file system on the volume. Once you apply your encryption that
> data is not going to be recognized, so your volume is unusable. This is
> why encryption is normally done at the file system level and since it is
> why
> it takes a lot of time and money to do right.
>
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
>
>
>
> “Tim Parker” wrote in message news:xxxxx@ntfsd…
> >I want to encrypt a volume from user app. For that i have written an
> > application to read ,encrypt and write to that volume. For the POC I have
> > used XOR as an encryption function. First time when I encrypt the volume
> > it
> > becomes unusable as I have changed the data (no one can recognize FS
> now).
> > But next time when I encrypt again, FS is not mounting itself again on
> the
> > top of that volume. I am not able to understand this behaviour. Encrypt
> > already encypted data will give the original data as I am using XOR as an
> > encryption function
> >
> > ~Tim
> >
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Are you doing this ?
- read volume (after locking and dismounting!) and you get A
- A + B = C …what is B ?
- C is the xor’d data that you are writing back to volume.
Now you repeat these steps again and you expect
C + B = A.
Logic is fine but what is B. is it same in both the runs ?..are you
reading and writing to the volume with exclusive access ?
Harish
From: Tim Parker [mailto:xxxxx@gmail.com]
Sent: Wednesday, October 29, 2008 6:27 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Drive Encryption
Thanks Don for the reply. I am sorry i could not be precise on what i
meant to say. Actually the problem is i think misunderstood here.
Problem statement is
I am using XOR as an excryption function so it means that if I encrypt
data twice I will get the orignal data. I am encrypting data twice but
did not get orignal data. I infered this because FS should automatically
mount itself on top of volume, but this is not happening. I am
dismounting volume first before doing encryption.
~Tim
On Wed, Oct 29, 2008 at 6:10 PM, Don Burn wrote:
When a volume is seen by the OS, the system calls a set of file
system
recognizers that read parts of the volume and determine from the
data the
type of file system on the volume. Once you apply your
encryption that
data is not going to be recognized, so your volume is unusable.
This is
why encryption is normally done at the file system level and
since it is why
it takes a lot of time and money to do right.
–
Don Burn (MVP, Windows DDK)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“Tim Parker” wrote in message
news:xxxxx@ntfsd…
>I want to encrypt a volume from user app. For that i have
written an
> application to read ,encrypt and write to that volume. For the
POC I have
> used XOR as an encryption function. First time when I encrypt
the volume
> it
> becomes unusable as I have changed the data (no one can
recognize FS now).
> But next time when I encrypt again, FS is not mounting itself
again on the
> top of that volume. I am not able to understand this
behaviour. Encrypt
> already encypted data will give the original data as I am
using XOR as an
> encryption function
>
> ~Tim
>
—
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
You are currently subscribed to ntfsd as: xxxxx@gmail.com
To unsubscribe send a blank email to
xxxxx@lists.osr.com
— NTFSD is sponsored by OSR For our schedule debugging and file system
seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars You are currently subscribed to ntfsd as:
xxxxx@netapp.com To unsubscribe send a blank email to
xxxxx@lists.osr.com
I am XORing every byte with 0xff. So XORing twice will produce the same data
~Tim
On Wed, Oct 29, 2008 at 11:03 PM, Arora, Harish wrote:
> Are you doing this ?
> 1. read volume (after locking and dismounting!) and you get A
> 2. A + B = C …what is B ?
> 3. C is the xor’d data that you are writing back to volume.
>
> Now you repeat these steps again and you expect
> C + B = A.
>
> Logic is fine but what is B. is it same in both the runs ?..are you
> reading and writing to the volume with exclusive access ?
>
> Harish
> ------------------------------
> From: Tim Parker [mailto:xxxxx@gmail.com]
> Sent: Wednesday, October 29, 2008 6:27 AM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] Drive Encryption
>
> Thanks Don for the reply. I am sorry i could not be precise on what i
> meant to say. Actually the problem is i think misunderstood here.
>
> Problem statement is
>
> I am using XOR as an excryption function so it means that if I encrypt data
> twice I will get the orignal data. I am encrypting data twice but did not
> get orignal data. I infered this because FS should automatically mount
> itself on top of volume, but this is not happening. I am dismounting volume
> first before doing encryption.
>
> ~Tim
>
> On Wed, Oct 29, 2008 at 6:10 PM, Don Burn wrote:
>
>> When a volume is seen by the OS, the system calls a set of file system
>> recognizers that read parts of the volume and determine from the data the
>> type of file system on the volume. Once you apply your encryption that
>> data is not going to be recognized, so your volume is unusable. This is
>> why encryption is normally done at the file system level and since it is
>> why
>> it takes a lot of time and money to do right.
>>
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows Filesystem and Driver Consulting
>> Website: http://www.windrvr.com
>> Blog: http://msmvps.com/blogs/WinDrvr
>>
>>
>>
>> “Tim Parker” wrote in message news:xxxxx@ntfsd.
>> …
>> >I want to encrypt a volume from user app. For that i have written an
>> > application to read ,encrypt and write to that volume. For the POC I
>> have
>> > used XOR as an encryption function. First time when I encrypt the volume
>> > it
>> > becomes unusable as I have changed the data (no one can recognize FS
>> now).
>> > But next time when I encrypt again, FS is not mounting itself again on
>> the
>> > top of that volume. I am not able to understand this behaviour. Encrypt
>> > already encypted data will give the original data as I am using XOR as
>> an
>> > encryption function
>> >
>> > ~Tim
>> >
>>
>>
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule debugging and file system seminars
>> (including our new fs mini-filter seminar) visit:
>> http://www.osr.com/seminars
>>
>> You are currently subscribed to ntfsd as: xxxxx@gmail.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
> — NTFSD is sponsored by OSR For our schedule debugging and file system
> seminars (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars You are currently subscribed to ntfsd as:
> xxxxx@netapp.com To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>you XORed the file system data. You need to find a way to XOR only user data, so that the operating
system will be able to mount the file system.
…or do XORing in the volume filter below the FSD.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
This can be done by writing user mode application and volume filter driver
User Mode Application will
1 Make sure file system gets dismounted and doesnt get remounted on that volume until we are done with initial syncing
2 Encrypt the entire volume using application you wrote (It is like syncing volume initially)
3 Let volume filter know this drive got encryption enabled on it.
Volume filter
1 When user application signals volume got encrypted, Volume filter will start encrypting and decrypting data for that volume
Volume Filter alone is sufficient if initial syncing is implemented in volume filter.