Hi,all!
I am writing a file system filter driver in win2000, and want to
dynamic encrypt the
.DOC file. It’s mean that after close the file in the WinWord, if the file
have changed,
than we must encrypt the file.
My method is to catch the WinWord close operation of the file, after
close the file,
than static encrypt the file. Here static encrypt method is that first
encrypt a.file to
a.file.temp, than rename a.file.temp to a.file.
My problem is that I do not know how to catch the close operation of
the .DOC file.
So, you can certainly catch the close of the file with a file system
filter. However, there are a number of problems with the model you
suggest. First, the file would remain unencrypted for some period of
time after you catch the close and get a chance to do the encryption.
Second, if the system was powered down after you catch the close, you
will never get a chance to encrypt the file. Third, you might not have
access to the file to encrypt it. It could get re-opened or there could
be a permissions issue etc.
Just as an FYI, office applications don’t edit the document itself.
They write out a copy of the document and then rename away the original
and rename in the copy (it is what I like to call the “rename dance”).
This is very typical for document editors since it avoids the chance of
getting half the document written and thereby corrupting it. So, you
actually want to see the rename of the target document followed by the
cleanup. But regardless, I don’t think doing this delayed encryption of
the document is really an acceptable solution in the encryption space.
/TomH
-----Original Message-----
From: Ice Fu [mailto:xxxxx@hotmail.com]
Sent: Thursday, June 19, 2003 9:08 AM
To: File Systems Developers
Subject: [ntfsd] Dynamic Encrypt the .DOC file!
Hi,all!
I am writing a file system filter driver in win2000, and want to
dynamic encrypt the
.DOC file. It’s mean that after close the file in the WinWord, if the
file
have changed,
than we must encrypt the file.
My method is to catch the WinWord close operation of the file,
after
close the file,
than static encrypt the file. Here static encrypt method is that first
encrypt a.file to
a.file.temp, than rename a.file.temp to a.file.
My problem is that I do not know how to catch the close operation
of
the .DOC file.
Thanks Tom!
I knew the office applications which you call “rename dance”, and try to
do encryption after the ~WRD****.tmp rename to the .doc file.
I have try two methods but both do not work, it is still the permissions
issue.
Here is the two methods:
1, after the ~WRD****.tmp rename to the a.doc file. Encrypt a.doc to
a.doc.tmp, rename a.doc.tmp to a.doc
2, before the ~WRD****.tmp rename to the a.doc file. Encrypt ~WRD****.tmp
to ~WRD****.tmp.tmp, rename ~WRD****.tmp.tmp back to ~WRD****.tmp. and do
the following rename opertion.
So I want to know what time is the best time for me to do the encrypt
operation, and how can I avoid the permissions issue?
If you could encrypt before the rename - that would obviously be a
better solution from a security perspective. However, this would be
very office specific and you could have some problems accessing the data
of the temp file since the file is most likely open for write. But, I
have no clue as to “where” you plan to do the encryption. If in user
mode, then there really isn’t any good way for you to synchronize the
rename event, your encryption logic and the also get access to the file
to re-write it. If you just want to lazily encrypt the file after close
that would be simpler - but would not be a very robust or secure
solution.
-----Original Message-----
From: Ice Fu [mailto:xxxxx@hotmail.com]
Sent: Friday, June 20, 2003 6:09 AM
To: File Systems Developers
Subject: [ntfsd] RE: Dynamic Encrypt the .DOC file!
Thanks Tom!
I knew the office applications which you call “rename dance”, and try to
do encryption after the ~WRD****.tmp rename to the .doc file.
I have try two methods but both do not work, it is still the permissions
issue.
Here is the two methods:
1, after the ~WRD****.tmp rename to the a.doc file. Encrypt a.doc to
a.doc.tmp, rename a.doc.tmp to a.doc
2, before the ~WRD****.tmp rename to the a.doc file. Encrypt
~WRD****.tmp
to ~WRD****.tmp.tmp, rename ~WRD****.tmp.tmp back to ~WRD****.tmp. and
do
the following rename opertion.
So I want to know what time is the best time for me to do the encrypt
operation, and how can I avoid the permissions issue?
I think Benson is asking the question you should be asking yourself in
order to decide the best course of action. Security should always start
there. Where am I vulnerable, who is my threat and how can I defend
against it?
-----Original Message-----
From: Benson Margulies [mailto:xxxxx@basistech.com]
Sent: Friday, June 20, 2003 10:27 AM
To: File Systems Developers
Subject: [ntfsd] RE: Dynamic Encrypt the .DOC file!
What’s the point of all this, anyway?
What are you trying to protect, and who are you trying to protect it
from?
My plan is to encrypt the file before the rename action, but because the
permission issure, I cannot do it, so I try to find another way to avoid
the permission issure, though I know that the way is not the best.
So my problem is that whatever I do the encryption before or after the
rename action, whatever I enrypt the .tmp file or the .doc file,I can’t
solve the permission issure, and at last I can’t dynamic encrypt the .doc
file.
You really need to provide more context for this group to be able to
help you. Of course you can do this rename operation! But I am really
confused as to why you ask this question. I am guessing you are asking
if you can do it under some special circumstances. Having no idea what
those circumstances are, my answer is of course of no value.
-----Original Message-----
From: Ice Fu [mailto:xxxxx@hotmail.com]
Sent: Monday, June 23, 2003 6:53 AM
To: File Systems Developers
Subject: [ntfsd] RE: Dynamic Encrypt the .DOC file!
another question is can I do the same rename operations as the office?
first rename away .doc file, than rename another encrypt file to the
.doc
file.