I have a few questions about how this will work. Basically, your filter
driver would intercept opening the file, reading/writing to the file, and
any other file IOCTLs. In general terms, you basically open a file and
read/write to the file.
So, this is basically your setup.
[MS WORD]
[Your Filter]
[File System]
[Disk Dirver]
( Physical Disk)
To MS Word, it does not need to know obviously that the data is
encrypted. So, when you read the file to MS Word or do any operations, you
must return most likely return the information you’re putting in your
header. I assume the information in your header is the size of the data
unencrypted, and possibly other general information that could be returned
by functions like “GetFileSize()”, etc.? (As well as possible encryption
info, version information, etc.).
So, when MS Word wants to save, all it would do is basically either do a
CopyFile() from it’s temp to the new or a series of WriteFile() operations
in which you would basically change the information to be encrypted and
increment to the correct location that the data should be written to. For
example, if the SetFilePointer() is incremented to a location, it has to be
a logical location to the unencrypted data I would assume. It couldn’t be
related to what you’re writing to the disk since it could be different.
My last question is, since from MS Word’s point of view it simply does
OpenFile or CreateFile and opens and writes/reads to the file, how do you
perform the security? I mean anyone could then CreateFile() OpenFile() and
read it unencrypted, how and when does your driver know to unencrypt? Is it
per-user, checks usercontext of the process or something simmilar?
Also, you want to identify the temp file? The temp files created by MS Word
have a certain exention and I believe their attributes are hiden, so that’s
one way. I also beileve there is an API that returns a random file name
for temp use that you could intercept. You coudl also check the context of
all open calls, and see if the process is MS Word. Of course you still
would need to verify in some way if you really need to seperate knowing the
temp from the real file, you could use the attributes or file name I
suppose as a quick guess.
About getting the file with the header when MS Word saves, I guess depends
on how MS WOrd is saving. Is it just doing a WriteFile() of all the data
or a COpyFile from the temp. Since MS Word does not have the header, I do
not believe that it would send it down to you. I’m just shooting some
ideas around, I am not 100% on this though.
At 12:26 AM 11/10/2003 -0500, you wrote:
Hi,
We are about to develop a file system filter driver which does on fly
encryption. I have following doubts about this:
We need to add an header to the encrypted file so are there any issues by
using this.
we wanted this file to be encrypted on the disk always. My question is if
MS-Word opens this file then the file system driver decryptes the data by
seeing the header and MS-Word creates a temporary file, and when user
modifies and saves does my file system filter driver get my header with
the new contents.
And we want the temporary file created by word also to be in encrypted
form, so how to identify the temporary file that is created for the actual
file.
Kedar.
You are currently subscribed to ntfsd as: xxxxx@opferman.com
To unsubscribe send a blank email to xxxxx@lists.osr.com