In-memory Decryption of encrypted files

Hi all,

I need to implement a module that decrypts encrypted files in memory and presents the decrypted data in the viewing application ( for example, display in Notepad, the data decrypted from an encrypted file without buffering the decrypted bytes into a file on disk).

I would greatly appreciate pointers and general suggestions about articles and other information available to help me get started on this.

Thanks in advance,
Rgds,
-Manav

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

If you meant what you said, the answer is simple. Write your own OS. No
can do with Windows NT, 2000, XP, and 2003. Normally data from a file is
not written to the paging file unless the data has been modified. It is
easier to just reread the source data.

Quit with the HTML.

“Manav Khanna” wrote in message news:xxxxx@ntfsd…
Hi all,

I need to implement a module that decrypts encrypted files in memory and
presents the decrypted data in the viewing application ( for example,
display in Notepad, the data decrypted from an encrypted file without
buffering the decrypted bytes into a file on disk).

I would greatly appreciate pointers and general suggestions about articles
and other information available to help me get started on this.

Thanks in advance,
Rgds,
-Manav

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

I might be an wild goose here !!. Since the question is not very clear !!
But you might want to look at Exceed a product that does block-wise
in-memory zipping and unzipping. May be the product name is exceeds, and it
may not be the right thing for you. But just an wild guess from an wild
goose.

-prokash
----- Original Message -----
From: “David J. Craig”
Newsgroups: ntfsd
To: “File Systems Developers”
Sent: Monday, August 18, 2003 5:37 PM
Subject: [ntfsd] Re: In-memory Decryption of encrypted files

> If you meant what you said, the answer is simple. Write your own OS. No
> can do with Windows NT, 2000, XP, and 2003. Normally data from a file is
> not written to the paging file unless the data has been modified. It is
> easier to just reread the source data.
>
> Quit with the HTML.
>
> “Manav Khanna” wrote in message
news:xxxxx@ntfsd…
> Hi all,
>
> I need to implement a module that decrypts encrypted files in memory and
> presents the decrypted data in the viewing application ( for example,
> display in Notepad, the data decrypted from an encrypted file without
> buffering the decrypted bytes into a file on disk).
>
> I would greatly appreciate pointers and general suggestions about articles
> and other information available to help me get started on this.
>
> Thanks in advance,
> Rgds,
> -Manav
>
>
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

But you will have to have Ur own viewer…

-prokash
----- Original Message -----
From: “David J. Craig”
Newsgroups: ntfsd
To: “File Systems Developers”
Sent: Monday, August 18, 2003 5:37 PM
Subject: [ntfsd] Re: In-memory Decryption of encrypted files

> If you meant what you said, the answer is simple. Write your own OS. No
> can do with Windows NT, 2000, XP, and 2003. Normally data from a file is
> not written to the paging file unless the data has been modified. It is
> easier to just reread the source data.
>
> Quit with the HTML.
>
> “Manav Khanna” wrote in message
news:xxxxx@ntfsd…
> Hi all,
>
> I need to implement a module that decrypts encrypted files in memory and
> presents the decrypted data in the viewing application ( for example,
> display in Notepad, the data decrypted from an encrypted file without
> buffering the decrypted bytes into a file on disk).
>
> I would greatly appreciate pointers and general suggestions about articles
> and other information available to help me get started on this.
>
> Thanks in advance,
> Rgds,
> -Manav
>
>
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

hi,

I will try to express myself better here. What I am
trying to implement should work as follows:

1. A file exists on disk in an encrypted format. Let’s
   say an encrypted word doc.
2. When I open the encrypted file, my module should
   decrypt the encrypted file on-the-fly (without storing
   the decrypted bytes in another .doc file on the disk)
   and present the decrypted data to the relevant
   application (Microsoft word in this case).
3. That is to say, encryption and decryption is
   performed everytime a file is read from or written to,
   such that what exists on the disk is only the
   encrypted file. The decrypted data is never stored on
   the disk.

I would greatly appreciate pointers and general
suggestions about articles and other information
available to help me get started on this.

Thanks in advance,
Rgds,
-Manav

— Prokash Sinha wrote:
> But you will have to have Ur own viewer…
>
> -prokash
> ----- Original Message -----
> From: “David J. Craig”
> Newsgroups: ntfsd
> To: “File Systems Developers”
> Sent: Monday, August 18, 2003 5:37 PM
> Subject: [ntfsd] Re: In-memory Decryption of
> encrypted files
>
>
> > If you meant what you said, the answer is simple.
> Write your own OS. No
> > can do with Windows NT, 2000, XP, and 2003.
> Normally data from a file is
> > not written to the paging file unless the data has
> been modified. It is
> > easier to just reread the source data.
> >
> > Quit with the HTML.
> >
> > “Manav Khanna” wrote in
> message
> news:xxxxx@ntfsd…
> > Hi all,
> >
> > I need to implement a module that decrypts
> encrypted files in memory and
> > presents the decrypted data in the viewing
> application ( for example,
> > display in Notepad, the data decrypted from an
> encrypted file without
> > buffering the decrypted bytes into a file on
> disk).
> >
> > I would greatly appreciate pointers and general
> suggestions about articles
> > and other information available to help me get
> started on this.
> >
> > Thanks in advance,
> > Rgds,
> > -Manav
> >
> >
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free, easy-to-use web site
> design software
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as:
> xxxxx@garlic.com
> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >
> >
>
>
>
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
xxxxx@lists.osr.com

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

I will assume that you want to do this for every document type supported by
Microsoft applications include Office 97 onward. This will take at least
three man years of work. I also assume you have the IFS Kit. I also assume
you want to support NT 4.0 SP6a onward including Windows Server 2003. Take
the sfilter example and add code to track file creations/opens, deletions,
reads/writes, renames, cleanups, and closes. Run the various applications
doing a multitude of things. You might hire several users ranging in
experience from novice to expert. Look at how each application handles each
file type and operation from just an open to read, a recovery of a doc where
the computer was rebooted during editing, small changes to major changes.
Turn on and off the storing of changes in doc files especially and see how
it works.

BTW, I have some bad news to follow the good news: Some applications go
through two or more work files that are hard to identify as being the data
from the original file. In fact, one app will close and delete the original
file before the next work file is created. Been there, done that. Might be
easier to implement whole drive encryption - it will be much easier because,
been there, done that.

Anyone know anything about encryption or are you just guessing? Complicated
issues on key management, generation, etc.

“Manav Khanna” wrote in message news:xxxxx@ntfsd…
>
> hi,
>
> I will try to express myself better here. What I am
> trying to implement should work as follows:
>
> 1) A file exists on disk in an encrypted format. Let’s
> say an encrypted word doc.
> 2) When I open the encrypted file, my module should
> decrypt the encrypted file on-the-fly (without storing
> the decrypted bytes in another .doc file on the disk)
> and present the decrypted data to the relevant
> application (Microsoft word in this case).
> 3) That is to say, encryption and decryption is
> performed everytime a file is read from or written to,
> such that what exists on the disk is only the
> encrypted file. The decrypted data is never stored on
> the disk.
>
> I would greatly appreciate pointers and general
> suggestions about articles and other information
> available to help me get started on this.
>
> Thanks in advance,
> Rgds,
> -Manav
>
> — Prokash Sinha wrote:
> > But you will have to have Ur own viewer…
> >
> > -prokash
> > ----- Original Message -----
> > From: “David J. Craig”
> > Newsgroups: ntfsd
> > To: “File Systems Developers”
> > Sent: Monday, August 18, 2003 5:37 PM
> > Subject: [ntfsd] Re: In-memory Decryption of
> > encrypted files
> >
> >
> > > If you meant what you said, the answer is simple.
> > Write your own OS. No
> > > can do with Windows NT, 2000, XP, and 2003.
> > Normally data from a file is
> > > not written to the paging file unless the data has
> > been modified. It is
> > > easier to just reread the source data.
> > >
> > > Quit with the HTML.
> > >
> > > “Manav Khanna” wrote in
> > message
> > news:xxxxx@ntfsd…
> > > Hi all,
> > >
> > > I need to implement a module that decrypts
> > encrypted files in memory and
> > > presents the decrypted data in the viewing
> > application ( for example,
> > > display in Notepad, the data decrypted from an
> > encrypted file without
> > > buffering the decrypted bytes into a file on
> > disk).
> > >
> > > I would greatly appreciate pointers and general
> > suggestions about articles
> > > and other information available to help me get
> > started on this.
> > >
> > > Thanks in advance,
> > > Rgds,
> > > -Manav
> > >
> > >
> > > Do you Yahoo!?
> > > Yahoo! SiteBuilder - Free, easy-to-use web site
> > design software
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> > xxxxx@garlic.com
> > > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> > >
> > >
> >
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
>
>
>

This is difficult, but don’t get pessimistic. I took less than three years
in 96-99 when all I got from Microsoft was “wait for the IFS kit it’ll be
along in 6 months…” Back then there was virtually no public domain
material, and my project had very extensive requirements.

Yes, there are numerous difficult issues, relating to file size (block
ciphers change data size), file byte locking, mdl reads, detecting mounts,
supporting removable media, simply handling the read/writes, fastio path,
integrating/surviving with an anti-virus filter on your back, what to do
with the pagefile, how to deal with remote requests, how to manage cipher
keys, how to manage moves into and out of secure locations (file delete
typically moves to trash), deciding if you should show or hide encrypted
directories and files, writing a filter that can handle all the different
file systems, possibly netware and nfs too.

Then there is the real tough one: managing the cache.

But it’s easier now:-

1. IFS Kit is now available with sfilter and fat code to look at.

2. Rasheed Nagar’s book on Windows File Systems is perhaps a little dated
   now, and inaccurate here and there, but still a great help.

3. OSR’s file system training courses are available. I had one AFTER the
   event, and I can give a positive (independent) recommendation as to its
   value.

Its MUCH easier still, if you can manage your requirements. If all you
really need is a secure respository on the hard disk, rather than having
to filter ALL FSDs including the networks. If you can limit the work (to
say just FAT) and that will also limit the time and cost.

I’d say the biggest issue is to decide your architecture. A filter is NOT
the only option. You might be better served with a pseudo-file system. I
wrote a filter, and I’ve seen a PFS, and I think I’d give PFS some serious
study if ever there was a next time (I get nightmares like that
sometimes!)

Jack.