Is this OK for de/encrypting data on disks?

OSR_Community_User · December 21, 2006, 1:07am

Hi!

I want to protect my data on disks with file system filter driver. I don’t know whether this way works or not. My idea is as below:

My file system filter driver interprets all IRP_MJ_WRITE requests, and store all data to be written into memory temporarily, after all this has been done, my filter encrypts all data and write all the encrypted data back to disk.

When IRP_MJ_READ request is received, my filter also stores all data to be read into memory temporarily, after all this has been done, my filter decrypts all the data and sends the data to the process.

Is this OK? I need your help! Thanks in advance!

David_J_Craig · December 21, 2006, 1:44am

No. Hire a consultant. There is an old expression in the U.S.A. that goes:
“the devil’s in the details”. If you have provided all that you know, you
need a lot of help and no one can teach you that much one newsgroup message
at a time. One mistake in this post is your referring to ‘data on disks’ as
being related to file system filter drivers. Both are possible but those
phrases make no sense being in the same sentence. I will break them apart.

Do you want to protect the data on your disk drives? If so you need Vista
with BitLocker or a Seagate FDE disk drive or a product such as SafeBoot.
This requires detailed knowledge of the storage stack if you want to
implement your own equivalent such as SafeBoot or BitLocker.

Do you want to protect the data in some files? If so you need to write a
file system filter driver or a file system driver. OSR sells software and
consultant support to create such a product. This is one of the most
difficult drivers to write as a file system filter driver. Why not use EFS?
If you don’t trust Microsoft, who does, you can write one easier if you
restrict your file system to NTFS. If you don’t know why, you need help.

wrote in message news:xxxxx@ntfsd…
> Hi!
>
> I want to protect my data on disks with file system filter driver. I don’t
> know whether this way works or not. My idea is as below:
>
> My file system filter driver interprets all IRP_MJ_WRITE requests, and
> store all data to be written into memory temporarily, after all this has
> been done, my filter encrypts all data and write all the encrypted data
> back to disk.
>
> When IRP_MJ_READ request is received, my filter also stores all data to be
> read into memory temporarily, after all this has been done, my filter
> decrypts all the data and sends the data to the process.
>
> Is this OK? I need your help! Thanks in advance!
>