Mini-filter encryption driver problem

NTFSD
1

Hi,all

We are developing a file system mini-filter driver for encryption on Windows
XP SP2, and if we just use our mini-filter driver for encryption/decryption,
that¡¯s OK. But if we set both our encryption flag and Windows EFS
encryption or compression flag for this file, then reboot the PC and we will
find that the encryption file will become damaged. And at this time, if we
unload our mini-filter driver and reboot the PC, then we can find that the
encryption file has become plain.

We had developed a legacy filter encryption driver; also we suffered from
this pain.

Any advice and pointer is highly welcome. I always appreciate your help.

Thanks
Ben

2

Ben,

This is now the third time you’v sent essentially the same query (28 June, 5 July, and now 8 July); nobody appears to have responded to either of the first two queries.

In my experience, a lack of response generally means that nobody has any useful insights into the problem. Thus, submitting the same inquiry repeatedly merely serves to annoy and frustrate the people on the list.

I *have* seen problems interacting with the NTFS compression support (it changes caching behavior, for example) but I’ve never heard of anyone running into problems with NTFS encryption of the type you described. Hence, I didn’t respond, because I have no useful insight to provide.

My suggestion is to try and figure more out about the details of these problems/issues. Have you gone to a PlugFest and asked the team at Microsoft? Have you used the kernel debugger to walk through the handling of a write operation in the underlying file system? Have you considered disallowing this combination of options in your product? For most types of encryption, compression after encryption is generally useless anyway, so there’s no benefit for enabling it.

Ultimately, if you come back to the list with specific questions about behavior you have observed, you are far more likely to receive useful feedback. Or, if you prefer, you can engage the services of one of the very skilled consultants on the list to further investigate your problem - there are several who have considerable experience tracking down nasty problems of this type.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of ben
Sent: Friday, July 08, 2005 1:58 AM
To: ntfsd redirect
Subject: [ntfsd] Mini-filter encryption driver problem

Hi,all

We are developing a file system mini-filter driver for encryption on Windows
XP SP2, and if we just use our mini-filter driver for encryption/decryption,
that??s OK. But if we set both our encryption flag and Windows EFS
encryption or compression flag for this file, then reboot the PC and we will
find that the encryption file will become damaged. And at this time, if we
unload our mini-filter driver and reboot the PC, then we can find that the
encryption file has become plain.

We had developed a legacy filter encryption driver; also we suffered from
this pain.

Any advice and pointer is highly welcome. I always appreciate your help.

Thanks
Ben

Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

3

> Have you considered disallowing this combination of options in your

product?

I agree with Tony. Although I can’t give you any help too, in our filter,
we just ignore files that are compressed or encrypted by NTFS,
as it is much easier to convince the customers that

  1. encrypted files cannot be compressed (even NTFS does not allow this,
    try in file properties)
  2. it is useless to encrypt NTFS-encrypted files

than try to make the filter work with these files.

L.

4

Dear L.

Thanks for your greate advice.

Ben
“Ladislav Zezula” ???:xxxxx@ntfsd…
>> Have you considered disallowing this combination of options in your
>> product?
>
> I agree with Tony. Although I can’t give you any help too, in our filter,
> we just ignore files that are compressed or encrypted by NTFS,
> as it is much easier to convince the customers that
>
> 1) encrypted files cannot be compressed (even NTFS does not allow this,
> try in file properties)
> 2) it is useless to encrypt NTFS-encrypted files
>
> than try to make the filter work with these files.
>
> L.
>
>
>
>

5

Dear Tony,

Sorry for my repetitious problems.

And thank you vey much for your good advice.
I will continue my researching about this problem.
BTW, if we want enage the service of the very skilled consu.tants, and what
should we do ?

Regards
Ben

“Tony Mason” ???:xxxxx@ntfsd…
Ben,

This is now the third time you’v sent essentially the same query (28 June, 5
July, and now 8 July); nobody appears to have responded to either of the
first two queries.

In my experience, a lack of response generally means that nobody has any
useful insights into the problem. Thus, submitting the same inquiry
repeatedly merely serves to annoy and frustrate the people on the list.

I have seen problems interacting with the NTFS compression support (it
changes caching behavior, for example) but I’ve never heard of anyone
running into problems with NTFS encryption of the type you described.
Hence, I didn’t respond, because I have no useful insight to provide.

My suggestion is to try and figure more out about the details of these
problems/issues. Have you gone to a PlugFest and asked the team at
Microsoft? Have you used the kernel debugger to walk through the handling
of a write operation in the underlying file system? Have you considered
disallowing this combination of options in your product? For most types of
encryption, compression after encryption is generally useless anyway, so
there’s no benefit for enabling it.

Ultimately, if you come back to the list with specific questions about
behavior you have observed, you are far more likely to receive useful
feedback. Or, if you prefer, you can engage the services of one of the very
skilled consultants on the list to further investigate your problem - there
are several who have considerable experience tracking down nasty problems of
this type.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of ben
Sent: Friday, July 08, 2005 1:58 AM
To: ntfsd redirect
Subject: [ntfsd] Mini-filter encryption driver problem

Hi,all

We are developing a file system mini-filter driver for encryption on Windows
XP SP2, and if we just use our mini-filter driver for encryption/decryption,
that¡¯s OK. But if we set both our encryption flag and Windows EFS
encryption or compression flag for this file, then reboot the PC and we will
find that the encryption file will become damaged. And at this time, if we
unload our mini-filter driver and reboot the PC, then we can find that the
encryption file has become plain.

We had developed a legacy filter encryption driver; also we suffered from
this pain.

Any advice and pointer is highly welcome. I always appreciate your help.

Thanks
Ben


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

6

Since I am currently busy, I can’t take any work. I would recommend that
you go to osr.com and try the person who answered your question below.
There are also several others who post here and have addresses that are open
or easily changed to be a valid email address.

“ben” wrote in message news:xxxxx@ntfsd…
> Dear Tony,
>
> Sorry for my repetitious problems.
>
> And thank you vey much for your good advice.
> I will continue my researching about this problem.
> BTW, if we want enage the service of the very skilled consu.tants, and
> what should we do ?
>
> Regards
> Ben
>
>
> “Tony Mason” ???:xxxxx@ntfsd…
> Ben,
>
> This is now the third time you’v sent essentially the same query (28 June,
> 5 July, and now 8 July); nobody appears to have responded to either of the
> first two queries.
>
> In my experience, a lack of response generally means that nobody has any
> useful insights into the problem. Thus, submitting the same inquiry
> repeatedly merely serves to annoy and frustrate the people on the list.
>
> I have seen problems interacting with the NTFS compression support (it
> changes caching behavior, for example) but I’ve never heard of anyone
> running into problems with NTFS encryption of the type you described.
> Hence, I didn’t respond, because I have no useful insight to provide.
>
> My suggestion is to try and figure more out about the details of these
> problems/issues. Have you gone to a PlugFest and asked the team at
> Microsoft? Have you used the kernel debugger to walk through the handling
> of a write operation in the underlying file system? Have you considered
> disallowing this combination of options in your product? For most types
> of encryption, compression after encryption is generally useless anyway,
> so there’s no benefit for enabling it.
>
> Ultimately, if you come back to the list with specific questions about
> behavior you have observed, you are far more likely to receive useful
> feedback. Or, if you prefer, you can engage the services of one of the
> very skilled consultants on the list to further investigate your problem -
> there are several who have considerable experience tracking down nasty
> problems of this type.
>
> Regards,
>
> Tony
>
> Tony Mason
> Consulting Partner
> OSR Open Systems Resources, Inc.
> http://www.osr.com
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
> On Behalf Of ben
> Sent: Friday, July 08, 2005 1:58 AM
> To: ntfsd redirect
> Subject: [ntfsd] Mini-filter encryption driver problem
>
> Hi,all
>
> We are developing a file system mini-filter driver for encryption on
> Windows
> XP SP2, and if we just use our mini-filter driver for
> encryption/decryption,
> that¡¯s OK. But if we set both our encryption flag and Windows EFS
> encryption or compression flag for this file, then reboot the PC and we
> will
> find that the encryption file will become damaged. And at this time, if we
> unload our mini-filter driver and reboot the PC, then we can find that the
> encryption file has become plain.
>
> We had developed a legacy filter encryption driver; also we suffered from
> this pain.
>
> Any advice and pointer is highly welcome. I always appreciate your help.
>
> Thanks
> Ben
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@osr.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>