I need to write a windows 10 driver that will recognize when the user is accessing a removable device, and when they write to it, encrypt the file, and when they read, if the file is encrypted, decrypt it. There don’t seem to be any “base” mini filters that would allow me to accomplish this. How involved will this be ? I’ve been a programmer for over 30 years, but have not done a windows driver since the win 3.1 days.
Oh boy…
The short answer here would be do just maybe encrypt the removable disk and not bother with file level encryption.
You could write an upper disk filter class driver , look for file_removable_media flag and do disk encryption .
The amount of complexity for what you ask cannot be possibly be described in a forum thread nor for that matter in a MS sample.
Gabriel Bercea
Windows Kernel Driver Consulting
From: xxxxx@yahoo.com
Sent: Monday, April 25, 20:44
Subject: [ntfsd] mini filter for encryption/decryption
To: Windows File Systems Devs Interest List
I need to write a windows 10 driver that will recognize when the user is accessing a removable device, and when they write to it, encrypt the file, and when they read, if the file is encrypted, decrypt it. There don’t seem to be any “base” mini filters that would allow me to accomplish this. How involved will this be ? I’ve been a programmer for over 30 years, but have not done a windows driver since the win 3.1 days. — NTFSD is sponsored by OSR MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at
Per-file encryption transparent encryption turns out to be surprisingly complicated (I know we’ve been working on it in various guises for 20 years now). Doing it on slow media is even more challenging because *any* extra I/O that you add will make the device sluggish. The approach that we’ve taken in our latest framework is complex, but not pointlessly so - we’re balancing performance against flexibility. But it’s also the culmination of 20 years of work in this field.
Gabriel’s suggestion is a useful one. It might even be easier (like no kernel mode programming) to monitor insertion of removable media and turn bitlocker on. The downside to this is that if someone plugs in their mobile device that looks like storage, you will brick it, which might not be your goal either. Then again, perhaps you don’t care when they’ve decided to store troop data on their iPod (http://www.digitaltrends.com/web/man-buys-used-ipod-with-us-troop-data/).
Tony
OSR