Minifilter + shadow device

Hi guys,

I’d like to check my idea with you before I jump into implementing it. I’m working on an encryption filter. It’s not generic, it’s tailored to some special case, that doesn’t care about memory mapping the encrypted file, and doesn’t care about read / write performance. So the idea is to have encrypted file on local disk, and reparse creates that (according to some rules) require “decrypted” read / write to a shadow file system device, created by my minifilter. There I will implement “minimum” FS, that doesn’t bother with CM / MM integration, and will serve reads by decrypting on the fly data from the encrypted file, and writes by decrypting on the fly to the encrypted file on disk. The advantage is that this way I have two completely separate (at file / FCB level) file streams: one is always encrypted, another is always decrypted. No need to worry about what’s in cache / memory view, no need to worry about lying about actual file size, and all these nasty problems that make encryption filters so heavy. Again, memory mapping is totally out of the picture, performance doesn’t matter. It seems to me totally doable and quite simple. Are there any caveats I may have missed, or some cases I should consider?