Hi,
I want to realize encrypt/decrypt a file on-fly. Below is my ways:
-
Get fileobject in PRE_CREATE, and insert it into FileObjectList;
-
In PRE_READ, get FltObjects->FileObject first, then search FileObjectList in step 1,
if we can find FltObjects->FileObject in FileObjectList, then decrypt the file.
-
Encrypt is similar as step 2;
Is it available?
I thiink filename is not necessary for encrypt/decrypt on-fly, because I wiil not use filename in PRE_READ and PRE_WRITE. How Do you think of it?
Thank you!
Ok you have a ton of problems here:
-
How do you determine if this is an “approved” decrypt or are they all
approved? If some opens are approved, you will need to manage your own
file objects, and caching. If all are approved you can use the stream
context for a file.
-
If you are choosing who is approved, you will need to handle every
call, since unfortunately your file object will need to translated to an
underlying file system file object to manage stuff.
-
If your encryption schema changes the sizes of files, you have
additional challenges that will make your life miserable.
At the level of questions being asked plan on a multi-year effort for
anything to work. This is why the suggestion of using the OSR DMK keeps
appearing, it probably will be cheaper.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntfsd…
> Hi,
> I want to realize encrypt/decrypt a file on-fly. Below is my ways:
>
> 1. Get fileobject in PRE_CREATE, and insert it into FileObjectList;
>
> 2. In PRE_READ, get FltObjects->FileObject first, then search
> FileObjectList in step 1,
> if we can find FltObjects->FileObject in FileObjectList, then decrypt
> the file.
>
> 3. Encrypt is similar as step 2;
>
> Is it available?
>
> I thiink filename is not necessary for encrypt/decrypt on-fly, because I
> wiil not use filename in PRE_READ and PRE_WRITE. How Do you think of it?
>
> Thank you!
>
>
Don Burn wrote:
At the level of questions being asked plan on a multi-year effort for
anything to work. This is why the suggestion of using the OSR DMK keeps
appearing, it probably will be cheaper.
I’d go further. If you start a complex filter with that little knowledge it’s
very possible that the end result will either never be finished, or never work
correctly.
Shelve the project. Learn about how filters work on a number of smaller projects,
then come back (maybe in 6-9 months time) and start with a little experience.
Plus, if your deadline is anything less than 24-36 months then buy the DMK - it will
be *much* cheaper.
Tony