Re: file header.

Hi
Yeah, What you say is all right. I have made one list now.
Now the trouble is I can not index the list by the file name.
the reason of mine is I can make a good solution for the LFN
(long file name) and 8.3 formation (including the full path).
also we must notice the file in the lan. it is hardly to
tell the exactly URL. Also it will bring trouble when you
copy, move the file from or to floppy disk, cdrom. even
send file by the attached file in mail.
Now I index the list by the opened handle of the file.
But It can not tell us the relation between the two opened
for a same file.
I wish I can find out whether it is an encytped file by
the head of the file. I also meet the trouble, I have mentioned
them in the last mail.
Here is my mainly trouble now. I think I need more excellent
design. I still have not got one. My colleague also have none.

the next trouble is from the encyption algorithm. I use
block encrypt and decrypt algorithm, i.e. DES, IDEA.
But the trouble is that the edge of Lockfile is in the middle
of the block. I must remember all these block in a list. The
trouble is same as the encrypted file list. It is not a good
design to index by file name or opened handle of the file.

(If I write a FSD, I can tell the difference fo files by the
absolute position on the hard disk. “section and partition”.
Now how can I do in the next step.)
Do you have more excellence design?
Good Day and Good Lucky for our file filter.

Best Regards
Jansen Zhu.
Shanghai China.
Jujo. Elec. Co.

P.S. Would you please tell me which countory the .cz means.
I have interest in knowing it.
----- Original Message -----
From: MARI
To: ‘xxxxx@citiz.net’
Sent: Tuesday, August 22, 2000 6:12 PM
Subject: RE: file header.

Hi Jansen,
Your filter driver must store information about opened -encrypted files. If you have such a list, you can handle only two situations:

  1. File is on the list - you know it is encrypted
  2. File isn’t on the list - you can try to reopen it before you pass I/O Request to the next FSFD or FSD and read all you need.
    If this open fail, then file doesn’t exist or file is a directory or file is non encrypted (file is already opened and it is not on your list).

There are also some dirty tricks - you can open file with only synchronize access specified and then use paging io to read (and even write) file data.

Best regards
mari
-----Original Message-----
From: xxxxx@citiz.net [mailto:xxxxx@citiz.net]
Sent: Tuesday, August 22, 2000 11:41 AM
To: xxxxx@decros.cz
Subject: file header.

Hi Mari,
??? I have same project as you do now.
I must encypte some data file and add a
header, which present the user’s accessing
right.
??? Now I have implement a simple demo.
But, It still have lot of bug to debug.
Now I fall in some mess. I wish I can discuss
these problem with you.
Problem 1. The Shared Access Right.
if An application open my ecryped file with
the flag deny everything (and do not close
the handle at once). So It also means My
driver can not open the file and read the
head correctly. How can I do? (I’m researching
the best solution by now.)
???I will provide more question to discuss with
you. If you have interest in knowing these
question. wish to get help from you.
??? Good Day.

Best Regards
Jansen Zhu.
Shanghai China.
Jujo Elec. Co.

----??ӭʹ???ʯ?ʾ?-----

hi mari,
Thanks for you to introduce all these design.
I think I need time to think all these ideas through.
Yeah, We must use the block encrytion algorithm.

Ok, what you say are all right to use FsContext
to tell the different file object.
And I have to implement same project in the win 9x.
(I use IFSmgr_*** functions.) There are no same concept
as the NT in the windows 9x. I wish I can make a design
for both OSs. I will continue to think all my trouble
through out. I wish we can keep in touch.
Thanks at last.

P.S. I have found the Czech Republic in th world
map. The field looks not too big.

Best Regards
Jansen Zhu.
----- Original Message -----
From: MARI
To: ‘Jansen Zhu’
Sent: Wednesday, August 23, 2000 3:26 PM
Subject: RE: file header.

Hi Jansen,
There are some exact rules:
If you want to use block encryption, your metadata must have page size or must be stored at the end of the file. In this case you implement encryption/decryption only for paging io (and direct access).
If you want to use streem encryption, your metadata may have any size. Streem encryption is acceptable for confidential, but not for top secret.

Good solution for encryption driver is to use two file object for one file. It allows you to store your information in FileObject_A->FsContext. List of FileObject_A represents list of encrypted files. Even in this case you will have problem with long and short file names. This problem was discussed in ntfsd list and there you can find some solutions.

The file is represented by FileObject_A
Your Filter Driver

| The file is represented by FileObject_B
File System Driver

Sharing violation problem isn’t actualy so important as you thing. If you cannot open a file from IRP_MJ_CREATE dispatch routine and the status is sharing violation you can simply return this status (if you pass the request to the FSD, you will receive probably the same status).

Once I tryed to create list of currently opened non -encrypted files (to improve performance). I create two synchronized lists , one was indexed by file name (file path hash) and the other by FileObject->FsContext. For Microsoft File System Drivers there is one to one corespondence between file and FsContext.

CZ = Czech Republic (a litle country in the middle of Europe, something between Germany and Russia)

Best regards

mari