Best choice for encryption in file system level

Hi there,

I’m continuously developing drivers for educate myself. Two weeks ago I started to study on mini-filter drivers, and I wrote couple of them for just basic tasks.

Now, I’m started to thinking for writing a new mini-filter driver for encryption. I readed a couple of thread on NTFSD about mini-filters and encryption, looks like they doesn’t goes well together…

Strictly speaking, I don’t want to make a fully functional encyption driver with mini-filters (something like encrypts all files in pre-write, and decrypts at post-read. I just want to make something working for just one file extension. Let say it’ll be .b2e. I’ll be create that blah.b2e file by myself only, with a custom C program (I’m not going to use notepad, wordpad, office etc.) So, probably in driver, I’m going to filter by process name, and if detect my process, I’ll encrypt its writes and decrypts them when reading back.

So, my questions are:
1-) If it is possible to make this without any pain in mini-filter driver?
2-) If so, In summary, What kind of way do I need to follow? What edge sides should I keep in mind?
3-) If not so, which fsd should I use for achieving this task?

It doesn’t matter if I’ll have to learn another fsd model. I’ll do it with pleasure. Of course, I’m not going to be a professional in that area, I just want to suppress my curiosity.

Thanks in advance to all who’ll spends their unrecoverable time for these questions.
Best regards…

If you control the program(s) then why are you doing a driver at all? It
makes more sense to encrypt/decrypt in the program that is generating/using
the file.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yandex.com
Sent: Friday, March 24, 2017 10:30 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Best choice for encryption in file system level

Hi there,

I’m continuously developing drivers for educate myself. Two weeks ago I
started to study on mini-filter drivers, and I wrote couple of them for just
basic tasks.

Now, I’m started to thinking for writing a new mini-filter driver for
encryption. I readed a couple of thread on NTFSD about mini-filters and
encryption, looks like they doesn’t goes well together…

Strictly speaking, I don’t want to make a fully functional encyption driver
with mini-filters (something like encrypts all files in pre-write, and
decrypts at post-read. I just want to make something working for just one
file extension. Let say it’ll be .b2e. I’ll be create that blah.b2e file by
myself only, with a custom C program (I’m not going to use notepad, wordpad,
office etc.) So, probably in driver, I’m going to filter by process name,
and if detect my process, I’ll encrypt its writes and decrypts them when
reading back.

So, my questions are:
1-) If it is possible to make this without any pain in mini-filter driver?
2-) If so, In summary, What kind of way do I need to follow? What edge sides
should I keep in mind?
3-) If not so, which fsd should I use for achieving this task?

It doesn’t matter if I’ll have to learn another fsd model. I’ll do it with
pleasure. Of course, I’m not going to be a professional in that area, I just
want to suppress my curiosity.

Thanks in advance to all who’ll spends their unrecoverable time for these
questions.
Best regards…


NTFSD is sponsored by OSR

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:>

Thank you for your reply, Don.

Of course it is, but as I mentioned, I’m trying to educate myself. That is exactly why I want to do it from driver. I’m just randomly selects an idea, then try to implement it in driver mode. I learn by this way.

As has been stated many times on this forum, encryption drivers are some of
the hardest to do. If you don’t care who gets to read the data, and don’t
mind a very simple encryption scheme (i.e. keep the size of the file the
same) you can do something relatively easily, beyond that you are into big
challenges.

Note: OSR sells a kit for file system filters such as encryption, the last I
knew they charged $150,000 for the kit. They wouldn’t be charging this, if
people didn’t find it saved more than that in development costs and
maintenance.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yandex.com
Sent: Friday, March 24, 2017 10:41 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] Best choice for encryption in file system level

Thank you for your reply, Don.

Of course it is, but as I mentioned, I’m trying to educate myself. That is
exactly why I want to do it from driver. I’m just randomly selects an idea,
then try to implement it in driver mode. I learn by this way.


NTFSD is sponsored by OSR

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:>

Thank you Don for information about OSR’s kit. It make me understand how hard it can be.

For my situation, the only process will read and write to file is mine. So it is not important about who read it.

And, I think it will be no problem with using simple encryption scheme. By the way, I do not have to make it a encyption driver. As I said, it is just a idea. Let say, I can just use it for replace a word “kotoro” with “kamato” when writing to disk. And replace “kamato” with “kotoro” when reading from disk. I just trying to do and learn, that’s all.

So, I assume it is possible from mini-filter?
If you approve, then can you please point me about the edge sides should I keep in mind?

Best regards

You can do it in a mini-filter. As I stated, things get hairy when you
change the size of the file or the size of the data in the file. Make
sure you see all the reads and writes, since file caching will need to be
addressed.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yandex.com
Sent: Friday, March 24, 2017 11:17 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] Best choice for encryption in file system level

Thank you Don for information about OSR’s kit. It make me understand how
hard it can be.

For my situation, the only process will read and write to file is mine. So
it is not important about who read it.

And, I think it will be no problem with using simple encryption scheme. By
the way, I do not have to make it a encyption driver. As I said, it is just
a idea. Let say, I can just use it for replace a word “kotoro” with “kamato”
when writing to disk. And replace “kamato” with “kotoro” when reading from
disk. I just trying to do and learn, that’s all.

So, I assume it is possible from mini-filter?
If you approve, then can you please point me about the edge sides should I
keep in mind?

Best regards


NTFSD is sponsored by OSR

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:>

If you just want to play around, give yourself the following
rules/restrictions:

  1. I shall not change the size of the file

  2. All filters and applications above my filter only ever see the decrypted
    data (i.e. no mixed policy where some applications see decrypted data and
    some applications see encrypted data).

You’ll have an amusing time sorting through the problems with the above. If
you deviate from either you’ll go right off a cliff.

-scott
OSR
@OSRDrivers

“Don Burn” wrote in message news:xxxxx@ntfsd…

You can do it in a mini-filter. As I stated, things get hairy when you
change the size of the file or the size of the data in the file. Make
sure you see all the reads and writes, since file caching will need to be
addressed.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yandex.com
Sent: Friday, March 24, 2017 11:17 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] Best choice for encryption in file system level

Thank you Don for information about OSR’s kit. It make me understand how
hard it can be.

For my situation, the only process will read and write to file is mine. So
it is not important about who read it.

And, I think it will be no problem with using simple encryption scheme. By
the way, I do not have to make it a encyption driver. As I said, it is just
a idea. Let say, I can just use it for replace a word “kotoro” with “kamato”
when writing to disk. And replace “kamato” with “kotoro” when reading from
disk. I just trying to do and learn, that’s all.

So, I assume it is possible from mini-filter?
If you approve, then can you please point me about the edge sides should I
keep in mind?

Best regards


NTFSD is sponsored by OSR

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:>

Thank you Scott for your reply.
I hope it will be fun.

24.03.2017, 20:41, “Scott Noone” :

If you just want to play around, give yourself the following
rules/restrictions:

  1. I shall not change the size of the file

  2. All filters and applications above my filter only ever see the decrypted
    data (i.e. no mixed policy where some applications see decrypted data and
    some applications see encrypted data).

You’ll have an amusing time sorting through the problems with the above. If
you deviate from either you’ll go right off a cliff.

-scott
OSR
@OSRDrivers

“Don Burn” wrote in message news:xxxxx@ntfsd…

You can do it in a mini-filter. As I stated, things get hairy when you
change the size of the file or the size of the data in the file. Make
sure you see all the reads and writes, since file caching will need to be
addressed.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yandex.com
Sent: Friday, March 24, 2017 11:17 AM
To: Windows File Systems Devs Interest List <xxxxx@lists.osr.com>
Subject: RE:[ntfsd] Best choice for encryption in file system level

Thank you Don for information about OSR’s kit. It make me understand how
hard it can be.

For my situation, the only process will read and write to file is mine. So
it is not important about who read it.

And, I think it will be no problem with using simple encryption scheme. By
the way, I do not have to make it a encyption driver. As I said, it is just
a idea. Let say, I can just use it for replace a word “kotoro” with “kamato”
when writing to disk. And replace “kamato” with “kotoro” when reading from
disk. I just trying to do and learn, that’s all.

So, I assume it is possible from mini-filter?
If you approve, then can you please point me about the edge sides should I
keep in mind?

Best regards


NTFSD is sponsored by OSR

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at <http://www.osr.com/seminars>

To unsubscribe, visit the List Server section of OSR Online at
<http://www.osronline.com/page.cfm?name=ListServer>


NTFSD is sponsored by OSR

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at <http://www.osr.com/seminars>

To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>