Transparent File Encryption Filter Driver SDK
Download EaseFilter Transparent Encryption SDK Setup File Download EaseFilter Transparent Encryption SDK Zip File
What is the EaseFilter Encryption Filter Driver SDK
The EaseFilter Encryption Filter Driver (EEFD) is a comprehensive solution for implementing transparent, on-access file-level encryption on Windows systems. This SDK enables developers to build applications that automatically encrypt and decrypt files at the file system level, ensuring data remains secure without requiring changes to existing workflows or applications.
Understand The File System Filter Driver
A file system filter driver operates within the Windows kernel, intercepting requests directed at a file system or another filter driver. By capturing these requests before they reach their intended targets, the filter driver can extend or replace the functionality provided by the original target. This mechanism is essential for implementing advanced file security measures.
Key Features
Transparent Encryption and Decryption: Files are encrypted before being written to disk and decrypted when read, all at the file system level. This process is seamless to users and applications, requiring no additional actions or temporary files.
-
AES Encryption Algorithm: Utilizes the Advanced Encryption Standard (AES) algorithm with key sizes of 128, 192, or 256 bits, implemented through Microsoft's Cryptography API: Next Generation (CNG) library. This ensures compliance with U.S. FIPS 140-2 standards.
-
Per-Process Access Control: The SDK supports defining access rights on a per-process or per-user basis. Authorized processes can access decrypted data, while unauthorized ones receive only encrypted content.
-
Isolation Mini Filter Driver: Employs isolation technology to create separate views of encrypted files for different processes. This ensures that decrypted data is not inadvertently shared between authorized and unauthorized processes.
-
-
Secure File Sharing with DRM: Encrypted files can include embedded Digital Rights Management (DRM) metadata within their headers. This allows for secure sharing, with the ability to control and revoke access as needed.
Use Cases
-
Data Protection at Rest: Ensure that sensitive data stored on disk remains encrypted and protected from unauthorized access.
-
Compliance and Regulatory Requirements: Meet industry standards and regulations that mandate encryption of data at rest.
-
Secure Collaboration: Safely share encrypted files with partners or remote teams, maintaining control over who can access the data.
Secure File Sharing with DRM Protection
The EaseFilter Encryption Filter Driver supports file encryption using an appended header format. This encrypted file header allows you to embed Digital Rights Management (DRM) metadata directly into the file. As a result, encrypted files can carry DRM information, enabling secure file sharing while ensuring the data remains encrypted during transit.
With this capability, you can easily build a secure file sharing solution that gives you full control over access permissions. You can grant, revoke, or set expiration for access rights at any time—even after the encrypted file has been distributed outside your organization.
A C# File Encryption Example
The SDK includes sample source code in C++ and C#, demonstrating how to implement encryption and decryption filter rules. Developers can quickly integrate these examples into their applications to establish secure file handling mechanisms.
The below C# code snippet will setup two filter rules, one filter rule for encryption, only the authorized processes can read the encrypted files. The second filter rule for decryption, only the authorized users or processes can decrypt the files.
using System;
using EaseFilter.FilterControl;
namespace AutoFileEncryption
{
class Program
{
static FilterControl filterControl = new FilterControl();
static void Main(string[] args)
{
string lastError = string.Empty;
string licenseKey = "Email us to request a trial key: [email protected]";
FilterAPI.FilterType filterType = FilterAPI.FilterType.CONTROL_FILTER
| FilterAPI.FilterType.ENCRYPTION_FILTER | FilterAPI.FilterType.PROCESS_FILTER;
int serviceThreads = 5;
int connectionTimeOut = 10; //seconds
try
{
//copy the right Dlls to the current folder.
Utils.CopyOSPlatformDependentFiles(ref lastError);
if (!filterControl.StartFilter(filterType, serviceThreads, connectionTimeOut, licenseKey, ref lastError))
{
Console.WriteLine("Start Filter Service failed with error:" + lastError);
return;
}
//setup a file filter rule for folder encryptFolder
string encryptFolder = "c:\\encryptFolder\\*";
FileFilter fileFilter = new FileFilter(encryptFolder);
//enable the encryption for the filter rule.
fileFilter.EnableEncryption = true;
//get the 256bits encryption key with the passphrase
string passPhrase = "mypassword";
fileFilter.EncryptionKey = Utils.GetKeyByPassPhrase(passPhrase, 32);
//disable the decyrption right, read the raw encrypted data for all except the authorized processes or users.
fileFilter.EnableReadEncryptedData = false;
//setup the authorized processes to decrypt the encrypted files.
string authorizedProcessesForEncryptFolder = "notepad.exe;wordpad.exe";
string[] processNames = authorizedProcessesForEncryptFolder.Split(new char[] { ';' });
if (processNames.Length > 0)
{
foreach (string processName in processNames)
{
if (processName.Trim().Length > 0)
{
//authorized the process with the read encrypted data right.
fileFilter.ProcessNameAccessRightList.Add(processName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
}
}
}
//setup the authorized users to decrypt the encrypted files.
string authorizedUsersForEncryptFolder = "domainName\\user1";
if (!string.IsNullOrEmpty(authorizedUsersForEncryptFolder) && !authorizedUsersForEncryptFolder.Equals("*"))
{
string[] userNames = authorizedUsersForEncryptFolder.Split(new char[] { ';' });
if (userNames.Length > 0)
{
foreach (string userName in userNames)
{
if (userName.Trim().Length > 0)
{
//authorized the user with the read encrypted data right.
fileFilter.userAccessRightList.Add(userName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
}
}
}
if (fileFilter.userAccessRightList.Count > 0)
{
//set black list for all other users except the white list users.
uint accessFlag = FilterAPI.ALLOW_MAX_RIGHT_ACCESS & ~(uint)FilterAPI.AccessFlag.ALLOW_READ_ENCRYPTED_FILES;
//disable the decryption right, read the raw encrypted data for all except the authorized users.
fileFilter.userAccessRightList.Add("*", accessFlag);
}
}
//add the encryption file filter rule to the filter control
filterControl.AddFilter(fileFilter);
//setup a file filter rule for folder decryptFolder
string decryptFolder = "c:\\decryptFolder\\*";
FileFilter decryptFileFilter = new FileFilter(decryptFolder);
//enable the encryption for the filter rule.
decryptFileFilter.EnableEncryption = true;
//get the 256bits encryption key with the passphrase
decryptFileFilter.EncryptionKey = Utils.GetKeyByPassPhrase(passPhrase, 32);
//don't encrypt the new created file in the folder.
decryptFileFilter.EnableEncryptNewFile = false;
//disable the decyrption right, read the raw encrypted data for all except the authorized processes or users.
decryptFileFilter.EnableReadEncryptedData = false;
//setup authorized processes to decrypt the encrypted files.
string authorizedProcessesForDecryptFolder = "notepad.exe;wordpad.exe";
processNames = authorizedProcessesForDecryptFolder.Split(new char[] { ';' });
if (processNames.Length > 0)
{
foreach (string processName in processNames)
{
if (processName.Trim().Length > 0)
{
//authorized the process with the read encrypted data right.
decryptFileFilter.ProcessNameAccessRightList.Add(processName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
}
}
}
filterControl.AddFilter(decryptFileFilter);
if (!filterControl.SendConfigSettingsToFilter(ref lastError))
{
Console.WriteLine("SendConfigSettingsToFilter failed." + lastError);
return;
}
Console.WriteLine("Start filter service succeeded.");
// Wait for the user to quit the program.
Console.WriteLine("Press 'q' to quit the sample.");
while (Console.Read() != 'q') ;
filterControl.StopFilter();
}
catch (Exception ex)
{
Console.WriteLine("Start filter service failed with error:" + ex.Message);
}
}
}
}