Solved

Auto encrypt/decrypt files in folder

Posted on 2014-04-01
9
1,628 Views
Last Modified: 2014-04-06
I need some software that can monitor 2 folders and encrypt/decrypt the files inside them.

Any files in 'folder 1' should be encrypted and moved to 'folder 1 - encrypted'
Any files in 'folder 2' should be decrypted and moved to 'folder 2 - decrypted'

Does anyone have any advise on how this can be automatically be accomplished?
0
Comment
Question by:antonioking
  • 3
  • 3
  • 3
9 Comments
 
LVL 14

Expert Comment

by:Giovanni Heward
Comment Utility
Try YubiKey NEO and OpenPGP, automated using a batch/bash script launched via task scheduler/cron job at a preset interval (e.g. every 5 mins).

That said, it's generally a bad idea to automate encrypt/decrypt functionality in the manner you're requesting, as such a design could defeat the purpose of encryption altogether, should your machine be compromised.

I've described the ideal approach here.  "Bob" and "Alice" describe two separate hosts, each with their own YubiKey NEO.
0
 

Author Comment

by:antonioking
Comment Utility
I see their point, however the PC will probably have copies of the public/private key on it so regardless of an automated process, if their machine is compromised the hacker will have access to everything they need!

However, I'm planning to run this on a server, secured in a locked cabinet in a locked room with strict hardware firewall in place.

Thanks for the links! I'll have a read up.
0
 
LVL 33

Expert Comment

by:Dave Howe
Comment Utility
I would say you would first need to know what the files are encrypted or decrypted with, really.  

If it is pgp (or related) you could fairly easily use gpg in a batch script as outlined. Similarly, if its s/mime, you could use OpenSSL, again in a batch file.

If you want something a bit more complex and can code in java or c# the Bouncy Castle libraries are excellent.
0
 

Author Comment

by:antonioking
Comment Utility
Sorry forgot to include that... it's PGP.

Regards
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
Comment Utility
then probably the free gnupg is your best bet - GPG4WIN is a nice package bundle that will install the tool and some useful gui accessories for things like key management.
0
 
LVL 14

Expert Comment

by:Giovanni Heward
Comment Utility
I see their point, however the PC will probably have copies of the public/private key on it so regardless of an automated process, if their machine is compromised the hacker will have access to everything they need!

Exactly.  That's why I suggested using the YubiKey NEO, rather than merely storing keys on disk, as the YubiKey (presumably) protects your private key (though why the device is connected, it could be used by an attacker with remote/physical access).  This gives you potential incident response options (e.g. disconnect the YubiKey to prevent access to the private key.)

BTW, you want to use symmetric encryption for bulk data as it's generally 1,000-10,000 times faster than asymmetric encryption.  You could however consider a hybrid approach, whereas you encrypt each file with a unique symmetric pseudorandom key.  That key is then encrypted using the asymmetric public key.  To decrypt, you simply use the asymmetric private key (stored securely on a smart card device), which reveals the symmetric key, which you then use to decrypt the data.  Should any symmetric key be compromised your exposure is limited to that single file.  

Using the ADS feature of NTFS, you could store the encrypted symmetric key in an alternate data stream associated with the primary file, for example:

symmetric_encrypted_file.bin
symmetric_encrypted_file.bin:asymmetric_encrypted_key
0
 
LVL 33

Expert Comment

by:Dave Howe
Comment Utility
@Giovanni:

  All very true, but the OP has already stated he is using the PGP standard.

  Of course, you could use alternate data streams / EFS etc to protect the keyrings on-disk, although I doubt it would be that valuable an exercise.
0
 

Author Closing Comment

by:antonioking
Comment Utility
Gpg command line tool included with gpg4win helped me achieve what I wanted

Thank you for your help
0
 
LVL 14

Expert Comment

by:Giovanni Heward
Comment Utility
All very true, but the OP has already stated he is using the PGP standard.

PGP supports both symmetric and asymmetric ciphers from the command line (esp. Gpg4win)

gpg --symmetric --cipher-algo aes256 -o test.gpg test.txt
sdelete -p 7 test.txt

Open in new window


See http://www.experts-exchange.com/Security/Encryption/Q_28296267.html#a39657909
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

In this era, as you know, cybercrime and other sorts of frauds using the internet has increased day by day. We should protect our information assets and confidential information from getting exploiting by the attacker or intruders. Most of the fraud…
Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now