Solved

Auto encrypt/decrypt files in folder

Posted on 2014-04-01
9
1,724 Views
Last Modified: 2014-04-06
I need some software that can monitor 2 folders and encrypt/decrypt the files inside them.

Any files in 'folder 1' should be encrypted and moved to 'folder 1 - encrypted'
Any files in 'folder 2' should be decrypted and moved to 'folder 2 - decrypted'

Does anyone have any advise on how this can be automatically be accomplished?
0
Comment
Question by:antonioking
  • 3
  • 3
  • 3
9 Comments
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39971069
Try YubiKey NEO and OpenPGP, automated using a batch/bash script launched via task scheduler/cron job at a preset interval (e.g. every 5 mins).

That said, it's generally a bad idea to automate encrypt/decrypt functionality in the manner you're requesting, as such a design could defeat the purpose of encryption altogether, should your machine be compromised.

I've described the ideal approach here.  "Bob" and "Alice" describe two separate hosts, each with their own YubiKey NEO.
0
 

Author Comment

by:antonioking
ID: 39971579
I see their point, however the PC will probably have copies of the public/private key on it so regardless of an automated process, if their machine is compromised the hacker will have access to everything they need!

However, I'm planning to run this on a server, secured in a locked cabinet in a locked room with strict hardware firewall in place.

Thanks for the links! I'll have a read up.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39971635
I would say you would first need to know what the files are encrypted or decrypted with, really.  

If it is pgp (or related) you could fairly easily use gpg in a batch script as outlined. Similarly, if its s/mime, you could use OpenSSL, again in a batch file.

If you want something a bit more complex and can code in java or c# the Bouncy Castle libraries are excellent.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:antonioking
ID: 39971645
Sorry forgot to include that... it's PGP.

Regards
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 39971657
then probably the free gnupg is your best bet - GPG4WIN is a nice package bundle that will install the tool and some useful gui accessories for things like key management.
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39972957
I see their point, however the PC will probably have copies of the public/private key on it so regardless of an automated process, if their machine is compromised the hacker will have access to everything they need!

Exactly.  That's why I suggested using the YubiKey NEO, rather than merely storing keys on disk, as the YubiKey (presumably) protects your private key (though why the device is connected, it could be used by an attacker with remote/physical access).  This gives you potential incident response options (e.g. disconnect the YubiKey to prevent access to the private key.)

BTW, you want to use symmetric encryption for bulk data as it's generally 1,000-10,000 times faster than asymmetric encryption.  You could however consider a hybrid approach, whereas you encrypt each file with a unique symmetric pseudorandom key.  That key is then encrypted using the asymmetric public key.  To decrypt, you simply use the asymmetric private key (stored securely on a smart card device), which reveals the symmetric key, which you then use to decrypt the data.  Should any symmetric key be compromised your exposure is limited to that single file.  

Using the ADS feature of NTFS, you could store the encrypted symmetric key in an alternate data stream associated with the primary file, for example:

symmetric_encrypted_file.bin
symmetric_encrypted_file.bin:asymmetric_encrypted_key
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39973668
@Giovanni:

  All very true, but the OP has already stated he is using the PGP standard.

  Of course, you could use alternate data streams / EFS etc to protect the keyrings on-disk, although I doubt it would be that valuable an exercise.
0
 

Author Closing Comment

by:antonioking
ID: 39973720
Gpg command line tool included with gpg4win helped me achieve what I wanted

Thank you for your help
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39973756
All very true, but the OP has already stated he is using the PGP standard.

PGP supports both symmetric and asymmetric ciphers from the command line (esp. Gpg4win)

gpg --symmetric --cipher-algo aes256 -o test.gpg test.txt
sdelete -p 7 test.txt

Open in new window


See http://www.experts-exchange.com/Security/Encryption/Q_28296267.html#a39657909
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Best commercial file sharing services 4 52
Linking files on One Drive 2 62
Encrypted Laptop running Linux 3 123
Need to open a hard disk on a Mac 16 128
By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question