Auto encrypt/decrypt files in folder

I need some software that can monitor 2 folders and encrypt/decrypt the files inside them.

Any files in 'folder 1' should be encrypted and moved to 'folder 1 - encrypted'
Any files in 'folder 2' should be decrypted and moved to 'folder 2 - decrypted'

Does anyone have any advise on how this can be automatically be accomplished?
antoniokingAsked:
Who is Participating?
 
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:
then probably the free gnupg is your best bet - GPG4WIN is a nice package bundle that will install the tool and some useful gui accessories for things like key management.
0
 
Giovanni HewardCommented:
Try YubiKey NEO and OpenPGP, automated using a batch/bash script launched via task scheduler/cron job at a preset interval (e.g. every 5 mins).

That said, it's generally a bad idea to automate encrypt/decrypt functionality in the manner you're requesting, as such a design could defeat the purpose of encryption altogether, should your machine be compromised.

I've described the ideal approach here.  "Bob" and "Alice" describe two separate hosts, each with their own YubiKey NEO.
0
 
antoniokingAuthor Commented:
I see their point, however the PC will probably have copies of the public/private key on it so regardless of an automated process, if their machine is compromised the hacker will have access to everything they need!

However, I'm planning to run this on a server, secured in a locked cabinet in a locked room with strict hardware firewall in place.

Thanks for the links! I'll have a read up.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Dave HoweSoftware and Hardware EngineerCommented:
I would say you would first need to know what the files are encrypted or decrypted with, really.  

If it is pgp (or related) you could fairly easily use gpg in a batch script as outlined. Similarly, if its s/mime, you could use OpenSSL, again in a batch file.

If you want something a bit more complex and can code in java or c# the Bouncy Castle libraries are excellent.
0
 
antoniokingAuthor Commented:
Sorry forgot to include that... it's PGP.

Regards
0
 
Giovanni HewardCommented:
I see their point, however the PC will probably have copies of the public/private key on it so regardless of an automated process, if their machine is compromised the hacker will have access to everything they need!

Exactly.  That's why I suggested using the YubiKey NEO, rather than merely storing keys on disk, as the YubiKey (presumably) protects your private key (though why the device is connected, it could be used by an attacker with remote/physical access).  This gives you potential incident response options (e.g. disconnect the YubiKey to prevent access to the private key.)

BTW, you want to use symmetric encryption for bulk data as it's generally 1,000-10,000 times faster than asymmetric encryption.  You could however consider a hybrid approach, whereas you encrypt each file with a unique symmetric pseudorandom key.  That key is then encrypted using the asymmetric public key.  To decrypt, you simply use the asymmetric private key (stored securely on a smart card device), which reveals the symmetric key, which you then use to decrypt the data.  Should any symmetric key be compromised your exposure is limited to that single file.  

Using the ADS feature of NTFS, you could store the encrypted symmetric key in an alternate data stream associated with the primary file, for example:

symmetric_encrypted_file.bin
symmetric_encrypted_file.bin:asymmetric_encrypted_key
0
 
Dave HoweSoftware and Hardware EngineerCommented:
@Giovanni:

  All very true, but the OP has already stated he is using the PGP standard.

  Of course, you could use alternate data streams / EFS etc to protect the keyrings on-disk, although I doubt it would be that valuable an exercise.
0
 
antoniokingAuthor Commented:
Gpg command line tool included with gpg4win helped me achieve what I wanted

Thank you for your help
0
 
Giovanni HewardCommented:
All very true, but the OP has already stated he is using the PGP standard.

PGP supports both symmetric and asymmetric ciphers from the command line (esp. Gpg4win)

gpg --symmetric --cipher-algo aes256 -o test.gpg test.txt
sdelete -p 7 test.txt

Open in new window


See http://www.experts-exchange.com/Security/Encryption/Q_28296267.html#a39657909
0
All Courses

From novice to tech pro — start learning today.