Solved

Auto encrypt/decrypt files in folder

Posted on 2014-04-01
9
1,759 Views
Last Modified: 2014-04-06
I need some software that can monitor 2 folders and encrypt/decrypt the files inside them.

Any files in 'folder 1' should be encrypted and moved to 'folder 1 - encrypted'
Any files in 'folder 2' should be decrypted and moved to 'folder 2 - decrypted'

Does anyone have any advise on how this can be automatically be accomplished?
0
Comment
Question by:antonioking
  • 3
  • 3
  • 3
9 Comments
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39971069
Try YubiKey NEO and OpenPGP, automated using a batch/bash script launched via task scheduler/cron job at a preset interval (e.g. every 5 mins).

That said, it's generally a bad idea to automate encrypt/decrypt functionality in the manner you're requesting, as such a design could defeat the purpose of encryption altogether, should your machine be compromised.

I've described the ideal approach here.  "Bob" and "Alice" describe two separate hosts, each with their own YubiKey NEO.
0
 

Author Comment

by:antonioking
ID: 39971579
I see their point, however the PC will probably have copies of the public/private key on it so regardless of an automated process, if their machine is compromised the hacker will have access to everything they need!

However, I'm planning to run this on a server, secured in a locked cabinet in a locked room with strict hardware firewall in place.

Thanks for the links! I'll have a read up.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39971635
I would say you would first need to know what the files are encrypted or decrypted with, really.  

If it is pgp (or related) you could fairly easily use gpg in a batch script as outlined. Similarly, if its s/mime, you could use OpenSSL, again in a batch file.

If you want something a bit more complex and can code in java or c# the Bouncy Castle libraries are excellent.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:antonioking
ID: 39971645
Sorry forgot to include that... it's PGP.

Regards
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 39971657
then probably the free gnupg is your best bet - GPG4WIN is a nice package bundle that will install the tool and some useful gui accessories for things like key management.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39972957
I see their point, however the PC will probably have copies of the public/private key on it so regardless of an automated process, if their machine is compromised the hacker will have access to everything they need!

Exactly.  That's why I suggested using the YubiKey NEO, rather than merely storing keys on disk, as the YubiKey (presumably) protects your private key (though why the device is connected, it could be used by an attacker with remote/physical access).  This gives you potential incident response options (e.g. disconnect the YubiKey to prevent access to the private key.)

BTW, you want to use symmetric encryption for bulk data as it's generally 1,000-10,000 times faster than asymmetric encryption.  You could however consider a hybrid approach, whereas you encrypt each file with a unique symmetric pseudorandom key.  That key is then encrypted using the asymmetric public key.  To decrypt, you simply use the asymmetric private key (stored securely on a smart card device), which reveals the symmetric key, which you then use to decrypt the data.  Should any symmetric key be compromised your exposure is limited to that single file.  

Using the ADS feature of NTFS, you could store the encrypted symmetric key in an alternate data stream associated with the primary file, for example:

symmetric_encrypted_file.bin
symmetric_encrypted_file.bin:asymmetric_encrypted_key
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39973668
@Giovanni:

  All very true, but the OP has already stated he is using the PGP standard.

  Of course, you could use alternate data streams / EFS etc to protect the keyrings on-disk, although I doubt it would be that valuable an exercise.
0
 

Author Closing Comment

by:antonioking
ID: 39973720
Gpg command line tool included with gpg4win helped me achieve what I wanted

Thank you for your help
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39973756
All very true, but the OP has already stated he is using the PGP standard.

PGP supports both symmetric and asymmetric ciphers from the command line (esp. Gpg4win)

gpg --symmetric --cipher-algo aes256 -o test.gpg test.txt
sdelete -p 7 test.txt

Open in new window


See http://www.experts-exchange.com/Security/Encryption/Q_28296267.html#a39657909
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question