Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Auto encrypt/decrypt files in folder

Posted on 2014-04-01
9
Medium Priority
?
2,027 Views
Last Modified: 2014-04-06
I need some software that can monitor 2 folders and encrypt/decrypt the files inside them.

Any files in 'folder 1' should be encrypted and moved to 'folder 1 - encrypted'
Any files in 'folder 2' should be decrypted and moved to 'folder 2 - decrypted'

Does anyone have any advise on how this can be automatically be accomplished?
0
Comment
Question by:antonioking
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
9 Comments
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39971069
Try YubiKey NEO and OpenPGP, automated using a batch/bash script launched via task scheduler/cron job at a preset interval (e.g. every 5 mins).

That said, it's generally a bad idea to automate encrypt/decrypt functionality in the manner you're requesting, as such a design could defeat the purpose of encryption altogether, should your machine be compromised.

I've described the ideal approach here.  "Bob" and "Alice" describe two separate hosts, each with their own YubiKey NEO.
0
 

Author Comment

by:antonioking
ID: 39971579
I see their point, however the PC will probably have copies of the public/private key on it so regardless of an automated process, if their machine is compromised the hacker will have access to everything they need!

However, I'm planning to run this on a server, secured in a locked cabinet in a locked room with strict hardware firewall in place.

Thanks for the links! I'll have a read up.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39971635
I would say you would first need to know what the files are encrypted or decrypted with, really.  

If it is pgp (or related) you could fairly easily use gpg in a batch script as outlined. Similarly, if its s/mime, you could use OpenSSL, again in a batch file.

If you want something a bit more complex and can code in java or c# the Bouncy Castle libraries are excellent.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:antonioking
ID: 39971645
Sorry forgot to include that... it's PGP.

Regards
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 39971657
then probably the free gnupg is your best bet - GPG4WIN is a nice package bundle that will install the tool and some useful gui accessories for things like key management.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39972957
I see their point, however the PC will probably have copies of the public/private key on it so regardless of an automated process, if their machine is compromised the hacker will have access to everything they need!

Exactly.  That's why I suggested using the YubiKey NEO, rather than merely storing keys on disk, as the YubiKey (presumably) protects your private key (though why the device is connected, it could be used by an attacker with remote/physical access).  This gives you potential incident response options (e.g. disconnect the YubiKey to prevent access to the private key.)

BTW, you want to use symmetric encryption for bulk data as it's generally 1,000-10,000 times faster than asymmetric encryption.  You could however consider a hybrid approach, whereas you encrypt each file with a unique symmetric pseudorandom key.  That key is then encrypted using the asymmetric public key.  To decrypt, you simply use the asymmetric private key (stored securely on a smart card device), which reveals the symmetric key, which you then use to decrypt the data.  Should any symmetric key be compromised your exposure is limited to that single file.  

Using the ADS feature of NTFS, you could store the encrypted symmetric key in an alternate data stream associated with the primary file, for example:

symmetric_encrypted_file.bin
symmetric_encrypted_file.bin:asymmetric_encrypted_key
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39973668
@Giovanni:

  All very true, but the OP has already stated he is using the PGP standard.

  Of course, you could use alternate data streams / EFS etc to protect the keyrings on-disk, although I doubt it would be that valuable an exercise.
0
 

Author Closing Comment

by:antonioking
ID: 39973720
Gpg command line tool included with gpg4win helped me achieve what I wanted

Thank you for your help
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39973756
All very true, but the OP has already stated he is using the PGP standard.

PGP supports both symmetric and asymmetric ciphers from the command line (esp. Gpg4win)

gpg --symmetric --cipher-algo aes256 -o test.gpg test.txt
sdelete -p 7 test.txt

Open in new window


See http://www.experts-exchange.com/Security/Encryption/Q_28296267.html#a39657909
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question