Download EaseFilter Transparent Encryption SDK Setup File Download EaseFilter Transparent Encryption SDK Zip File
EaseFilter File System Encryption Filter Driver SDK provides you a comprehensive security solution to develop transparent file level encryption products, it allows you to encrypt the files on-the-fly, it can allow only authorized users or processes to access the encrypted files. Supported strong cryptographic algorithm Rijndael is a high security algorithm which was chosen by the National Institute of Standards and Technology (NIST) as the new Advanced Encryption Standard (AES), it can support key lengths 128-bits,192-bits and 256-bits.
EaseFilter File System Mini Filter Driver SDK is a mature commercial product. It provides a complete modular framework for the developers even without the driver development experience to build the filter driver within a day. The SDK includes the modules from code design to the product installation, it includes all the basic features you need to build a filter driver.
EaseFilter File System Encryption Driver is an encrypting file system, is a file system level encryption, a file based encryption. A transparent encryption filter driver will integrate the encryption or decryption in the read or write IO process in the file system level, without the extra IO it can improve your encryption performance dramatically. With the file system level auto encryption, you can prevent your sensitive data from being exposed or stolen, you can encrypt your folders/files to prevent your data breach.
EaseFilter encrypting file system is an alternative solution for Microsoft EFS. It has more features and more flexible than Microsoft EFS, it can support both user and process based encryption, it can encrypt every file with the unique encryption key, it can enbedded custom tag data into the encrypted file.
Military-grade Advanced Encryption Standard (AES) algorithm. The encryption engine uses the Advanced Encryption Standard (AES) algorithm, a symmetric block cipher chosen by the U.S. government, using keys sized at 128, 192 and 256 bits.
Block level decryption. EaseFilter File System Encryption SDK performs real-time decryption of the encrypted file in any block data with 16 bytes. If you need to read the blocks of the big encrypted file, it doesn't need to decrypt the whole file, it only needs to decrypt the block data of the encrypted file, it can improve the read performance.
AES-NI Support. EaseFilter EaseFilter File Encryption Engine utilizes the US FIPS 140-2 compliant Microsoft CNG libraries, it can support AES-NI (or the Intel Advanced Encryption Standard New Instructions; AES-NI), at an algorithm level AES-NI provides significant speedup of AES. For non-Parallel modes of AES operation (CBC encrypt), AES-NI can provide 2-3 fold gain in performance over a completely software encryption. For parallel modes of AES operation (CBC-decrypt, CTR), AES-NI can provide 10x improvement over a completely software encryption.
.
Create a unique view for every process or user. Decryption per process is the most complicated part for the on-the-fly encryption development. In Windows file system, when a file was opened, it will create a cache view in memory, it will be shared by all processes or users with following file open. So, when an authorized process opened an encrypted file, the clear data was kept in system memory cache, at this point if an unauthorized process opened this same file, it will see the clear data instead of the raw encrypted data from the cache memory. How to prevent the clear data from being accessed by unauthorized processes via the share cache view in the memory? EaseFilter EaseFilter File Encryption engine uses the isolation filter driver technology to bypass the system cache manager and create the unique cache view for every process or user, so the clear data won't be shared by different processes or users.
EaseFilter File Encryption SDK was implemented with Isolation Mini Filter Driver. An Isolation Mini Filter Driver is a Windows file system Minifilter driver that separates the view(s) of a file's data from the actual underlying data of that same file. A typical Isolation Layer Filter Driver can create two views of the access data, one is encrypted from the local storage, so your data is always encrypted in the local disk, the other one is decrypted to the authorized user, for every file open, the filter driver will create a unique memory cache, so the different users or processes won't see the same view of the data if they have different permission for the same file. When the process or the user was authorized to access the encrypted file, the filter driver will decrypt the data in memory during the read request, so the authorized process can get the clear data back, or it will get the raw encrypted data. When the encryption filter driver is turned off, the application will always get the encrypted raw data.
The well-designed EaseFilter Isolation Minifilter could allow both views, the decrypted view of the file’s contents and the encrypted view of the file’s contents, to different applications reading the file simultaneously. It can automatically decrypt data from an encrypted document when accessed by authorized application likes Microsoft Word. However, when that same encrypted document is accessed from an unauthorized application, for example a backup application, the Isolation Minifilter could provide the raw, encrypted contents of the file.
Using EaseFilter File Encryption SDK is simple with the APIs, here is a simple C# auto file encryption example implementing with EaseFilter EaseFilter File Encryption SDK as below, you can setup an encryption folder in computer A, configure the authorized processes, users who can read the encrypted file, and setup the decryption folder in computer B. You can copy the encrypted file in computer A to the decryption folder in computer B, you can authorize the processes which can read the encrypted files in the decryption folder.
The following example creates a filter rule to encrypt the file in a encryption folder, create another filter rule to decrypt the encrypted file. Only the authorized the processes and users can read the encrypted file, or other processes or users will get the raw encrypted data. You can implement the following features:
using System;
using EaseFilter.FilterControl;
namespace AutoFileEncryption
{
class Program
{
static FilterControl filterControl = new FilterControl();
static void Main(string[] args)
{
string lastError = string.Empty;
string licenseKey = "Email us to request a trial key: info@easefilter.com";
FilterAPI.FilterType filterType = FilterAPI.FilterType.CONTROL_FILTER
| FilterAPI.FilterType.ENCRYPTION_FILTER | FilterAPI.FilterType.PROCESS_FILTER;
int serviceThreads = 5;
int connectionTimeOut = 10; //seconds
try
{
//copy the right Dlls to the current folder.
Utils.CopyOSPlatformDependentFiles(ref lastError);
if (!filterControl.StartFilter(filterType, serviceThreads, connectionTimeOut, licenseKey, ref lastError))
{
Console.WriteLine("Start Filter Service failed with error:" + lastError);
return;
}
//setup a file filter rule for folder encryptFolder
string encryptFolder = "c:\\encryptFolder\\*";
FileFilter fileFilter = new FileFilter(encryptFolder);
//enable the encryption for the filter rule.
fileFilter.EnableEncryption = true;
//get the 256bits encryption key with the passphrase
string passPhrase = "mypassword";
fileFilter.EncryptionKey = Utils.GetKeyByPassPhrase(passPhrase, 32);
//disable the decyrption right, read the raw encrypted data for all except the authorized processes or users.
fileFilter.EnableReadEncryptedData = false;
//setup the authorized processes to decrypt the encrypted files.
string authorizedProcessesForEncryptFolder = "notepad.exe;wordpad.exe";
string[] processNames = authorizedProcessesForEncryptFolder.Split(new char[] { ';' });
if (processNames.Length > 0)
{
foreach (string processName in processNames)
{
if (processName.Trim().Length > 0)
{
//authorized the process with the read encrypted data right.
fileFilter.ProcessNameAccessRightList.Add(processName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
}
}
}
//setup the authorized users to decrypt the encrypted files.
string authorizedUsersForEncryptFolder = "domainName\\user1";
if (!string.IsNullOrEmpty(authorizedUsersForEncryptFolder) && !authorizedUsersForEncryptFolder.Equals("*"))
{
string[] userNames = authorizedUsersForEncryptFolder.Split(new char[] { ';' });
if (userNames.Length > 0)
{
foreach (string userName in userNames)
{
if (userName.Trim().Length > 0)
{
//authorized the user with the read encrypted data right.
fileFilter.userAccessRightList.Add(userName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
}
}
}
if (fileFilter.userAccessRightList.Count > 0)
{
//set black list for all other users except the white list users.
uint accessFlag = FilterAPI.ALLOW_MAX_RIGHT_ACCESS & ~(uint)FilterAPI.AccessFlag.ALLOW_READ_ENCRYPTED_FILES;
//disable the decryption right, read the raw encrypted data for all except the authorized users.
fileFilter.userAccessRightList.Add("*", accessFlag);
}
}
//add the encryption file filter rule to the filter control
filterControl.AddFilter(fileFilter);
//setup a file filter rule for folder decryptFolder
string decryptFolder = "c:\\decryptFolder\\*";
FileFilter decryptFileFilter = new FileFilter(decryptFolder);
//enable the encryption for the filter rule.
decryptFileFilter.EnableEncryption = true;
//get the 256bits encryption key with the passphrase
decryptFileFilter.EncryptionKey = Utils.GetKeyByPassPhrase(passPhrase, 32);
//don't encrypt the new created file in the folder.
decryptFileFilter.EnableEncryptNewFile = false;
//disable the decyrption right, read the raw encrypted data for all except the authorized processes or users.
decryptFileFilter.EnableReadEncryptedData = false;
//setup authorized processes to decrypt the encrypted files.
string authorizedProcessesForDecryptFolder = "notepad.exe;wordpad.exe";
processNames = authorizedProcessesForDecryptFolder.Split(new char[] { ';' });
if (processNames.Length > 0)
{
foreach (string processName in processNames)
{
if (processName.Trim().Length > 0)
{
//authorized the process with the read encrypted data right.
decryptFileFilter.ProcessNameAccessRightList.Add(processName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
}
}
}
filterControl.AddFilter(decryptFileFilter);
if (!filterControl.SendConfigSettingsToFilter(ref lastError))
{
Console.WriteLine("SendConfigSettingsToFilter failed." + lastError);
return;
}
Console.WriteLine("Start filter service succeeded.");
// Wait for the user to quit the program.
Console.WriteLine("Press 'q' to quit the sample.");
while (Console.Read() != 'q') ;
filterControl.StopFilter();
}
catch (Exception ex)
{
Console.WriteLine("Start filter service failed with error:" + ex.Message);
}
}
}
}