EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Eldos(OS edition) storage encryption question

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#35804
Posted: 02/02/2016 03:08:11
by hk k (Basic support level)
Joined: 02/02/2016
Posts: 2

Hi, I'm trying to make an encrypted storage, but it seems not working as expected.

Let say a ‘Program A’ created an encrypted storage and mount it. Then I thought any other processes than the "program A" should not be able to see the encrypted contents, but in fact, doesn’t work that way. For example I made the ‘repro’ repro .NET application which randomly creates an encrypted storage and writes few bytes on it. However, another process(such built-in ‘type’ command) is still able to see the content. So I’d like to know the proper API usages for that purpose.

And I also found that when the storage closes the Access Denied exception occurred. Could you please help that issue as well? I made a repro console based C# sample app. Please refer to the snippet below.

Env: Windows 10 x64
Using the latest SDK

-----


try
{
SolFSStorage.Initialize("{... your GUID...}");
}
catch (ESolFSError error)
{
throw error;
}

string m_license = "...Your Eval License...";

SolFSStorage.SetRegistrationKey(m_license);

var m_Storage = new SolFSStorage();

m_Storage.DestroyOnProcessTerminated = true;

// set encryption for the whole storage
m_Storage.StorageEncryption = SolFSEncryption.ecAES256_HMAC256;
m_Storage.StoragePassword = "testpasswd";

var dbName = System.IO.Path.GetRandomFileName();

m_Storage = new SolFSStorage(dbName, true, 4096, false, false, '\\', "");

// mount it temporarily for test purpose
// but it shows same result regardless mounting as drive or not
m_Storage.AddMountingPoint("K:");

var fileName = System.IO.Path.GetRandomFileName();

// make a random file
var fullFilePath = System.IO.Path.Combine(@"K:\", fileName);

var testString = "You should not see this message!";

// and write a dummy string into the newly created file
System.IO.File.WriteAllText(fullFilePath, testString);

// dump it from another process
Process process = new Process();
process.StartInfo.FileName = @"cmd";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.StartInfo.RedirectStandardError = true;
process.StartInfo.Arguments = "/C type " + fullFilePath; // "type K:\targetfile.ext" to see the content
process.Start();

StreamReader reader = process.StandardOutput;
string output = reader.ReadToEnd();

process.WaitForExit();

Console.WriteLine(String.Format("Encrypted Text: {0}", output));

process.Close();

// Access Denied exception occure...
m_Storage.Close();

Thanks!
#35808
Posted: 02/02/2016 04:24:08
by Alexander Plas (EldoS Corp.)

Hello

Thank you for your interest in our products.

When you mount encrypted storage with password, all data which reads and writes any process are decrypted and encrypted on the fly. If you need restrict access to mounted storage for some processes you have to use process restrictions. Please refer to the documentation:

https://www.eldos.com/documentation/so...abled.html

Most of all Access Denied exception occurs because some file on the storage is still opened. Could you please try to use Force parameter in Close method?
#35824
Posted: 02/03/2016 02:28:18
by hk k (Basic support level)
Joined: 02/02/2016
Posts: 2

Thanks for the clarification. It helped a lot.

And the Force parameter also worked successfully without error. Thank you.

Reply

Statistics

Topic viewed 2336 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!