EaseFilter Encryption Filter Driver (EEFD) SDK is a file encryption filter driver. The EEFD provides a comprehensive security solution to develop the transparent on-access file level encryption products. It allows you to encrypt the newly created files transparently. You can authorize the on-access encryption/decryption under the control of client-defined policy.
FIPS Compliant Encryption
The EEFD utilizes the Microsoft CNG encryption libraries with the AES algorithm. The AES Encryption algorithm (also known as the Rijndael algorithm) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a US FIPS 140-2 compliant symmetric block cipher algorithm. It has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits.
Per Process Access Restriction
The EEFD supports the per process access restriction for the on-access file encryption. You an setup the whitelist or blacklist of the processes to the encrypted files. The whitelist process can read the encrypted file to get the clear text. The blacklist process only can get the encrypted raw data. The EEFD utilizes the Isolation Mini Filter Driver technology to implement two views of the encrypted file to the process. The unauthorized process will see the encrypted data view with the raw encrypted data. The authorized processes will see the decrypted data view with the clear text.
The Encrypted File Header with DRM Embedded
The EEFD supports the encryption header with the custom digital rights management (DRM) data embedded to the encrypted file. With the custom DRM data, you can define your custom encryption access policies, it allows you to fully control the encrypted file access dynamically. You can grant, revoke or expire the encrypted file access at any time, even after the encrypted file has been sent out of your organization. You can develop the security application to implement the secure file sharing solution with the EEFD.
The CNG encryption library supports AES-NI (or the Intel Advanced Encryption Standard New Instructions; AES-NI). With the hardware-assisted support, it utilizes the hardware enhanced cryptography, it can achieve greater speeds and / or improved security than otherwise. The EEFD utilizes the AES block cipher algorithm, it allows you to encrypt or decrypt the encrypted file at any block (16 bytes). You can read the random block of the encrypted file without the whole file decryption needed. The EEFD integrates the block cipher operation in the same read or write IO, without the extra IO required. The block cipher improves the encryption or decryption performance dramatically.
An Transparent On-Access File Encryption Example
Even though you have a lot of encryption libraries in the market, but it is still very complex to develop a reliable transparent on-access file encryption product. The EEFD is a mature commercial product. It provides a complete modular framework for the developers even without the driver development experience to build the on-access file encryption software within a day.
Here is a c# on-access file encryption example to demonstrate how to use the SDK. First you need to setup an encryption folder in computer A. You can configure the authorized processes and users who can read the encrypted file. Then you can setup the decryption folder in computer B if you want to distribute the encrypted file to the computer B. In order to access the encrypted file in computer B, you need to setup the authorized processes, only the authorized processes can access the encrypted files.