Decryption of a swf encrypt encrypted file

Similar Messages

• EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

  This is for information to help others
  KEYWORDS:
    - Sharing EFS encrypted files over a personal lan wlan wifi ap network
    - Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
    - transfer encryption keys / certificates
    - set trusted delegation for user + computer for EFS encrypted files via
  Kerberos
    - Windows Active Directory vs network file share
    - Setting up WinDAV server on Windows 7 Pro / Ultimate
  It has been a long painful road to discover this information.
  I hope sharing it helps you.
  Using EFS on Windows 7 pro / ultimate is easy and works great. See
  here and
  here
  So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
  HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
  won't work (unless you follow below steps).
  Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
  Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
  Why such a EFS drama when a network is involved?
  Assume a home peer-to-peer network with 2pc:  \\fileserver  and  \\clientpc
  When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
  another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
  (on behalf of the clienpc's data request).
  This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
  file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
  Solutions
  There are two main approaches to solve this:
       1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
            EFS operations occur on the computer storing the files.
            EFS files are decrypted then transmitted in plaintext to the client's computer
            This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
       2) SOLVE by setting up WebDAV (efs files accessed through web folders)
             EFS operations occur on the client's local computer
             EFS files remain encrypted during transmission to the client's local computer where it is decrypted
             This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
             BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
           READ BELOW as this does
  Create new encrypted file / folder on a network file share - via Active Directory
  It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
  here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
  and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
  Although this info is NOT for setting up EFS on an active directory domain [server],
  for those interested here is the gist:
  Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
  account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
  EFS.
  NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
  Create new encrypted file / folder on a network file share - via WebDAV
  For home users it is possible to make it all work.
  Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
  Setting up a wifi AP (for those less technical):
     a) START ... CMD
     b) type (no quotes): "netsh  wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
     c) type (no quotes): "netsh  wlan start hostednetwork"
  Set up a WebDAV server on Windows 7 Pro / Ultimate
  -----ON THE FILESERVER------
     1  click START and type "Turn Windows Features On or Off" and open the link
         a) scroll down to "Internet Information Services" and expand it.
         b) put a tick in: "Web Management Tools" \ "IIS Management Console"
         c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
         d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
         e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
         f) click ok
         g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
  KB892211 here ONLY for XP + Server 2003 (made in 2005)
  KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
    2 Click START and type "Internet Information Services (IIS) Manager"
    3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Enable WebDAV"
    4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
         a) on the "Anonymous Authentication" and click "Disable"
         b) on the "Windows Authentication" and click "Enable"
        NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
          It can be by changing registry key:
             [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
             BasicAuthLevel=2
         c) on the "Windows Authentication" click "Advanced Settings"
             set Extended Protection to "Required"
         NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
    5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Add Allow Rule"
         b) set this to "all users". This will control who can view the "Default Site" through a web browser
         NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
  clientpc.
         NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
    6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
         a) on the right side, under Actions, click "Enable"
  HOTFIX - double escaping
    7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
         a) on the right side, under Actions, click "Edit Feature Settings"
         b) tick the box "Allow double escaping"
       *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
       These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
       This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
  file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
    8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
         a) set the Alias to something sensible eg "D_Drive", set the physical path
         b) it is essential you click "connect as" and set
  this to a local user (on fileserver),
         if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
               NB: the user account selected here must have the required EFS certificates installed.
                          See
  here and
  here
          NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
        This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
         The work around is on the \\fileserver create an NTFS symbollic link
            e.g. to share the entire contents of "D:\",
                  on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
                  in cmd in this folder create an NTFS symbolic link to "D:\"
                  so in cmd type "cd c:\inetpub\wwwroot"
                  then in cmd type "mklink /D D_Drive D:\"
          NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
           NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
  clientpc
    9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
         a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
         b) if some exist review existing allow or deny.
             Take care to not only review the "allow access to" settings
             but also review "permissions" (read/write/source)
         NB: this can be set here for all added virtual directories, or can be set under each virtual directory
    10 Open your firewall software and/or your router. Make an exception for port 80 and 443
         a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
               choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
            NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
  below, specifically "Cant find server due to network location"
         b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
  HOTFIX - MAJOR ISSUE - fix KB959439
    11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
        a) On Windows 7 you need only change one tiny registry value:
             - click START, type "regedit", open link
             -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
             -on the EDIT menu click NEW, then click DWORD Value
             -Type "DisableEFSOnWebDav" to name it (no speech marks)
             -on the EDIT menu, click MODIFY, type 1, then click OK 
             -You MUST now restart this computer for the registry change to take effect.
        b) On Windows Server 2008 / Vista / XP you'll FIRST need to
  download Windows6.0-KB959439 here. Then do the above step.
           NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
    12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
              It should show the default "IIS7" image.
              If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"           
          c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
                  e.g. http://localhost/D_drive
              If nothing is listed, check "Directory Browsing" is enabled
    13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
                eg if your server's computer name is "fileserver" go to "http://fileserver:80"
                It should show the default "IIS7" image. If not, check firewall and port blocking. 
                Any issue ie if (12) works but (13) doesn't,  will indicate a possible firewall issue or router port blocking issue.
         c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
                 eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
                 A directory listing of files should appear.
  --- ON EACH CLIENT ----
  HOTFIX - improve upload + download speeds
    14 Click START and type "Internet Options" and open the link
          a) click the "Connections" tab at the top
          b) click the "LAN Settings" button at the bottom right
          c) untick "Automatically detect settings"
  HOTFIX - remove 50mb file limit
    15 On Windows 7 you need only change one tiny registry value:
        a) click START, type "regedit", open link
        b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
         c) click on "FileSizeLimitInBytes"
         d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
  HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
   16 On each clientpc click START, type "Internet Options" and open it
           a) click on "Security" (top) and then "Custom level" (bottom)
           b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
           SUCH an easy fix. SUCH an annoying problem on a clientpc
     NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
  explorer.
  TEST SETUP
    17 On the client use the normal "map network drive"
              e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
              e.g. CMD: net use * "http://fileserver:80/C_drive"
           If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
  "manage network passwords") has NTFS permissions.
    18 Test that EFS is now working over the network
         a) On a clientpc, map network drive to http://fileserver/
         b) navigate to a folder you know on the \\flieserver is encrypted with EFS
         c) create a new folder, create a new file.
             IF it throws an error, check carefully you mapped to the WebDAV and not file share
                i.e. mapped to "http://fileserver" not "\\fileserver"
             Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
  account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
         d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
         e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
  clientpc decrypted it then copied it).
          If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
          If this is not readable check step (11) and that you restarted the \\fileserver computer.
    19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
        a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
              If a prompt for user+pass then check hotfix (16)
    20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
        a) see the last comment at the very bottom of
  this page: 
  Points to consider:
     - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
  either.
    - CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
  MORE INFO: HOTFIX: RAW DATA TRANSFERS
  More info on step (11) above.
  Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
  it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
  Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
  Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
  Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
  file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
  There is a fix:
        It is implimented above, see (11) above
        Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
  Other problems + fixes
    PROBLEM: Can't find server due to network location.
       This one took me a long time to track down to "network location".
       Win 7 uses network locations "Home" / "Work" / "Public".
       If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
       This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
       FIX = either set IP address manually and specify a gateway
       FIX = or  force "unidentified" network locations to assume "home" or "work" settings -
  read here or
  here
       FIX = or  change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
  login to gain file access.
    PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
         By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
        Read
  here (i've posted a batch script to automatically make the required reg files)
  I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

  What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

• Reading encrypted file using file adapter...

  Is it possible to read and write encrypted file using file adapter or if the file adapter is capable to encryption and decryption?

  what is the soa version you are currently running?

• Windows 7 problem with EFS (Encrypting file system)

  Hello colleagues!
  I think this topic is related more to the security.
  The problem is a bit unusual and google doesn't give me a clear answers, but maybe anyone came across
  with similar problem...
  In general, I suspect that my problem is EFS (Encrypting file system), ie
  service that automatically encrypts files using a digital signature (certificate).
  A little background:
  - On the work PC it was necessary to reinstall
  the system, according to corporate rules all the content we have is encrypted using EFS (Encrypted files are highlighted with green color as you know).
  I have copied all the data on a portable drive and also copied the certificates (certmgr.msc).
  The system was reinstalled. The only change - it was x32 and became x64.
  - It was necessary to free up some space on the hard drive (the file
  system on it is NTFS), so,  I temporary copied all the files on my home PC. My work certificate was installed on it too, because
  I work from home
  sometimes.
  When the  work PC was repaired, I've moved all the files back in
  the same way (ie on the portable HDD, then to the work PC).
  All files were working, but when I needed MS Word documents, it became clear that something was wrong.
  When I've opened the document, it gaveme a window with weird symbols and prompts me to select the encoding ... of course -
  no encoding was fit.
  Started to explore all the documents, it appears that some part of them were working,
  someof them not - all the old documents were working, ie the ones, which
  were created before deploying EFS (newly created or copied files immediately encrypted).
  So, now I am sure that the
  documents were somehow re-encrypted, at least on a portable hard drive, they do not look as encrypted (not highlighted in green), but it's still not open.
  Completely stopped opening all the documents that have
  been encrypted (for all types of files, ie it is not just an MS Word, but also pdf, presentations, charts, and even the pictures).
  Tell me, who faced similar?
  How can it all back? I have no possibility to restore those documents from another sources.

  Try copy those corrupted files and make sure you are using the same certificate and then re-encrypt the copied files and try decrypt them.
  If possible, use the same account as you used for encryption.

• Viewing encrypted Files in ISDK based AutoVue Integration.

  Dear All,
  We have developed an Integration based on Oracle AV ISDK.
  We have a query from one of our customer as: if he checks in the files which is encrypted can he directly view it in AutoVue Applet  (means does AV server will understand that its encrypted file and needs decryption)?
  As per our understanding AV server needs to be informed about encryption used for Data Protection. But we could'nt find any details on this in AV server security guide.
  Does this has anything to do with ESAPI.properties file?
  Please guide us in this direction and share some pointers where we can look ahead.
  Many Thanks!
  Best Regards,
  Prashant

  ESAPI is for security, not for encyption
  Decrypting a file requires a key and code that will enable it, AutoVue does not decrypt documents that requires specific support from your side

• How to share EFS encrypted files over a network (\\workstation\c$\encrypted-file.txt)

  Hello,
  we decided to theft-protect our workstations by using EFS encryption on some important documents and directories.
  Just to be sure: I hope that data will not be readable in the case that someone physically gains access to the disk or computer with encrypted data and does not know user's name & password to log in or does not have the right encryption certificate with
  private key. Please correct me, if I'm wrong.
  All workstations are Windows 7 Professional joined to the domain controlled by Windows 2008R2 DC. We are a bit lazy, so we have generated a local, self-signed EFS certificate on a single workstation and installed this (the same) certificate on all workstations.
  Now, we are able to share EFS encrypted files for example via a NTFS formatted flash drive.
  Later, we have setup a Certificate authority (we can potentially issue new EFS personal, domain-based certificates that are published in AD), and established DRA as well (published DRA via a Group Policy).
  All logged-in users have the same (non-domain) certificate installed in their "My User Account" certificate store, cipher /y command shows the same thumbprint value.
  However, we would like to be able access files remotely, in a "lazy" way using an administrative share like
  \\workstation\c$\users\bob\document.txt. We all are Domain Admins, so NTFS and SMB privileges should be OK, unencrypted files are accessible OK.
  I have tried to issue a new certificates via the Cert Authority, putting them into "Trusted People" container etc., adding them to the "Users who can access this file:" list on the encrypted file and nothing worked.
  So is it possible to share EFS encrypted files over a workstation's share (i.e.
  \\workstation\something)?
  What should I do to get it working? :-)
  Thank you for any ideas.
  Jan

  OK, I understand that. However, I have read this article
  Using Encryption File System (Technet)
  and there is stated "Remote EFS operations on files stored on network file shares are possible in Windows 2000 or later domain environments only. Domain users can remotely encrypt or decrypt files,
  but this capability is not enabled by default"
  There are notes about computer trust etc., so I am seeking for someone who would help me a little bit with this.
  Just imagine the simplest possible "single-user" case: there are two Win7 computers A, B joined into the domain and just single user BOB. Bob uses those two computers and need to access own documents like
  \\A\DocumentsA or
  \\B\DocumentsB. Standard setup - folder sharing: everything is working fine, share and NTFS permissions are set up, BOB can work with his own "remote" documents from both computers (\\A\DocumentsA from computer B and
  vice versa).
  BOB decides to encrypt his documents. So BOB logs in computer A, starts "Manage file encryption certificates Wizard", gets an EFS Certificate from CA and encrypts his c:\Documents (shared as
  \\A\DocumentsA). I assume the EFS certificate is stored on computer A in BOB's local profile, therefore I ask:
  Now, BOB moves to the computer B and logs on.
  Q1: Will be \\A\DocumentsA accessible for BOB from B?
  Q2: If not, what should do now? Should I do something in AD for computer accounts (A and/or B) ?
  Thank you.

• Hi,guys,I recommend a SWF Encrypt Tools (DoSWF)to you that developed myself.

  hi,guys,I recommend a SWF Encrypt Tools to you that developed myself.  You can have a try ,it may help you to solve some problems.
  DoSWF is a professional encryption tool for Adobe Flash SWF and SWC files. Protect your actionscript and all assets, such as image, sound, movie etc. Defend current all Flash decompilers, make your Flash more secure! The key functions of DoSWF as following:
  Encrypt Adobe Flash SWF and SWC files.
  Obfuscate Actionscript Code.
  Domain Lock and SWF File Lock
  Same Methods and Class
  Add Watermark
  Flash Project(web game, SNS game) with multiple SWF Files Support

  hi,guys,I recommend a SWF Encrypt Tools to you that developed myself.  You can have a try ,it may help you to solve some problems.
  DoSWF is a professional encryption tool for Adobe Flash SWF and SWC files. Protect your actionscript and all assets, such as image, sound, movie etc. Defend current all Flash decompilers, make your Flash more secure! The key functions of DoSWF as following:
  Encrypt Adobe Flash SWF and SWC files.
  Obfuscate Actionscript Code.
  Domain Lock and SWF File Lock
  Same Methods and Class
  Add Watermark
  Flash Project(web game, SNS game) with multiple SWF Files Support

• Open encrypted file

  Hello guys. This question may have been asked, but I couldn't find the right thread. So, here it goes.
  I have an encrypted (using blowfish encryption algorithm) binary text file that I want to only be opened using my labview app. 
  This text file will be open to the public so anyone who has this app can open and use the text file. 
  So far:
  1. I generate a unique password and I encrypt the text file with this password.
  2. I then ENCODE this password using the yEnc encoding algorithm.
  3. I then store this encoded password inside (at the beginning of the encrypted text file and END the password with a CR).
  4. When the app reads this file it reads the first line of the encrypted text (looking for the CR as the termination character).
  5. I then DECODE that first line (to extract the original password), and use this password to DECRYPT the rest of the text file.
  The reason I am approching it this way is because this app generates 2 types of text files. 
  a. A personal encrypted text file which only the specific user of the app (with his/her username and password) can read/use it.
  b. A public encrypted text file which ANY user using this app only can read it (as explained on the text above).
  Is there an easier way of dealing with the above problem? Any suggestions are appriciated.
  Thanks 
  Kas

  What about a zip file because you can just zip the file with a password.
  So I take my text file (and any other files) zip it using the OpenG zip utility (because it supports passwords).  Without knowing more details about how you want users to be restricted, I'm not sure how to help.  What exactly are you trying to accomplish and how should the system lockout users?  
  Depending on your needs you could just use some kind of Windows security that blocks access from certain users.
  Unofficial Forum Rules and Guidelines - Hooovahh - LabVIEW Overlord
  If 10 out of 10 experts in any field say something is bad, you should probably take their opinion seriously.

• Encrypting file folders on OS X Server but needs to be cross plateform

  We have OS X server 10.4 and 10.5. We have been asked by our client to implement some demanding security policies. One is to have our files encrypted on our file server for more sensitive files. This is in case there is a breach in the network and access is gained to the server the data is still secure. Well we work in a mix platform environment but there are very few options on the Mac for encyrpting folders that aslo work on the PC. PGP desktop looks to be the only option but from some of the reviews looks kinda buggy and there network version is only for the PC.
  Anyone else run into this problem and what was your solution?
  Thanks!
  Steve
  Message was edited by: Steve Burns1

  This is certainly an interesting problem and an interesting requirement. On the face of it, a quite difficult problem.
  As for your requested approach here, I don't know of an available and cross-platform distributed authentication and distributed encryption and distributed auditing scheme.
  I'd expect most folks presented with this problem and with this requirement would carefully control access onto the LAN and into the data, and would encrypt the traffic. And would bury the data inside a secured server or secured server farm.
  There's a particular and fundamental consideration here. If the client or the server security is breached, then folder or file encryption is itself vulnerable each and every time the folder or file contents are decrypted for use. (It's the system that allows you to decrypt and access the folder and file data. If you don't trust the client or the server, then you'll have to consider whether or not you trust providing your key(s) for decryption. And what happens when a user's key is exposed.)
  With cross-platform or client-server remote file access operations as proposed in your approach, you've just extended the security perimeter around all the boxes involved, and it's wicked hard to revoke the data access keys in these sorts of environments.
  Most folks will "bunker" the critical data, rather than spreading the perimeter around, and will manage and maintain and audit the (encrypted) channels into the data. More copies of the data -- whether currently encrypted or otherwise -- means more headaches. Keeping the data close and being able to remotely revoke the access keys is invaluable.
  As for remote access, you might find an encrypting or kerberized NFS (krb5p being the gonzo setting) useful. This encrypts the traffic. And you can zonk the access keys via the KDC.
  ZFS (and encryption is itself just starting to be being baked into ZFS) is just starting to come on-line, and likely isn't fully and sufficiently widely available for your needs yet. ZFS might eventually provide what you want here. But again, auditing client access is hairy. It only takes one bone-headed clear-text data export from one client, or one compromised client or lost password, after all.
  Or the classic pgp or zip can be used to toss the files around, and with varying degrees of cryptographic security. Of course everybody ends up with the keys to the kingdom pretty quickly, with the difficulties in auditing and revoking data access that are inherent in distributed access, and one compromised client or one lost laptop can potentially ruin the whole plan.
  A custom solution build on NFS or such is very likely feasible, but it won't be cheap. You'd likely need to insert your own network-capable "disk" drivers into the Windows I/O stack, for instance. (This has been done before...)
  Don't forget to consider password recovery, too. Both to permit it or to have a carefully controlled "back-door" into the data (which has its own risks), and to avoid the social engineering attacks that can arise here.
  (I'd be interested to hear more about this and whatever solution you might eventually choose here, too. This looks to be a very knotty problem.)
  And OK, so I'm over-thinking it all.

• Encrypt files

  I have been tasked with encrypting files before uploading them to an ftp server.Are there any free java libraries available for encryption all file types(text,pdf,image,excel...).I need to encrypt the whole file not just the file name.
  Thanks in advance

  The easy way: (don't require you to know anything, only how to protect a file with the correct operating system permissions):
  You can try running an external program like the OpenSSL utility and write basically no code (just call scripts). You can download the source from http://www.openssl.org and compile it (requires a C compiler, like gcc or Microsoft Visual C++, and Perl 5.6), or try to find a compiled version. It compiles in almost every known operating system that has a C compiler.
  For symmetrical encryption:
  For instance, say that you have the file "test.doc" and you must encrypt it to "test.doc.enc" using the password "you're hacked". The algorithm to be used is AES, 128 bits, CBC mode, and the password is contained in a file named password.txt.
  To encrypt:
  openssl enc -in test.doc -out test.doc.enc -e -aes-128-cbc -pass file:password.txt
  To decrypt:
  openssl enc -in test.doc.enc -out test.doc -d -aes-128-cbc -pass file:password.txt
  For asymmetrical encryption, the job is somewhat more complicated (requires you to generate a certificate), and you use the option "smime" from the openssl tool. But when you get the parameters right it is almost as easy as the openssl enc command given above.

• How to encrypt file on linux using Gnupg command in Java Embedding in BPEL.

  Hi All,
  I am trying to invoke a command script using the java embedding in BPEL Process.I am using the below code to execute the particular command to encrypt the file :-
  try {    
          Runtime rt = Runtime.getRuntime();    
  Process pr = rt.exec(new String[] {"/bin/bash", "-c", "/u01/GnuPG/bin/gpg", "-e", "-r", "Developer","/u01/oracle/ConfigFiles/Adapter_controlDir/abc.csv"});    
           int exitVal = pr.waitFor();            
          String result = "SUCCESS: Process exit with " + exitVal;         
          addAuditTrailEntry("result = "+result);      
          setVariableData("outputVariable","payload","/client:processResponse/client:result",result);    
  } catch(Exception e) {    
          e.printStackTrace();      
    String result = "FAILURE: Exception with " + e.toString();    
          addAuditTrailEntry("result = "+result);      
          setVariableData("outputVariable","payload","/client:processResponse/client:result",result);    
  The above statement does nothing. I am not sure what command i need to use to access to the command line.
  When i try this particular statement from linux machine command prompt :- /u01/GnuPG/bin/gpg -e  -r  Developer /u01/oracle/ConfigFiles/Adapter_controlDir/abc.csv
  It works absolutely fine and it creates the encrypted files also.
  Please suggest , which command i need to use from the java embedding.
  Please suggest!!
  Regards,
  Shah

  I think, you can try, writing these commands into a separate shell script and call that shell script from bpel via Java embedding. However, you might not get a return response.. but you can still give a shot.
  Hope it helps.

• HT1338 I cannot open encrypted files/folders on my back up disc.

  Hi, I created an encrypted disc, with disc utility. It is a .sparseimage type file, 128 encryption, password protected. I can open it on my Mac no problem, I took the password off the keychain (as advised) and if I try to open the disc (which I placed in "Documents") once I enter the password, everything opens fine.
  The problem is when I try to open the files on my back up disc (I use an external hard drive to back up everything, via time machine) I get this message after entering the password" The following disc images could not be opened" and in a smaller box underneath, the relevant disc is named and it says this next to it"no mountable file systems".
  So if my Mac was to crash and I needed the ext. hd as a back up for recovery, currently, the encrypted files cannot be opened.
  Can anyone please help?
  Many thanks,
  Michael.

  How do you copy it to the backup disk? That error generally means that the file didn't fully copy over.
  Open a Terminal window. Type 'md5', space, and then drag the sparseimage file that works into the Terminal window, and then press return.
  Do the same think for the sparseimage that doesn't work.
  If they are the same file, they should have the same MD5 value. If the codes don't match, the files are not identical.
  Do a Get Info on each file and see if they are the same length.
  The only thing I can think of is that file is not completely copied or the external disk is formatted as a FAT32 (Windows) disk, in which case, files can't be more than 4G and if your image is larger than that, it will get cut off.

• ENCRYPTED "FILES" (NOT DRIVE) IN XP WON'T OPEN IN WINDOWS 7

  Because I did not want to move to windows 7 in April 2014 (I was happy with my computer setup and functions), I was advised by a friend to encrypt my files (not drive) in order to be safe in continuing the use of Windows XP O/S. I encrypted several thousands
  of files using Windows XP.
  Some months after this, I had an experience with the computer crashing due to overheating, not a virus attack, thank God. My usual repair person in my building got the computer up and running and said I could pick it up. I figured that this was probably
  a good time to have Windows 7 installed on my computer and I instructed him to do so.
  I failed to inform him that I had encrypted several thousands of files in XP. These files no longer open in Windows 7 after transferring them back to the C: drive.
  Is there a RESTORE ENCRYPTED FILES FOR DUMMIES that someone can suggest? The data lost spans almost 20 years; music, reading material in pdfs, important documents, vacation photos and photos of my 2 deceased cats, etc.
  As I mentioned before, the files are on an external drive.Please advise at your soonest.  I will provide any helpful details to assist. Thanks!
  Navoi7

  Hi,
  As Luca mentioned above, it's important for us to know how you encrypted the files in Windows XP, If you were using some third party tools, then you might need to contact the tool vernder to find a solution.
  If you were using EFS, then please see the following link:
  Troubleshoot encrypted files and folders (see this part: I can't open my files after transferring them to a different computer. )
  http://windows.microsoft.com/en-us/windows-vista/Troubleshoot-encrypted-files-and-folders
  Yolanda Zhu
  TechNet Community Support

• Encrypt files in time capsule

  how to encrypt files that are backed up in airport time capsule?

  The option to encrypt backups will appear when you first select a disk to be used for backups.
  If you want to encrypt a disk that already has backups, you must remove the disk from backups, then click to use that disk, and the option to encyrpt will appear.

• Encrypting files...

  Hi there,
  My Device is Q10,  my son he inter wrong password more than 10 times and Device directly deleting my data. I open device and I restore backup and my data but know I facing problem in Memory card  ( micro card ) when I installed  its showing this message ( the Media card is Encrypted files with another device  )
  I need to fix that’s problems I have data for 3 years old ( photos, videos, work files ) and very important files.

  Can you turn off the encryption?
  BlackBerry 10 OS:
  The BlackBerry 10 smartphone will start to encrypt all of the data that resides on the inserted media card as soon as the Media Card Encryption setting is changed to On.
  Once completely encrypted, the data can be accessed by using the any of following methods:
  By opening the file Manager on the smartphone and browsing to the content
  By using the appropriately associated app that has access to the media card data, for example:
  Docs to go app to open documents such as spreadsheet, or powerpoint documents.
  By connecting the smartphone to a computer that has BlackBerry Link installed or has BlackBerry 10 smartphone drivers installed.
  Note: Data can then be added, copied or moved from the encrypted media card installed on the smartphone when using the computer that is connected to the smartphone.
  By accessing mounted drives, or by accessing the UNC path of the device using the following address format \\169.254.x.x\
  Note: Trying to access data from an encrypted memory card on the smartphone that has USB Mass Storage mode set to On or by removing the encrypted memory card from the device and inserting it into a card reader on the PC or another smartphone, will result in the inability to open the contents of the data successfully.
  The files will be displayed showing the file name and type but will be unrecognizable when attempting to opening the file.
  Note: There is no .rem file name extension added to file names that are encrypted by a BlackBerry 10 smartphone.
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code