Synchronizer for the exchange of encrypted files between the CyberSafe program and cloud resources
The CyberSafe cloud encryption feature allows you to automatically copy encrypted files to “clouds”, such as Google Drive (this article discusses this cloud resource) and any others. At the same time, if several users simultaneously work with a cloud folder, synchronization of encrypted files on computers of each of them is implemented. The general principles of working with the cloud encryption function were described here , in this article we will focus on the work of the synchronizer itself.
During its development, the technical problem was that when you synchronize files from the Google Disk folder on the user's computer with Google web folder in the cloud, the service information about the encrypted files recorded in ADS is not transmitted and is lost. That is, files on other devices after synchronization are encrypted, but the user cannot decrypt them.
To solve this problem, a variant was created with creating a CyberSafe Cloud folder, which is a mirror for the Google Drive folder . In this folder, the user copies the new unencrypted files that are automatically encrypted by the Alfa Transparent File Encryptor Driver . Service information for an encrypted file (encryption key identifier hash) of 4096 bytes in size is recorded in ADS and is available to the driver for work. At the same time, encrypted files are sent to the Google Drive folder itself with the service information recorded in the file header, without using ADS, which allows you to save it when transferring to the "cloud".
')
The mirror folder is created by CyberSafe automatically when you add a Google Drive folder to the program:
The administrator of this folder is the first to add it to CyberSafe and assign the keys of other users, which are recorded in the form of a digital envelope in the ADS folder (for more details, see here ). In the Google Drive folder, the program creates a cybersafe.cloud.conf file. This file contains information similar to the information in the ADS encrypted folder, namely: a symmetric encryption key, protected by the public keys of the authorized users, the ID of this key, a list of used certificates.
Cybersafe.cloud.conf “travels” on the Internet and extends to the computers of users who have access to an encrypted folder. By adding the Google Drive folder to CyberSafe on their computers, users no longer assign keys — information is overwritten in the ADS of this folder on their computers from cybersafe.cloud.conf .
Now about how the synchronizer works. The program has two separate processes CloudSync.exe and loudSync2.exe , which synchronize between the CyberSafe mirror folder and the Google Drive folder .
CloudSync.exe copies encrypted files with service information placed in the header from the mirror folder to the Google Drive folder. This process is added to the list of “excluded” for the encryption driver, which allows it to “see” the files in the mirrored folder encrypted and with service information in the header (the driver automatically displays information from ADS in the file header for such processes).
The CloudSync.exe process does not have access to the ADS file separately.
loudSync2.exe is a normal process that “sees” files in the mirrored folder decrypted, has access to ADS, can copy files from the Google Disk folder to the mirror and then automatically encrypt the driver.
In the process of file synchronization there are several options for the development of events:
1. A new file is copied to the Google Drive folder. It may already be encrypted, being copied there directly from the cloud as a result of actions performed on other users' computers, or not encrypted - the user himself copies the new unencrypted file to the Google Drive folder on his computer.
The presence of the service header at the beginning of the file is checked.
1.1 If the header is, then we consider the file encrypted. Whether the file is encrypted or not is determined by the CloudSync.exe process. For this, the first 4096 bytes of the file are analyzed for the presence of the ATE_HEADER header structure with the fields filled in:
The check function is encrypted file or not:
The CloudSync.exe process copies the first 4096 bytes to a temporary file with the .ads extension. Next, it copies the rest of the file with the encrypted content into a temporary file. Next, it stores the service information (header from the temporary file with the .ads extension) into the ADS temporary file (: AlfaFileEncryptor). Next, it moves the temporary file to the mirror folder.
Another technical problem : how to make sure that when copying the encrypted files from the Google Drive folder to the mirrored folder, they are not repeatedly encrypted by the driver? The solution of this issue is displayed by the code, due to which the driver does not perform any actions with the file when the file is moved to the controlled encrypted folder and therefore the file is not re-encrypted:
1.2 If the header is not, consider the file is not encrypted. The CloudSync2.exe process copies the file to the mirror folder, after which it is automatically encrypted by the driver. An unencrypted file is deleted from the Google Drive folder. Further, the process CloudSync.exe copies the encrypted file to the Google Drive folder from the mirrored file, after which it is automatically sent to the “cloud” and goes to other users.
2. The file is copied or edited in the CyberSafe mirror folder.
If a new file is copied by the user to the CyberSafe mirror folder, it is automatically encrypted by the driver. When editing an existing file in a mirrored folder, it is saved to disk in an encrypted form also automatically. Next, the encrypted file is sent by the CloudSync.exe process to the Google Drive folder with service information in the header and from there it goes to the “cloud”.
To properly synchronize and respond to changes to files in Google Drive and Mirror folders, the CloudSync.exe and CloudSync2.exe processes monitor the activity in these folders and perform the appropriate copy operations described above.
During its development, the technical problem was that when you synchronize files from the Google Disk folder on the user's computer with Google web folder in the cloud, the service information about the encrypted files recorded in ADS is not transmitted and is lost. That is, files on other devices after synchronization are encrypted, but the user cannot decrypt them.
To solve this problem, a variant was created with creating a CyberSafe Cloud folder, which is a mirror for the Google Drive folder . In this folder, the user copies the new unencrypted files that are automatically encrypted by the Alfa Transparent File Encryptor Driver . Service information for an encrypted file (encryption key identifier hash) of 4096 bytes in size is recorded in ADS and is available to the driver for work. At the same time, encrypted files are sent to the Google Drive folder itself with the service information recorded in the file header, without using ADS, which allows you to save it when transferring to the "cloud".
')
The mirror folder is created by CyberSafe automatically when you add a Google Drive folder to the program:
The administrator of this folder is the first to add it to CyberSafe and assign the keys of other users, which are recorded in the form of a digital envelope in the ADS folder (for more details, see here ). In the Google Drive folder, the program creates a cybersafe.cloud.conf file. This file contains information similar to the information in the ADS encrypted folder, namely: a symmetric encryption key, protected by the public keys of the authorized users, the ID of this key, a list of used certificates.
Cybersafe.cloud.conf “travels” on the Internet and extends to the computers of users who have access to an encrypted folder. By adding the Google Drive folder to CyberSafe on their computers, users no longer assign keys — information is overwritten in the ADS of this folder on their computers from cybersafe.cloud.conf .
Now about how the synchronizer works. The program has two separate processes CloudSync.exe and loudSync2.exe , which synchronize between the CyberSafe mirror folder and the Google Drive folder .
CloudSync.exe copies encrypted files with service information placed in the header from the mirror folder to the Google Drive folder. This process is added to the list of “excluded” for the encryption driver, which allows it to “see” the files in the mirrored folder encrypted and with service information in the header (the driver automatically displays information from ADS in the file header for such processes).
The CloudSync.exe process does not have access to the ADS file separately.
loudSync2.exe is a normal process that “sees” files in the mirrored folder decrypted, has access to ADS, can copy files from the Google Disk folder to the mirror and then automatically encrypt the driver.
In the process of file synchronization there are several options for the development of events:
1. A new file is copied to the Google Drive folder. It may already be encrypted, being copied there directly from the cloud as a result of actions performed on other users' computers, or not encrypted - the user himself copies the new unencrypted file to the Google Drive folder on his computer.
The presence of the service header at the beginning of the file is checked.
1.1 If the header is, then we consider the file encrypted. Whether the file is encrypted or not is determined by the CloudSync.exe process. For this, the first 4096 bytes of the file are analyzed for the presence of the ATE_HEADER header structure with the fields filled in:
ATE_HEADER = RecordKeyIDLength, KeyXOR: DWORD;Data: Array[1..ATE_KEY_ID_SIZE div sizeof(DWORD)] Of DWORD;KeyIDLength2, KeyXOR2: DWORD;Data2: Array[1..ATE_KEY_ID_SIZE div sizeof(DWORD)] Of DWORD;Flags, Flags2: DWORD;cData: Array[0..3575] Of AnsiChar;End;The check function is encrypted file or not:
function isFileHasRightHeader(FileName: string): Boolean;varHEADER: ATE_HEADER;fs: TFileStream;beginResult := False;tryfs := TFileStream.Create(FileName, fmOpenRead);tryfs.Read(HEADER, SIZE_OF_ATE_HEADER);Result := (HEADER.KeyIDLength = ATE_KEY_ID_SIZE) and (HEADER.KeyIDLength2 = ATE_KEY_ID_SIZE);finallyfs.Free;end;excepton E: Exception doWriteToLog('!!! isFileHasRightHeader: ' + E.Message + #13 + FileName);end;end;The CloudSync.exe process copies the first 4096 bytes to a temporary file with the .ads extension. Next, it copies the rest of the file with the encrypted content into a temporary file. Next, it stores the service information (header from the temporary file with the .ads extension) into the ADS temporary file (: AlfaFileEncryptor). Next, it moves the temporary file to the mirror folder.
Another technical problem : how to make sure that when copying the encrypted files from the Google Drive folder to the mirrored folder, they are not repeatedly encrypted by the driver? The solution of this issue is displayed by the code, due to which the driver does not perform any actions with the file when the file is moved to the controlled encrypted folder and therefore the file is not re-encrypted:
function TrimHeaderAndMoveFile(SyncIndex: Integer; FileNameFrom, FileNameTo: TFileName): Boolean;// FileNameFrom - ""// FileNameTo -// PS FileNameFrom FileNameTo 1-varfs, fs1: TFileStream;fn: string;beginResult := False;//fn := GetTempFileName(SyncIndex, FileNameFrom);trytry//fs := TFileStream.Create(FileNameFrom, fmOpenRead);trytry// .adsfs1 := TFileStream.Create(fn + '.ads', fmCreate);tryfs1.CopyFrom(fs, SIZE_OF_ATE_HEADER); // 4096finallyfs1.Free;end;excepton E: Exception doWriteToLog('!!! TrimHeaderAndMoveFile: ' + E.Message + #13 + fn);end;tryif fs.Size > SIZE_OF_ATE_HEADER then //beginfs1 := TFileStream.Create(fn, fmCreate);tryfs1.CopyFrom(fs, fs.Size - SIZE_OF_ATE_HEADER); //finallyfs1.Free;end;endelsebeginCreateEmptyFile(fn); // ,end;excepton E: Exception doWriteToLog('!!! TrimHeaderAndMoveFile: ' + E.Message + #13 + fn);end;finallyfs.Free;end;WriteADS(fn, fn + '.ads', 'AlfaFileEncryptor'); // ADS .ads
DeleteFile(fn + '.ads'); // .ads// CloudSync2.exeif RemoteIsFileExists(FileNameTo) thenbegin// CloudSync2.exeRemoteDeleteFile(FileNameTo);end;//RenameFile(fn, FileNameTo);Result := True;exceptend;finallyif FileExists(fn) thenbegintryDeleteFile(fn);exceptend;end;if FileExists(fn + '.ads') thenbegintryDeleteFile(fn + '.ads');exceptend;end;end;end;1.2 If the header is not, consider the file is not encrypted. The CloudSync2.exe process copies the file to the mirror folder, after which it is automatically encrypted by the driver. An unencrypted file is deleted from the Google Drive folder. Further, the process CloudSync.exe copies the encrypted file to the Google Drive folder from the mirrored file, after which it is automatically sent to the “cloud” and goes to other users.
2. The file is copied or edited in the CyberSafe mirror folder.
If a new file is copied by the user to the CyberSafe mirror folder, it is automatically encrypted by the driver. When editing an existing file in a mirrored folder, it is saved to disk in an encrypted form also automatically. Next, the encrypted file is sent by the CloudSync.exe process to the Google Drive folder with service information in the header and from there it goes to the “cloud”.
To properly synchronize and respond to changes to files in Google Drive and Mirror folders, the CloudSync.exe and CloudSync2.exe processes monitor the activity in these folders and perform the appropriate copy operations described above.
Source: https://habr.com/ru/post/234919/
All Articles