Encrypting and decrypting windows folders on the fly

I have a need to encrypt and decrypt a folder and its subfolders from xojo so that sensitive documents can only be opened by using a desktop app. Can anyone help by pointing me in the right direction?

keep them in a zip file with a password?

Thanks, I thought if that but there are 156,055 files in several subdirectories. The files will be stored on an external hard drive and will be accessed from a windows machine. Is there some way to encrypt and decrypt a folder in windows from within Xojo without zipping and unzipping files?

AFAI understand:
encrypt = zip
decrypt = unzip

Replace zip/unsip by whatever you want, you will still have to write the data / read the data.

The only possibility is to be able to save (encrypt) the changed file / open (decrypt) one file.

That was possible with StuffIt (remember that old one ?) years ago, I do not know if it is possible with the zip (or rar) format.

Xojo had something (or was it Real Studio ?) long time ago, but it was deprecated.

most OS allow the drive/file system to be encrypted, with on-the-fly decryption per user.
You could store the data in an encrypted database which only your app knows the password for.

Otherwise, it feels like your only route will be to open and save the files as memoryblocks, to which you apply encrypt/decrypt methods as you need them.

EG: to open, read the whole file into memoryblock, decrypt it, use it as normal.
To save, Copy to a memoryblock, encrypt it, and write it back.
There are several encryption technologies you could use. Even encodebase64 would hide the contents in a not very secure way.

That’s easy. The problem is to encrypt and decrypt each folder in such a way that when windows explorer closes, the folder is then re-encrypted. If I store the folder name in a variable, I suppose I could then use a shell command to re-encrypt the folder just accessed.

I think that a third party solution like one of the following:

Best Encryption Software of 2022 | Windows Central
might be what I am looking for. Just discussing this on this forum has helped my thought processes. Thanks to those who have contributed.

What is your goal? Are you trying to defend your files from the user, or the user’s files from an outsider? Since you mention encrypting when Windows Explorer closes, it sounds like you’re encrypting user files. In that case, the correct option is for the user to have BitLocker turned on for the drive. Your app wouldn’t do anything.

If you really want to do the encryption yourself, I agree using a zip file for that would be impractical. It is possible to read and write individual files in a zip archive, but I don’t what your dev tool is, so I can’t comment on how easy this would be to develop. To do it entirely yourself is not recommended, as there are lots of variables to get wrong.

For the sake of argument, let’s say you were going to do it yourself. You’d need a header structure to store things like an identifier byte, hash, initialization vector, and version. If you’re using a user-supplied password, you’d also need to store information about your key derivation routine. And if you’re using public key encryption, the header would need to store the encrypted password too. You’d then encrypt the file using the symmetric key, prepend the header, and call it day. I’m glossing over details of course, because my point is to demonstrate all the ways it can go wrong.

This is why I say use BitLocker. If you do go the zip route, make sure you use AES encryption. Zip 2.0 encryption is… bad. If you happen to be using Xojo, my non-BitLocker advice would be a sqlite database with aes-256: prepended to the key.

I am using this tool here:

May be it helps …

Thank you for your input Mick and Thom. I am exploring veracrypt at the moment, but will check out your suggestions. The files will stay on a removable drive, but used on only one computer. Bitlocker is a possible option, but the person using the files is not very computer literate.

VeraCrypt - Free Open source disk encryption with strong security for the Paranoid

Just be aware disk encryption is only secure when they systems not booted

Need more information, disk and folder encryption will not protect the data from anyone logged in as you. Including a virus or Trojan. Also you need to protect the keys used to encrypt. IM me if you want a deep dive.

1 Like

You open Cryptomator, use it and close it down again. Very little risk to get compromised.

Well if you plan to make your “own” app, xojo might be a bad choice for this task.

If everything is about encrypting your files, better use the tools designed for this task, don’t reinvent the wheel (making everything worse).

In Crypto there is a golden rule: Do not make your “own” crypto. You will always fail and run into traps, the open source community solved many decades before.

1 Like

Totally wrong , I have real time forensic tools that monitor every aspect of apps running 24/7 and the data is searchable. If this was in a virus nothing is safe.

Partially true, security through obscurity is a thing, if you use popular crypto process, there is a chance it’s been hacked already as they go for the popular tools.

Yes, of course you are right. What I wanted to say is: Everything is a question of probabilities. And it goes down with less usage and/or accessibility - right?

And using something like Cryptomator is better than using no tool at all. It’s not just viruses that put your data at risk.

If you didn’t compile it, never have faith in it :wink:

I’d go even further since so much code is just copy pasted from SO, AI’s etc

Unless you can READ & UNDERSTAND the code dont have faith in it
Once you do then compile it

Perhaps my libsodium wrapper would be useful. The SecretStream class works like an encrypted BinaryStream.