Two-way folder sync with encryption to secure my Dropbox data

Question

I'd like to write a little .NET script/tool which does at least mostly the same like SecretSync or BoxCryptor, but without storing the encryption key on a company's web servers.

First it sounds very simple: You have two folder - a "decryped"-folder and and "encrypted"-folder. On both folders there is an FileSystemWatcher so the tool gets notified when a file has changed. If a file changes in the "decryped"-folder, it encrypts the file and writes it to the "encrypted"-folder. If a file changes in the "encrypted"-folder, it decrypts the file and writes it to the "decrypted"-folder.

No problem so far.

But what happens if the users runs a application (like KeePass for example) directly from the "decryped"-folder? The sync and encryption process will now run into problems because the files are locked from the application. Is there someting i can do to avoid this problem handled, so the application can still run beside the sync and encryption process?

Thanks for any help!

Update: I still couldn't find a answer to this question. When using FileSystemWatcher-class for syncing it is easy to apply the encryption/decryption, but you are running into problems with file locks (because of the streams or applications blocking the files). I also tried Microsoft Sync Framework. File sync works with it, but i don't know how to encrypt/decrypt the files on the fly.

Maybe someone has a little working code sample.

Answer 1

File System Filter driver is probably the only correct way to implement your task. This way you can implement on-the-fly encryption, decryption and mirroring of data.

I believe that our CallbackFilter will help you. This is a file system filter (driver is included, you write only user-mode code) which allows you inspect and modify contents of file system requests. Encryption sample is included.

Answer 2

BoxCryptor is using Dokan library which is a user mode file system for windows. The library allows your program to receive callback about various file system related operations in the virtual drive. This way you can respond to these callbacks and encrypt/decrypt data based on the file system operation.

Answer 3

Inspired by the answer of Ivanov you should maybe take a look into AlphaVSS. It is a .Net wrapper around the Volume Shadow Copy Service.

With this in hand you could make a snapshot in a regulary basis (like every 15 minutes) and copy the files instead from the decrypt folder out of the VSS copy into the encrypt folder. To increase the speed you could still use the FileSystemWatcher to simply log which files have been changed since the last copy and copy only these files from the shadow copy.

Answer 4

look into using Volume Shadow Copy Service, make sure you get the SDK for your OS of choise