Maybe you’re wondering if you’re truly reading The NT Insider. Is this really an article on Linux? Well, yes and no. For years, we’ve been working on and writing about our on-access transparent File Encryption Solution Framework (FESF). This Solution Framework provides everything you need to build your own custom fast, reliable, file encryption product with no kernel-mode development required. We provide all the kernel-mode code, including an Isolation Minifilter and all the supporting code that performs the actual encryption using the Windows CNG system. Plus, we provide a complete user-mode reference implementation (written in C++) that you can use to start your project.
You define the policy that determines which files get encrypted or decrypted on access, based on the parameters you establish: The accessing application, the path or name of the file being accessed, the user or group doing the access, or just about any other factor you can envision.
We’ve had clients take FESF and go to market with their own complete, finished, product in less than six months. We think that’s pretty remarkable.
Not Everybody Uses Windows!
Yup… it surprised us too. OK, it didn’t surprise everyone at OSR but, it surprised a lot of us. Well, maybe not really a lot of us, but… at least it surprised Peter. Anyhow, indeed not everyone on the planet uses Windows. There are actual people who run Linux on their servers and workstations. And, not surprisingly, these folks need on-access transparent file encryption.
While there are a couple of good quality transparent file encryption solutions for Linux already, none of them has anything near the flexibility that FESF provides. For example, they don’t allow you to specify that you only want to encrypt *.odt files in a given directory. Or that you only want those *.odt files transparently encrypted/decrypted when they’re opened with LibreOffice Writer (as opposed to say, when they’re accessed using catdoc).
And, of course, none of the existing Linux data encryption applications are compatible with FESF for Windows.
Introducing: FESF for Linux
OSR’s File Encryption Solution Framework (FESF) for Linux provides you with the ability to create your own enterprise grade, highly flexible, transparent on-access file encryption/decryption solution on Linux. FESF for Linux comprises a native (kernel-mode) layered file system, written from the ground-up to support file access interception and file encryption activities. Using FESF for Windows as its inspiration, FESF for Linux allows your product to make its policy decisions in real-time from user-mode. Using FESF for Linux you can create a customized, powerful, and flexible transparent data encryption product with no kernel-mode programming. FESF for Linux comes with user-mode code that you can use as the basis for your product, giving you a head start on your development effort.
Compatibility with Windows as a Bonus
FESF for Linux is useful on its own, as the basis for a purely Linux product. However, it also has the advantage of being compatible with Windows.
Because the On Disk Structure used by FESF for Linux is compatible with the one used by FESF for Windows, encrypted files are fully compatible between systems. Now you can create an encrypted document using Microsoft Word, and have it transparently decrypted on access, based on any policy you define. Make changes using LibreOffice Writer, save the document (transparently encrypted, of course), and send it back to your Windows colleagues. They can then open it with Word, where it will be automatically and transparently decrypted (assuming your policy allows this).
Early Adopter Program Open NOW
We’ve already started work on FESF for Linux. You can join our Early Adopter Program to influence the direction of the first release of the product, get early access to pre-release builds, and help us by providing important feedback as development progresses. For more information about FESF for Linux see our web page. For more information about our FESF for Linux Early Adopter Program contact firstname.lastname@example.org.