I am currently searcing for a sollution to encrypt some sensitive data on windows servers/shares.
My specs are somenthing like:
1. multiple users access to encrypted files with acl different that operating system acl's.
2. users can access files over windows net shares and local;
3. some scripts which run on local server from scheduller can access this encrypted files;
I have tested PGP Corporate Desktop (net share component) and netshare command line and I can accomodate requirements 1,2 but I can't handle requirement nr. 3.
Do you have any solution to this requirement?
Also I have tested PGP commandline (trial) on the same workstation with PGP Corporate Desktop (trial) and after I have installed PGP commandline license the PGP Corporate Desktop need relicensing. Is there any way to revert to my trial license for PGP Corporate Desktop.
If you need to script some sort of encryption access, you will need to use the PGP Command Line product I would think.
I already tried PGP command line but I prefer the functions from PGP Netshare because they offer me an easy way to trigger/verify encryption acl's on folders.
Do you have any idea if PGP commandline recognize the files encrypted with PGP netshare?
I tried to decrypt a file (with PGP command line) encrypted (in file mode) with PGP netshare but i get an error something like "no PGP encryption on file". (I opened a file in a text editor end I can confirm that it's encrypted with PGP Netshare);
Anyway if I use pgpnetshare command line I can decrypt the files. Do you have any idea in windows if I run a script from scheduler i can use "pgpnetshare --unlock" to permit unencrypted access to folder inside the script?
PGP Commandline will recognise any files that are encrypted to a compatible key (i.e. an SMIME cert or PGP key) so commandline and netshare are fully compatible with each other.
You would have to store the password to unlock in cleartext on that scheduled scan in order for a script to access it, but yes you can use schedule tasks to create such a thing, but it's a bit bad in terms of security.
The user that needs to unlock the NetShare folder must have access to the keys and be part of the NetShare (access is granted on the basis of PGP keys and NTFS folder ACL).
Is this scheduled task running under a specific user?
Unfortunately, this will not work unless the user running the command line script is logged on to the server. Already tried this and the project was shut down due to this limitation. Symantec has yet to fix this issue. If you figured this out somehow please let me know.