Endpoint Encryption

 View Only
  • 1.  File share encryption and automation scripts

    Posted May 21, 2014 10:43 AM

    Hi,

    I am currently searcing for a sollution to encrypt some sensitive data on windows servers/shares.

    My specs are somenthing like:

    1.  multiple users access to encrypted files with acl different that operating system acl's.

    2.  users can access files over windows net shares and local;

    3. some scripts which run on local server  from scheduller can access this encrypted files;

    I have tested PGP Corporate Desktop (net share component) and netshare command line and I can accomodate requirements 1,2 but I can't handle requirement nr. 3.

    Do you have any solution to this requirement?

     

    Also I have tested PGP commandline (trial) on the same workstation with PGP Corporate Desktop (trial) and after I have installed PGP commandline license the PGP Corporate Desktop  need relicensing. Is there any way to revert to my trial license for PGP Corporate Desktop.

     

    Best regards,

    Adrian

     

     

     



  • 2.  RE: File share encryption and automation scripts

    Posted May 21, 2014 11:47 AM

    If you need to script some sort of encryption access, you will need to use the PGP Command Line product I would think.



  • 3.  RE: File share encryption and automation scripts

    Posted May 22, 2014 08:37 AM

    I already tried PGP command line but I prefer the functions from PGP Netshare because they offer me an easy way to trigger/verify encryption acl's on folders.

    Do you have any idea if PGP commandline recognize the files encrypted with PGP netshare?

    I tried to decrypt a file (with PGP command line) encrypted (in file mode) with PGP netshare but i get an error something like "no PGP encryption on file". (I opened a file in a text editor end I can confirm that it's encrypted with PGP Netshare); 

    Anyway if I use pgpnetshare command line I can decrypt the files. Do you have any idea in windows if I run a script from scheduler i can use "pgpnetshare --unlock" to permit unencrypted access to folder inside the script? 

    Regards,

    Adrian



  • 4.  RE: File share encryption and automation scripts

    Posted May 22, 2014 08:48 AM

    PGP Commandline will recognise any files that are encrypted to a compatible key (i.e. an SMIME cert or PGP key) so commandline and netshare are fully compatible with each other.

     

    You would have to store the password to unlock in cleartext on that scheduled scan in order for a script to access it, but yes you can use schedule tasks to create such a thing, but it's a bit bad in terms of security.



  • 5.  RE: File share encryption and automation scripts

    Broadcom Employee
    Posted Jun 03, 2014 08:44 AM

    Hi Adrian,

    The user that needs to unlock the NetShare folder must have access to the keys and be part of the NetShare (access is granted on the basis of PGP keys and NTFS folder ACL).
    Is this scheduled task running under a specific user?

    Rgs,
    dcats



  • 6.  RE: File share encryption and automation scripts

    Posted Jun 16, 2014 05:20 PM

    AdrianIRI,

     

    Unfortunately, this will not work unless the user running the command line script is logged on to the server. Already tried this and the project was shut down due to this limitation. Symantec has yet to fix this issue. If you figured this out somehow please let me know.

     

    Thanks



  • 7.  RE: File share encryption and automation scripts

    Posted Sep 28, 2020 04:35 PM
    Thanks, I was just going down the command line route but I'm running it from a remote machine and not the local server housing the file share.
    I mapped a drive, and run the pgpnetshare --unlock command to the mapped drive and got an error:  "A file or folder could not be found [-11997]