NAME
Win32::Security::EFS - Perl interface to functions that assist in
working with EFS (Encrypted File System) under Windows plattforms.
SYNOPSIS
use Win32::Security::EFS;
if(Win32::Security::EFS->supported()) {
Win32::Security::EFS->encrypt('some/file');
Win32::Security::EFS->decrypt('some/file');
}
DESCRIPTION
The Encrypted File System, or EFS, was introduced in version 5 of NTFS
to provide an additional level of security for files and directories. It
provides cryptographic protection of individual files on NTFS volumes
using a public-key system. Typically, the access control to file and
directory objects provided by the Windows security model is sufficient
to protect unauthorized access to sensitive information. However, if a
laptop containing sensitive data is lost or stolen, the security
protection of that data may be compromised. Encrypting the files
increases security in this scenario.
METHODS
supported()
Returns *true* iff the underlaying filesystem supports EFS
constant_names()
encrypt($filename)
The *encrypt* function encrypts a file or directory. All data
streams in a file are encrypted. All new files created in an
encrypted directory are encrypted.
decrypt($filename)
The *decrypt* function decrypts an encrypted file or directory.
encryption_status($filename)
The *encryption_status* function retrieves the encryption status of
the specified file.
If the function succeeds, it will return one of the following values
see the "CONSTANTS" section.
encryption_disable($dirpath)
The *encryption_disable* function disables encryption of the
specified directory and the files in it. It does not affect
encryption of subdirectories below the indicated directory.
encryption_enable($dirpath)
The *encryption_enable* function enables encryption of the specified
directory and the files in it. It does not affect encryption of
subdirectories below the indicated directory.
FUNCTIONS
You have the possibility to access the plain API directly. Therefore the
following functions can be exported:
use Win32::Security::EFS ':api';
EncryptFile($filename)
BOOL EncryptFile(
LPCTSTR lpFileName // file name
);
DecryptFile($filename, $reserved)
BOOL DecryptFile(
LPCTSTR lpFileName, // file name
DWORD dwReserved // reserved; must be zero
);
FileEncryptionStatus($filename, \$status)
BOOL FileEncryptionStatus(
LPCTSTR lpFileName, // file name
LPDWORD lpStatus // encryption status
);
EncryptionDisable($filename, $disable)
BOOL EncryptionDisable(
LPCWSTR lpDirPath,
BOOL fDisable
);
QueryUsersOnEncryptedFile( ... )
Not yet implemented.
CONSTANTS
You can import all constants by importing Win32::Security::EFS like
use Win32::Security::EFS ':consts';
* encryption_status constants
* *FILE_DIR_DISALLOWED:* Reserved for future use.
* *FILE_ENCRYPTABLE:* The file can be encrypted.
* *FILE_IS_ENCRYPTED:* The file is encrypted.
* *FILE_READ_ONLY:* The file is a read-only file.
* *FILE_ROOT_DIR:* The file is a root directory. Root directories
cannot be encrypted.
* *FILE_SYSTEM_ATTR:* The file is a system file. System files cannot
be encrypted.
* *FILE_SYSTEM_DIR:* The file is a system directory. System
directories cannot be encrypted.
* *FILE_SYSTEM_NOT_SUPPORT:* The file system does not support file
encryption.
* *FILE_UNKNOWN:* The encryption status is unknown. The file may be
encrypted.
* *FILE_USER_DISALLOWED:* Reserved for future use.
AUTHOR
Sascha Kiefer,
[email protected]
COPYRIGHT AND LICENSE
Copyright (C) 2006 Sascha Kiefer
This library is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
