Transparent file encryption with a Windows minifilter
A file-encryption software company needed the core engine for transparent encryption across local, removable, and network files. Joya Systems built the Windows minifilter and the user/kernel policy channel.
Platforms
- Windows
- NTFS
- CIFS/SMB
Services
- File system minifilter development
- Encryption design
- User/kernel IPC
The challenge
Transparent encryption has to be invisible to authorized applications and strict for everything else. The difficult cases were not just local NTFS files, but removable drives, remote SMB shares, metadata management, and policy decisions based on process and user context.
What we built
We built a Windows minifilter that performed on-the-fly AES-256 encryption and decryption for local and removable NTFS volumes as well as CIFS and SMB shares.
Encryption metadata used NTFS alternate data streams where appropriate, and the design supported versioning plus a pluggable cipher interface.
Policy decisions were made through asynchronous user/kernel messaging. The driver sent process, SID, and file attributes to user mode, then enforced allow-plaintext, allow-cipher, or deny decisions along with key and IV material.
Project outcome
- Made encryption invisible to authorized applications and strict for everything else — across local, removable, and CIFS/SMB files — with on-the-fly AES-256 in the I/O path.
- Kept policy and enforcement separate: the driver sends process, SID, and file attributes to user mode, which returns allow-plaintext, allow-cipher, or deny decisions with key and IV material.
- Built for evolution with NTFS alternate-data-stream metadata, versioning, and a pluggable cipher interface, while keeping the kernel data path reliable.
Technical takeaway
Minifilter encryption projects fail when policy and I/O timing are treated casually. The driver must be strict in the data path while still letting user mode own the business rules.
Working on something similar?
If your team is building in this area — a driver, kernel module, packet path, file system filter, security sensor, or certification plan — start with a technical conversation, not a sales call. Contact Joya Systems and describe the product, platform, and current state of the code.
Related consulting work
Related case studies
- Hardware-accelerated full-volume encryption driver
- Cross-platform kernel enforcement for application control
Frequently asked questions
How does a Windows minifilter do transparent file encryption for removable drives and SMB shares?
The minifilter performs on-the-fly AES-256 encryption and decryption in the I/O path for local and removable NTFS volumes as well as CIFS/SMB shares, so authorized applications see plaintext and everything else sees ciphertext. Encryption metadata is stored in NTFS alternate data streams where appropriate, with versioning and a pluggable cipher interface.
How are encryption policy decisions kept out of the kernel data path?
Through asynchronous user/kernel messaging: the driver sends process, SID, and file attributes to a user-mode component, which returns an allow-plaintext, allow-cipher, or deny decision along with key and IV material. That keeps the kernel path strict and reliable while user mode owns the business rules.
Case Studies
What our customers say about us?
Read our customer testimonials to find out why our clients keep returning for their projects.
View Testimonials