NAME

Win32::Security::EFS - Perl interface to functions that assist in working with EFS (Encrypted File System) under Windows plattforms.

SYNOPSIS

use Win32::Security::EFS;

if(Win32::Security::EFS->supported()) {
	Win32::Security::EFS->encrypt('some/file');
	Win32::Security::EFS->decrypt('some/file');
}

DESCRIPTION

The Encrypted File System, or EFS, was introduced in version 5 of NTFS to provide an additional level of security for files and directories. It provides cryptographic protection of individual files on NTFS volumes using a public-key system. Typically, the access control to file and directory objects provided by the Windows security model is sufficient to protect unauthorized access to sensitive information. However, if a laptop containing sensitive data is lost or stolen, the security protection of that data may be compromised. Encrypting the files increases security in this scenario.

METHODS

supported()

Returns true iff the underlaying filesystem supports EFS

constant_names()
encrypt($filename)

The encrypt function encrypts a file or directory. All data streams in a file are encrypted. All new files created in an encrypted directory are encrypted.

decrypt($filename)

The decrypt function decrypts an encrypted file or directory.

encryption_status($filename)

The encryption_status function retrieves the encryption status of the specified file.

If the function succeeds, it will return one of the following values see the "CONSTANTS" section.

encryption_disable($dirpath)

The encryption_disable function disables encryption of the specified directory and the files in it. It does not affect encryption of subdirectories below the indicated directory.

encryption_enable($dirpath)

The encryption_enable function enables encryption of the specified directory and the files in it. It does not affect encryption of subdirectories below the indicated directory.

FUNCTIONS

You have the possibility to access the plain API directly. Therefore the following functions can be exported:

use Win32::Security::EFS ':api';
EncryptFile($filename)
BOOL EncryptFile(
    LPCTSTR lpFileName  // file name
);
DecryptFile($filename, $reserved)
BOOL DecryptFile(
    LPCTSTR lpFileName,  // file name
    DWORD dwReserved     // reserved; must be zero
);
FileEncryptionStatus($filename, \$status)
BOOL FileEncryptionStatus(
    LPCTSTR lpFileName,  // file name
    LPDWORD lpStatus     // encryption status
);
EncryptionDisable($filename, $disable)
BOOL EncryptionDisable(
    LPCWSTR lpDirPath,
    BOOL fDisable
);
QueryUsersOnEncryptedFile( ... )

Not yet implemented.

CONSTANTS

You can import all constants by importing Win32::Security::EFS like

use Win32::Security::EFS ':consts';
  • encryption_status constants

    • FILE_DIR_DISALLOWED: Reserved for future use.

    • FILE_ENCRYPTABLE: The file can be encrypted.

    • FILE_IS_ENCRYPTED: The file is encrypted.

    • FILE_READ_ONLY: The file is a read-only file.

    • FILE_ROOT_DIR: The file is a root directory. Root directories cannot be encrypted.

    • FILE_SYSTEM_ATTR: The file is a system file. System files cannot be encrypted.

    • FILE_SYSTEM_DIR: The file is a system directory. System directories cannot be encrypted.

    • FILE_SYSTEM_NOT_SUPPORT: The file system does not support file encryption.

    • FILE_UNKNOWN: The encryption status is unknown. The file may be encrypted.

    • FILE_USER_DISALLOWED: Reserved for future use.

AUTHOR

Sascha Kiefer, esskar@cpan.org

COPYRIGHT AND LICENSE

Copyright (C) 2006 Sascha Kiefer

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.