Invoking The RMS Bulk Protection Tool Remotely

I don’t understand why this was so hard, but it really is. And honestly who wants to use this tool directly on the server? It is more useful when you can bake it into client applications, in my case a VSTO add-in. Furthermore, the Microsoft site says this will work on XP, this is not the case since it will just throw Skipped, file type not supported. I don’t know what that’s about. Furthermore, if you try to invoke the encryption routines on the box while pointing to a network share hosting the application, like this:

[csharp]
var start = new ProcessStartInfo
{
WorkingDirectory=Whatever
Arguments = @” /encrypt \\server\shareimencrypting\ Rights.xml”,
FileName = @”RmsBulk.exe”,
WindowStyle = ProcessWindowStyle.Normal,
CreateNoWindow = false,
UseShellExecute = false
};
using (Process p = Process.Start(start))
{
p.WaitForExit();
}
[/csharp]

It will not work since it can’t hydrate the template file. Returns an error like “you do not have access to the template file or it does not exist”. Or something to that effect.  So, the only real way to do is to execute the task remotely. Since the standard output from the tool is pretty important for interaction purposes (tells supported file types and gives a report of failed / succeeded decryption routines, that pretty much means WMI is out the door since it won’t out a return. So, PSExec comes to the rescue! Or maybe something else this was just what the SP MVP group said would be the path of least resistance.

Long and short of it is, to execute it remotely make two local executables that reside in the shared RMSBulk tool directory (or as long as the wrapper classes for the IRM protector are relative to the tool), respectively:

[csharp]
var start = new ProcessStartInfo
{
Arguments = @” /encrypt \\server\share\ Placitum_Rights.xml”,
FileName = @”RmsBulk.exe”,
WindowStyle = ProcessWindowStyle.Normal,
CreateNoWindow = false,
UseShellExecute = false
};
using (Process p = Process.Start(start))
{
p.WaitForExit();
}
[/csharp]

And for the decryption:

[csharp]

var start = new ProcessStartInfo
{
Arguments = @” /decrypt \\server\share\”,
FileName = @”RmsBulk.exe”,
WindowStyle = ProcessWindowStyle.Normal,
CreateNoWindow = false,
UseShellExecute = false
};
Process p = Process.Start(start);
p.WaitForExit();

}
[/csharp]

Then in your client app, make the appropriate PSExec calls.

For the encryption:

[csharp]
ProcessStartInfo startEncrypt = new ProcessStartInfo
{
WorkingDirectory = @”
“,
FileName = @”
\PsExec.exe”,
WindowStyle = ProcessWindowStyle.Normal,
CreateNoWindow = false,
Arguments = @”\\ -u username -p password -w “”C:\Program Files (x86)\AD RMS Bulk Protection Tool”” “”C:\Program Files (x86)\AD RMS Bulk Protection Tool\Encrypt.exe”””,
UseShellExecute = false
};

Process process = new Process();

process.StartInfo = startEncrypt;
process.Start();
process.WaitForExit();
process.Close();
[/csharp]

For the decryption:

[csharp]
var startDecrypt = new ProcessStartInfo
{
WorkingDirectory = @”

FileName = @”
\PsExec.exe”,
WindowStyle = ProcessWindowStyle.Normal,
CreateNoWindow = false,
Arguments = @”\\ -u username -p password -w “”C:\Program Files (x86)\AD RMS Bulk Protection Tool”” “”C:\Program Files (x86)\AD RMS Bulk Protection Tool\Decrypt.exe”””,
UseShellExecute = false
};

Process process = new Process();
process.StartInfo = startDecrypt;
process.Start();
process.WaitForExit();
process.Close();
[/csharp]

And you can get around 99% of the limitations of the tool. It’s pretty cool when you combine it with FCI, then really get fancy by ad-hoc provisioning plain-text indexing to support encrypted searching routines.

Share

Next Revision Of CryptoCollaboration (V5)

I am almost done with the next revision of CryptoCollaboration, which will now make the revision count up to 5. Within a week. Yeesh. I need to get a hobby :)

Anyways, the largest changes are conditional standard encryption of attachments using the same process that is available when files are encrypted in a document library. Therefore, you will notice different interface elements when attachment elements are found within a list item, which allows you to optionally encrypt them. Some people have emailed me asking if they can use different encryption algorithms for this, right now honestly I don’t see building that in being very useful, so I am skipping it for now. If I was going to do selectable objects / encryption algorithms, I think I will instead just put some CheckBox controls or something within the operations interface that lets you select ALL fields that you want to encrypt. I will step back and look at that at a later date.

I am looking into other encryption routines to integrate into the overall application as well. I already have all the ones that the .NET framework natively supports, as well as wrote the code to have BlowFish in there. Now I am also considering putting TwoFish in the application as well. Twofish is a symmetric key block cipher whose block size consists of 128 bits supporting sizes up to 256-bit keys. I had originally wanted to include this algorithm in the initial release, but was having performance problems with my approach. I know that it is generally considered to be much less efficient than Rijndael when leveraging 128-bit keys, but it is supposed to be notably faster with 256-bit keys. Unfortunately this wasn’t my experience, so I would have to step back and rework some of my approaches to get this to work correctly.

I am still looking for more feedback on the application itself. If you want to email me directly, you can just use the contact page on the main site and avoid having to open your email client.

Thanks to everyone for their feedback thus far!

Share

Ok, Seriously. CryptoCollaboration V4 Is Released

Yeah, so I kinda of missed my target dates for revision 0.0.0.4, but it was for a good purpose. I stepped back and added the need exception handling within the interface, and cleaned a lot of the unnecessary garbage code up. The file encryption should be working pretty good now with reasonable speed depending on document content length and file format.

You can download the release here.

Share