Project Description
CryptoCollaboration for SharePoint 2007 (works for both Microsoft Office Server 2007 as well as Windows SharePoint Services 3.0) presents a native end-to-end encryption solution targeted at SharePoint lists and their related metadata.

One of the largest tribulations that exists within current collaboration systems is the reliance on making objects security aware based solely on provided principle attributes, characteristically noticed in SharePoint through its indigenous options for security trimming the interface. While this is certainly a method that promotes some level of privacy, security, and data integrity, it does not account for data storage while information is considered in a transitional state. Furthermore, this is amplified by the fact that numerous industry regulations require that when organizational data is stored in a system as SharePoint, that it is not directly callable in plain text, however promotes a secondary layer of privacy

CryptoCollaboration is broken up into two primary segments, the CryptoCollaboration Encryption Engine (CEE) and its related SharePoint interface components. The CEE is called directly from the ECB (Edit Content Block) menu provided by the native SharePoint ListFormWebPart (your orthodox SharePoint list interface), pooling all the fields that are considered encryption worthy and encrypting or decrypting them based on user interaction. Since there are current limitations to the fields out of an arbitrary list item that can be harvested (field types such as URL’s demand that certain formats be used and therefore cannot be subject to encryption operations).

Once the encryption / decryption operations are triggered, the CEE will encrypt / decrypt the stored fields with an algorithm that the user selects out of the interface (currently supported encryption algorithms are RC2, Rijndael (AES), Triple DES, or BlowFish). All code that the CEE leverages is CLS-Compliant and 100% managed.

Adam Buenz
http://sharepointsecurity.com

CHANGES TO EXCEPTION HANDLING

There have been some brief modifications that were done to the exception handling in order to support failure and success pages within the CryptoCollaboration operations page. This was the reason that the latest release was delayed. As such, I am going to be releasing the new version this evening. The exception handling changes are visible when working with the cryptographic operations.

When successful encryption or decryption occurs, you will see a success screen that brings you to the the operations success page. Once you click ok, you will be kicked to the list view page similar to the past operations.

26.jpg

When an cryptographic operation fails for any reason, you are brought to a similar page, however relaying that a general application exception has occurred. Usually this type of error is encountered if there is a mismatch between the encryption key and initialization parameters provided during encryption, and the subsequent offering during decryption.

27.jpg

CryptoCollaboration NOW SUPPORTS MICROSOFT WORD DOCUMENTS!!!

Here Is An Example Of THE EVEN NEW Document Level Encryption For Document Libraries (this is Alpha Version 0.0.0.4, Being Released On March 26 at 6:00 p.m. PST):

CryptoCollaboration now supports Microsoft Word Documents! This should bring full circle several of the aggregate encryption problems that have lead to the creation of CryptoCollaboration in the first place. So, let me demonstrate the encryption of a stored Microsoft Word document, and then its subsequent decryption back to plain text directly within a SharePoint environment.

Here, I am creating a new document from a SharePoint document library on a test instance:

20.jpg

And then, I am saving the document back to the server since this is where the encryption is going to take place:

21.jpg

Once the document is stored, I am going to call the CryptoCollaboration operations page so that I can interact with the CryptoCollaboration Encryption Engine. Once I am in the operations page, since I am just testing the file, I am going to restrict the encryption operations to the file of the list item, and then set the algorithm Rijndael:

22.jpg

Now, when I open the document from the SharePoint document library, the contents of the document are subsequently encrypted:

23.jpg

As you can see, the document contents are now unreadable.

Now, let's decrypt the document. Once in the operations page, as similar to past versions, the interface will be trimmed with the options as selected through previous operations:

24.jpg

After decryption, we can see that Microsoft Word contents are then converted to back to plain-text:

25.jpg

Here Is An Example Of THE NEW Document Level Encryption For Document Libraries (this is Alpha Version 0.0.0.3, Being Released On March 26 at 6:00 p.m. PST):

One of the largest changes in version 0.0.0.3 is the option to not solely use OOB lists, but document libraries as well. Document libraries are now supported through three main levels of operations:

1) Encrypt Fields
2) Encrypt Files
3) Encrypt Files and Fields

The operations page has been adjusted to compensate for said available selections.

The only limitation right now is it has only been tested with standards text documents, while the testing and code compensation that is required for Microsoft Word files will most likely be released at a later occasion. If you want to just view standard list encryption, you can view the screenshots provided in the secondary section that show Task List encryption, this will briefly go over the document level encryption for stored text documents.

Firstly, as was unavailable in the previous versions, the "Encrypt / Decrypt This Item" menu item is available from the document library ECB menus and toolbars.

Here is the encryption option as available from the Toolbar within a SharePoint document library:

9.jpg

Here is the encryption option as available from the ECB menu within a SharePoint document library

10.jpg

On the old CryptoCollaboration Operations page, there was no granular selection for files and metadata since files were not supported. However, when a SharePoint document library is now selected (i.e. we look whether the parent list is of Microsoft.SharePoint.SPDocumentLibrary), there are more selections that are available from the operations page.

11.jpg

So, you have one of three options to select when working with encryption in document libraries. I am going to choose to encrypt both the fields in the list as well as the file that is held within the document library. I could also choose to piece meal encrypt the pieces as I want.

19.jpg

In this document library, I am storing a document named "test.txt" which contains the string "test" within it. This is a piece of mutable data that I want to encrypt, as well as the column "test" which also contains the string "test". Here is the document contents.

13.jpg

And here is the list item and its related field values:

12.jpg

Now, after running the encryption operations, when I get kicked to the list item view, I can see my fields are encrypted:

14.jpg

As well the text file content. which contained the string "test", has also been encrypted:

15.jpg

Now, when I go to decrypt the list item, the field selection out of the interface is trimmed, to only include the action that was initially chosen is populated as the only selection in order to reduce confusion, as well similar to previous version of the the encryption engine, it will feed the algorithm that was initially chosen when tripping the encryption algorithm.

16.jpg

After the decryption is run, we can immediately see that the fields are decrypted:

17.jpg

As well, the file contents are also unscrambled back to the original plaintext:

18.jpg

THIS IS VERSION 0.0.0.2 WHICH HAS BEEN DEPRECATED IN FAVOR OF 0.0.0.3 WHICH SUPPORTS FILE ENCRYPTION (Being Released On March 26 at 6:00 p.m. PST)

Here Is An Example Of Some Task List Encryption (this is Alpha Version 0.0.0.2, Being Released On March 25 at 6:00 p.m. PST):

First, I Visit A List That I Would Like To Encrypt, In This Case A Task List With A New Test Item:
1.jpg

Secondly, Once The Item Is Created, I Call The Encryption Engine (CEE) From Either The List ECB or The List Form ToolBar:

From The ECB:

2.jpg

From The ToolBar:

3.jpg

Then After Selecting Entering The Operations Page:

4.jpg

The Selecting Your Available Encryption Options:

5.jpg

Now The Values Are Encrypted:

6.jpg

The Decryption Looks At The Algorithm, And Trims The Radio Button List For You:

7.jpg

The SharePoint List Item Is Then Returned To Plain Text:

8.jpg

Last edited Mar 28, 2008 at 7:23 PM by AdamBuenz, version 11