The contents of the file are to be available only to a select number of individuals. The obvious approach was one based on symmetric encryption or quorum type encryption. Although it would be possible to have a system publishing versions encrypted using the individuals public keys this seems overkill.
Based on previous experience in disaster recovery scenarios my initial thought was to look at facilities built in to the operating system. However even before digging in to the details of the implementation (based on their implementation of pptp and Office password protection, I thought it best to check) I came across a major stumbling block - users in the domain with admin privileges can access the encrypted files. It's not that I'm trying to subvert our security model - quite the opposite; not everyone in the admin group should have access.
We are already using 7zip widely but until I started doing some digging on the topic, I was not aware that it also supported encryption. Despite the weaknesses in the implementation (described here for WinZip, most of which applies equally to 7zip) it seemed ideal for our purposes. However when I tried it out, I found that the ergonomics were so bad that it would be unusable for our needs.
- Although not a show stopper, it uses a temp directory on the local machines physical hard disk to store the unencrypted file. It does clean this up after the application using the file is closed, but could provide a new avenue for accessing the encrypted document.
- Under normal operations, when a file within an archive is edited, 7zip automatically puts it back into the archive when the application is exited. It just gives an error when you try this using an encrypted file.
- The password for encryption is set when the archive is created. If you try to add additional files later, these are added unencrypted with no warning.
I was a bit surprised at this as, for compression purposes I had found the user interface to be very well designed.
Because of the Byzantine procurement process here it is a painful experience to actually buy software - and my experience is that it is always better to try before you buy - hence FOSS software is particularly attractive.
So I'm off to have a look at: