OTFE
Encyclopedia
On-the-fly encryption (OTFE), also known as Real-time Encryption, is a method used by some encryption
programs, for example, disk encryption software
. "On-the-fly" refers to the fact that the files are accessible immediately after the key
is provided, and the entire volume
is typically mounted
as if it were a physical drive, making the files just as accessible as any unencrypted ones.
To be transparent to the end user, on-the-fly encryption usually requires the use of device driver
s to enable the encryption
process. Although administrator
access rights are normally required to install such drivers, encrypted volumes can typically be used by normal users without these rights.
On-the-fly encryption also means that data is automatically encrypted or decrypted right before it is loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password
/keyfile
(s) or correct encryption keys
. The entire file system
within the volume is encrypted (including file names, folder names, file contents, free space, meta data, etc.).
In general, every method in which data is transparently encrypted on write and decrypted on read can be called on-the-fly encryption.
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
programs, for example, disk encryption software
Disk encryption software
To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...
. "On-the-fly" refers to the fact that the files are accessible immediately after the key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
is provided, and the entire volume
Volume (computing)
In the context of computer operating systems, volume is the term used to describe a single accessible storage area with a single file system, typically resident on a single partition of a hard disk. Similarly, it refers to the logical interface used by an operating system to access data stored on...
is typically mounted
Mount (computing)
Mounting takes place before a computer can use any kind of storage device . The user or their operating system must make it accessible through the computer's file system. A user can access only files on mounted media.- Mount point :A mount point is a physical location in the partition used as a...
as if it were a physical drive, making the files just as accessible as any unencrypted ones.
To be transparent to the end user, on-the-fly encryption usually requires the use of device driver
Device driver
In computing, a device driver or software driver is a computer program allowing higher-level computer programs to interact with a hardware device....
s to enable the encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
process. Although administrator
System administrator
A system administrator, IT systems administrator, systems administrator, or sysadmin is a person employed to maintain and operate a computer system and/or network...
access rights are normally required to install such drivers, encrypted volumes can typically be used by normal users without these rights.
On-the-fly encryption also means that data is automatically encrypted or decrypted right before it is loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
/keyfile
Keyfile
A keyfile is a file on a computer which contains encryption or license keys.A common use is web server software running secure socket layer protocols. Server-specific keys issued by trusted authorities are merged into the keyfile along with the trusted root certificates...
(s) or correct encryption keys
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
. The entire file system
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
within the volume is encrypted (including file names, folder names, file contents, free space, meta data, etc.).
In general, every method in which data is transparently encrypted on write and decrypted on read can be called on-the-fly encryption.
Benefits
Some benefits of using on-the-fly encryption are:- It is the fastest encryption method.
- Data is decrypted in RAM and does not require saving files to a drive.
- Encrypted data is protected from being accessed or modified by unauthorized users.
- Encrypted data is highly portable which is ideal for use with USB flash drives.
- There is no limit on the number of files and folders protected.
See also
- TrueCryptTrueCryptTrueCrypt is a software application used for on-the-fly encryption . It is free and open source. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device .- Operating systems :TrueCrypt supports Microsoft Windows, Mac OS X, and...
- FreeOTFEFreeOTFEFreeOTFE is an open source on-the-fly disk encryption computer program for PCs running Microsoft Windows, and personal digital assistants running Windows Mobile . It creates virtual drives, or disks, to which anything written is automatically encrypted before being stored on a computer's hard or...
- Disk encryptionDisk encryptionDisk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...
- Disk encryption softwareDisk encryption softwareTo protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...
- Comparison of disk encryption softwareComparison of disk encryption software-Background information:-Operating systems:-Features:* Hidden containers: Whether hidden containers can be created for deniable encryption...