Support, help and instructions for abylon SHAREDDRIVE

With programs based on the shell extension of the File Explorer, this problem can occur under Windows XP from service pack 2. Please proceed in the following order to solve the problems.

Aid:

• Install Latest Service Packs and Windows Updates
• All current service packs and security patches (especially KB908531) should be installed using the Windows update!
• Change registry value
  In the registry under
  abylon ENTERPRISE: HKLM\SOFTWARE\abylon\ENTERPRISE\SHAREDDRIVE
  abylon SHAREDDRIVE: HKLM\SOFTWARE\abylon\SHAREDDRIVE\SHAREDDRIVE
  you will find the key "DDRIVEOPT". Change the value from "4" to "6".
• Rename file "verclsid.exe"
  In the System32 directory of the operating system you will find the file "verclsid.exe", which can usually be renamed without problems.
  NOTE The renaming of the file is at your own risk!

Ab Version 12.90.1 the software abylon SHAREDDRIVE offers a separate program window for accessing the encrypted files!

When using the abylon SHAREDDRIVE with certificates (HYBRID system) we have no influence on the PIN request. When opening the SHAREDDRIVE we send a CRYPTO request to the corresponding CSP (Crypto Service Provider), which then decides whether a PIN is required to access the private key of the certificate. Many CSPs offer PIN caching for simplification, so that the PIN only has to be entered once for the same application (ProcessID).

Aid:

1. Microsoft CSP (Windows XP SP2 or later)
   Change the setting in the registry under:
   Path: HKLM\Software\Policies\Microsoft\Cryptography
   Key: Private KeyCachePurgeIntervalSeconds
   Reg_DWORD: Time in seconds after which the PIN caching is cancelled - Recommended value = 60 seconds
   Download of the registry patch without guarantee: Delete PIN-Caching after 60 Seconds
   More info: Microsoft-Homepage
   
2. Other CSP
   Most CSPs offer the possibility to disable password caching. Please contact the manufacturer of the CSP. 
for more information.

NOTE If PIN caching cannot be switched off in your CSP, it is recommended to use the SYMM system with password entry as an alternative.

In this case the assignment of the file name to the random number has been lost. This can happen, for example, if the system crashes or if the DAT file was not saved when a backup was backed up. Due to this display problem, however, the file content is NOT lost.

To restore, follow these steps:

1. Copy the unknown file from the SHAREDDRIVE into an unencrypted directory (HINWEIS Here the correct decryption is done)
2. Rename the decrypted file and open it with the corresponding program (NOTE If the original file names and file type are no longer known or cannot be assigned anymore, opening the file with a normal editor can provide helpful information)

Our software offers several possibilities to limit the rights for the user via a so-called user config file. An overview of the possible options can be found in the file "Information on program control files and registry for administrative purposes"
>> see on the download page under Whitepapers

In addition, the following settings are possible in the registry under HKLM/Software/abylon/SHAREDDRIVE/SHAREDDRIVE:

• TimeOut = "0" (DEFAULT) or "n" (seconds after which the SHAREDDRIVE will close automatically)!
  The value 180 means that the SHAREDDRIVE is closed after 3 minutes of non-use. The process monitoring continues with opened files, so that changes are also taken over after closing the SHAREDDRIVE.
• CallExtern = "NO" (DEFAULT) or "YES" NO = Process monitoring in the thread of the File Explorer! If the File Explorer crashes, the process monitoring is also closed. If the user does not save the data manually in this case, it can lead to data loss. This situation should normally not occur! THIS OPTION IS RECOMMENDED BY THE DEVELOPER!
  YES = Process monitoring as own thread! If the File Explorer crashes, the process monitoring continues. However, with this option the function call is much slower and more RAM memory is needed!
• ExecuteViaProcess = "NO" (DEFAULT) or "YES"
  NO = Process call via ShellExecute! ShellExecute is the tool propagated by Microsoft, but it also contains some bugs. If there are problems with the file monitoring, you can switch to CreateProcess with this tool! THIS OPTION IS RECOMMENDED BY THE DEVELOPER!
• YES = Process call via CreateProcess! Runs very reliably, but is not tested down to the last detail!
• WaitForOffice = "NO" (DEFAULT) or "YES"
  This value should always be "NO"! Only if there are problems resetting the file status in the File Explorer the option "YES" Remedy!
• DDRIVEOPT should always be set to "4"!

If the file explorer crashes when using abylon SHAREDDRIVE, the process monitoring is also stopped. To prevent data loss, you should temporarily save all files opened in SHAREDDRIVE. Afterwards the files can be opened again in SHAREDDRIVE and possibly not saved changes can be taken over.

The files are created in the directory Documents and Settings\[Login Name]\Local Settings\Temp\apm\drive\open\[Session Number]. This directory is not displayed in the default settings. After closing the file, the created temporary files are completely removed (shredded).

HINWEIS If the system crashes while using the SHAREDDRIVE, all remaining temporary files will be deleted (shredded) after restarting the computer!

With SHAREDDRIVE there is no real drive, so the File Explorer only simulates this drive. The Save Under dialogs are your own applications, which also need the drive to be simulated. A distinction has to be made between Office and non Office applications and so far this could only be realized for non Office applications. However, in order not to confuse the users, we have deactivated this functionality until a generally valid solution has been developed.

INFO In the current version we offer directly in SHAREDDRIVE the possibility to create a new file via the context menu, so that the "Save As" dialog is not needed.

Multi-user access allows multiple users to open a file at the same time. To avoid data loss, the file attributes are checked when writing back. If the file has been modified by another user in the meantime, the program automatically creates a copy of the file in SHARTEDDRIVE.

If, for example, a system crash did not delete all temporary files, you do not need to worry. After booting the computer, the directory with the temporary files is searched immediately and any existing files are deleted.

NOTE The temporary files are located by default under Documents and Settings\YOUR REGISTRATION NAME\Local Settings\Temp\apm\drive. For additional protection, you can set access permissions under Properties -> Security settings. As of version 5.20.xx.6, the Temp directory can be freely defined in the UserConfig.XML (in the control directory of the application).

Proceed as follows:

1. Set up a SHAREDDRIVE
2. Copy the data to the data drive in the File Explorer
3. Burn the complete SHAREDDRIVE files to CD or DVD using an appropriate burning program (including the IMK settings file)
4. Setting up a new connection with the corresponding initial directory on CD or DVD (note the directory structure!)

Now the access from the File Explorer to the encrypted data of the CD or DVD is possible and only in the corresponding SHAREDDRIVE the files are not shown masked.

NOTE With the new connection, the profile name is independent of the name of the IMK file and can be freely selected!

The following points must be observed when importing an existing SHAREDDRIVE:

• Your certificate must be registered as authorized
• You must have read and write permissions in the initial directory
• The profile name must be the same for all users (according to the IMK settings file name)

There are two possible causes:

• The function for determining icon indexes (Windows) does not work properly
• The icon index file of the data drive abylon SHAREDDRIVE has been destroyed

To fix the problem you should create a new icon index file. The data drive (abylon SHAREDDRIVE) must be closed and then the file ~LSICN01.DAT must be deleted in the initial directory (default: Documents and settings->YOUR NAME->apm). When the data drive is reopened, this file is created again.

The differences between abylon SHAREDDRIVE and abylon CRYPTDRIVE are manifold. Here in the FAQ's we have listed the most important ones. In our tutorials we offer a detailed table to our encryption programs.

Virtual drive abylon CRYPTDRIVE:

When setting up the virtual drive, an image file is created in the size of the drive, whereby the image file can be split according to the selected number of partials. In this image all files are stored encrypted. The access permissions are controlled by certificates. 

Advantages:

• After opening, the drive can be used like a normal hard disk (Complete integration into the MS File Explorer)
• A installation of programs on the virtual drive is possible

Disadvantages:

• If only one file is changed slightly, the complete image must be backed up (large data transfer and memory requirements during backup)
• Not available under Windows 95, 98 and Me
• No simultaneous access of multiple users to a virtual drive possible

Data Drive abylon SHAREDDRIVE:

With the data drive, each file is stored in a sequentially numbered and encrypted image file. The access permissions are controlled by certificates. 

Advantages:

• Each file is saved in a single image file (if changes are made, the backup system only needs to save this file)
• Available under Windows 95, 98, Me, NT, 2000 and XP
• Simultaneous access by multiple users possible
• Memory requirement on the hard disk depends only on the amount of data stored. 

Disadvantages:

• No programs can be installed (pure data drive)

Yes, all persons authorized by certificates can even access one and the same data drive at the same time. When opening a file the fontcolor changes in the file explorer and additionally the user is shown who opened the file.

Starting with version 5.0, the source directory can be created both on the client and on a server. The connection between client and server is established via the network, where the data transfer is encrypted at all times!

Go to the file explorer in the folder view or on the desktop and choose after the right click on the abylon SHAREDDRIVE symbol (blue loop) the point lock drive.

In the Settings under SHAREDDRIVE all created data drives are displayed. With the switch Connection manager all settings can be changed, like for example also the storage location of the encrypted files (initial directory).

The data drive abylon SHAREDDRIVE is displayed on your Desktop or in the File Explorer in the Explorer bar Folder as abylon SHAREDDRIVE. By clicking you can open the data drive and start working.

In some operating systems it may happen that the folder abylon SHAREDDRIVE is displayed only after pressing the F5 key!

Dazu wurde ab Version 19.10.1 und 2020.1 programmatisch ein Maus-Klickevent eingefügt. Sollte es hiermit Probleme geben so kann dies über die Registry ein oder ausgeschaltet werden. Dazu unter HKEY_LOCAL_MACHINE\SOFTWARE\abylon\[PROGRANNNAME, z.B. ENTERPRISE]\FLAGS den Wert FWACTIVATEWINDOW von YES auf NO setzen.

Nach der Passworteingabe zeigt die Software die Meldung "Das eingegebene Passwort ist falsch bzw. die Schlüsseldatei (Zertifikat) gehört nicht zu diesem Objekt!" an. Woran liegt dies?

Bitte prüfen Sie zunächst, ob dass Passwort wirklich korrekt eingegeben wurde oder sich nicht vielleicht das Tastaturlayout geändert hat.

Eine andere Möglichkeit besteht darin, dass der Passwort-Scrambler gewisse Sonderzeichen in andere Zeichen umwandelt. Aus diesem Grund ist es in solchen Fällen notwendig, entsprechend der Anlage des verschlüsselten Elements den Passwort-Scrambler zu aktivieren oder deaktivieren. D. h., wenn bei der Verschlüsselung der Passwort-Scrambler aktiviert war, so muss dieser auch bei der Entschlüsselung aktiviert sein.

Der Passwort-Scrambler muss auf jeden Fall deaktiviert sein, wenn ein Passwort oder die SecureID über Kopieren und Einfügen (Copy&Paste) ins Passwortfeld eintragen werden. Andernfalls erkennt das Programm keine Tastatureingabe und das Passwortfeld bleibt sozusagen leer.

Bei der SecureID handelt es sich um ein so genanntes Notfallpasswort. Dieses kann bei Defekt oder Verlust der Chipkarte oder USB-Stick alternativ für die Entschlüsselung eingegeben werden.
Die Ermittlung der SecureID erfolgt während der Verschlüsselung auf der Seite 'Schlüsselverwaltung->SYMM-System'.
Die SecureID ist für jedes verschlüsseltes Objekt (abylon KEYSAFE, abylon CRYPTDRIVE, abylon BASIC, abylon SHAREDDRIVE) identisch und baut sich wie folgt auf:

# + 32 Zeichen + . + 32 Zeichen + # 
(Zeichen nur Zahlen 0-9 oder Buchstaben A-F; z. B. #A54E1CB23F31464AC3B7D65F4557C1D1D. 50F4B4A9EC30705944EB12870284C419#

HINWEIS
- Ab Version 8.3 können sowohl Groß- als auch Kleinbuchstaben eingegeben werden. Bei älteren Versionen ist die Eingabe Case-Sensitive.
- Zur Eingabe sollte der PasswortScrambler deaktiviert werden!
- Die SecureID sollte an einem sicheren Ort aufbewahrt werden!
- Die SecureIDs sind für Verschlüsselung und Windows-Anmeldung unterschiedlich. 

Unter einem "Brute Force Angriff" versteht man das Ausprobieren aller möglichen Zeichenkombinationen von Passwörtern. Zum Beispiel beginnt der Prozess mit 00000001 und geht dann mit 00000002, 00000003, 00000004... weiter. Ein Passwort, das nur 4 Stellen hat und nur aus Zahlen besteht, kann leicht innerhalb wenigen Sekunden "geknackt" werden. Ein gutes Passwort sollte aus mindestens 12 Zeichen mit Kleinbuchstaben, Großbuchstaben, Zahlen und Sonderzeichen besteht. Zudem sollten keine Wörter aus Wörterbüchern, Namen oder einschlägigen Passwort-Datenbanken verwendet werden. Wer diese Regeln berücksichtigt, kann sicher sein, dass eine wirtschaftliche Entschlüsselung der geschützten Daten in absehbarer Zeit nicht möglich ist.

Es ist leider / zum Glück nicht möglich, geschützte Daten ohne das zugehörige Passwort zu öffnen. D.h., die Software von abylonsoft bietet weder eine Hintertür noch einen sogenannten "Generalschlüssel". Wenn Sie also ihr Passwort verloren haben, kommen Sie nicht mehr an ihre gespeicherten Daten dran.

Sie sollten sich die verwendeten Passwörter gut merken und evt. an einer geheimen Stelle aufschreiben. Dies sollte aber nicht auf der Festplatte oder in der nähe des Computers sein. Alternativ bieten so-genannte Passwortmanager (wie z. B. abylon KEYSAFE) die Möglichkeit die unterschiedlichen Passwörter in einer gesicherten Datenbank zu hinterlegen. In diesem Fall müssen Sie sich nur noch ein Passwort merk

Ein unsicheres Passwort ist immer ein Geburtsdatum, eine Nickname, eine Name prinzipiell oder irgend ein anderes Wort, welches häufig gebraucht wird, oder welches im Lexikon steht.

Ein sicheres Passwort ist ein Passwort, das aus verschiedenen zufälligen Zeichen besteht, z.B. myz<_/k)),%06YLbcw3pU. Es besteht aus Sonderzeichen ( ! »§$%&/()==?´*?+#´\ß^.;:_@<>|{[]}), Zahlen (1234567890), Großbuchstaben (QWERTZUIOPÜÄÖLKJHGFDSAYXCVBNM) und Kleinbuchstaben (qwertzuiopüäölkjhgfdsayxcvbnm).

Sollten Sie sich ein solches Passwort nicht merken können, so können Sie auf einen Trick zurückgreifen. Zwar ist das Passwort dann nicht so sicher, wie das vorherige, jedoch immer noch um einiges sicherer wie ?Otto? oder ?Müller?. Und so funktioniert es. Denken Sie sich einen langen Satz aus, den Sie sich leicht merken können, wie z.B. : Ich wohne in der Musterstadt 134b. Meine Telefonnummer ist 123456789.  Nun nehmen Sie von diesem Satz einfach die ersten Buchstaben / Zeichen. In diesem Fall wäre das? IwidM1.Mti1.?. Sie sollten aber darauf achten, dass wenigsten einige Zahlen und Sonderzeichen in dem Satz vorhanden sind. Zudem müssen Sie auf Groß- und Kleinschreibung achten.

Um ein wirklich sicheres Passwort zu erzeugen, sollten Sie den integrierten Passwortgenerator benutzen. Sie finden ihn beispielsweise im abylon KEYSAFE.

Antwort:

Nein, ab Version 24.0 (bzw. Jahresversion 2024.1) wird Windows XP nicht mehr unterstützt.