Support, help and instructions for abylon SHAREDDRIVE

Share page: || Newsletter: Subscribe Unsubscribe

Additional Info and Help Multi-user encryption for files

Questions and answers about the software abylon SHAREDDRIVE (FAQ's)

Encrypted file storage in networks for multi-user access

With programs based on the shell extension of the File Explorer, this problem can occur under Windows XP from service pack 2. Please proceed in the following order to solve the problems.

Aid:

  • Install Latest Service Packs and Windows Updates
  • All current service packs and security patches (especially KB908531) should be installed using the Windows update!
  • Change registry value
    In the registry under
    abylon ENTERPRISE: HKLM\SOFTWARE\abylon\ENTERPRISE\SHAREDDRIVE
    abylon SHAREDDRIVE: HKLM\SOFTWARE\abylon\SHAREDDRIVE\SHAREDDRIVE
    you will find the key "DDRIVEOPT". Change the value from "4" to "6".
  • Rename file "verclsid.exe"
    In the System32 directory of the operating system you will find the file "verclsid.exe", which can usually be renamed without problems.
    NOTE The renaming of the file is at your own risk!

Ab Version 12.90.1 the software abylon SHAREDDRIVE offers a separate program window for accessing the encrypted files!

When using the abylon SHAREDDRIVE with certificates (HYBRID system) we have no influence on the PIN request. When opening the SHAREDDRIVE we send a CRYPTO request to the corresponding CSP (Crypto Service Provider), which then decides whether a PIN is required to access the private key of the certificate. Many CSPs offer PIN caching for simplification, so that the PIN only has to be entered once for the same application (ProcessID).

Aid:

  1. Microsoft CSP (Windows XP SP2 or later)
    Change the setting in the registry under:
    Path: HKLM\Software\Policies\Microsoft\Cryptography
    Key: Private KeyCachePurgeIntervalSeconds
    Reg_DWORD: Time in seconds after which the PIN caching is cancelled - Recommended value = 60 seconds
    Download of the registry patch without guarantee: Delete PIN-Caching after 60 Seconds
    More info: Microsoft-Homepage
  2. Other CSP
    Most CSPs offer the possibility to disable password caching. Please contact the manufacturer of the CSP. 
  3. for more information.

NOTE If PIN caching cannot be switched off in your CSP, it is recommended to use the SYMM system with password entry as an alternative.

In this case the assignment of the file name to the random number has been lost. This can happen, for example, if the system crashes or if the DAT file was not saved when a backup was backed up. Due to this display problem, however, the file content is NOT lost.

To restore, follow these steps:

  1. Copy the unknown file from the SHAREDDRIVE into an unencrypted directory (HINWEIS Here the correct decryption is done)
  2. Rename the decrypted file and open it with the corresponding program (NOTE If the original file names and file type are no longer known or cannot be assigned anymore, opening the file with a normal editor can provide helpful information)

Our software offers several possibilities to limit the rights for the user via a so-called user config file. An overview of the possible options can be found in the file "Information on program control files and registry for administrative purposes"
>> see on the download page under Whitepapers

In addition, the following settings are possible in the registry under HKLM/Software/abylon/SHAREDDRIVE/SHAREDDRIVE:

  • TimeOut = "0" (DEFAULT) or "n" (seconds after which the SHAREDDRIVE will close automatically)!
    The value 180 means that the SHAREDDRIVE is closed after 3 minutes of non-use. The process monitoring continues with opened files, so that changes are also taken over after closing the SHAREDDRIVE.
  • CallExtern = "NO" (DEFAULT) or "YES" NO = Process monitoring in the thread of the File Explorer! If the File Explorer crashes, the process monitoring is also closed. If the user does not save the data manually in this case, it can lead to data loss. This situation should normally not occur! THIS OPTION IS RECOMMENDED BY THE DEVELOPER!
    YES = Process monitoring as own thread! If the File Explorer crashes, the process monitoring continues. However, with this option the function call is much slower and more RAM memory is needed!
  • ExecuteViaProcess = "NO" (DEFAULT) or "YES"
    NO = Process call via ShellExecute! ShellExecute is the tool propagated by Microsoft, but it also contains some bugs. If there are problems with the file monitoring, you can switch to CreateProcess with this tool! THIS OPTION IS RECOMMENDED BY THE DEVELOPER!
  • YES = Process call via CreateProcess! Runs very reliably, but is not tested down to the last detail!
  • WaitForOffice = "NO" (DEFAULT) or "YES"
    This value should always be "NO"! Only if there are problems resetting the file status in the File Explorer the option "YES" Remedy!
  • DDRIVEOPT should always be set to "4"!

If the file explorer crashes when using abylon SHAREDDRIVE, the process monitoring is also stopped. To prevent data loss, you should temporarily save all files opened in SHAREDDRIVE. Afterwards the files can be opened again in SHAREDDRIVE and possibly not saved changes can be taken over.

The files are created in the directory Documents and Settings\[Login Name]\Local Settings\Temp\apm\drive\open\[Session Number]. This directory is not displayed in the default settings. After closing the file, the created temporary files are completely removed (shredded).

HINWEIS If the system crashes while using the SHAREDDRIVE, all remaining temporary files will be deleted (shredded) after restarting the computer!

With SHAREDDRIVE there is no real drive, so the File Explorer only simulates this drive. The Save Under dialogs are your own applications, which also need the drive to be simulated. A distinction has to be made between Office and non Office applications and so far this could only be realized for non Office applications. However, in order not to confuse the users, we have deactivated this functionality until a generally valid solution has been developed.

INFO In the current version we offer directly in SHAREDDRIVE the possibility to create a new file via the context menu, so that the "Save As" dialog is not needed.

Multi-user access allows multiple users to open a file at the same time. To avoid data loss, the file attributes are checked when writing back. If the file has been modified by another user in the meantime, the program automatically creates a copy of the file in SHARTEDDRIVE.

If, for example, a system crash did not delete all temporary files, you do not need to worry. After booting the computer, the directory with the temporary files is searched immediately and any existing files are deleted.

NOTE The temporary files are located by default under Documents and Settings\YOUR REGISTRATION NAME\Local Settings\Temp\apm\drive. For additional protection, you can set access permissions under Properties -> Security settings. As of version 5.20.xx.6, the Temp directory can be freely defined in the UserConfig.XML (in the control directory of the application).

Proceed as follows:

  1. Set up a SHAREDDRIVE
  2. Copy the data to the data drive in the File Explorer
  3. Burn the complete SHAREDDRIVE files to CD or DVD using an appropriate burning program (including the IMK settings file)
  4. Setting up a new connection with the corresponding initial directory on CD or DVD (note the directory structure!)

Now the access from the File Explorer to the encrypted data of the CD or DVD is possible and only in the corresponding SHAREDDRIVE the files are not shown masked.

NOTE With the new connection, the profile name is independent of the name of the IMK file and can be freely selected!

The following points must be observed when importing an existing SHAREDDRIVE:

  • Your certificate must be registered as authorized
  • You must have read and write permissions in the initial directory
  • The profile name must be the same for all users (according to the IMK settings file name)

There are two possible causes:

  • The function for determining icon indexes (Windows) does not work properly
  • The icon index file of the data drive abylon SHAREDDRIVE has been destroyed

To fix the problem you should create a new icon index file. The data drive (abylon SHAREDDRIVE) must be closed and then the file ~LSICN01.DAT must be deleted in the initial directory (default: Documents and settings->YOUR NAME->apm). When the data drive is reopened, this file is created again.

The differences between abylon SHAREDDRIVE and abylon CRYPTDRIVE are manifold. Here in the FAQ's we have listed the most important ones. In our tutorials we offer a detailed table to our encryption programs.

Virtual drive abylon CRYPTDRIVE:

When setting up the virtual drive, an image file is created in the size of the drive, whereby the image file can be split according to the selected number of partials. In this image all files are stored encrypted. The access permissions are controlled by certificates. 

Advantages:

  • After opening, the drive can be used like a normal hard disk (Complete integration into the MS File Explorer)
  • A installation of programs on the virtual drive is possible

Disadvantages:

  • If only one file is changed slightly, the complete image must be backed up (large data transfer and memory requirements during backup)
  • Not available under Windows 95, 98 and Me
  • No simultaneous access of multiple users to a virtual drive possible

Data Drive abylon SHAREDDRIVE:

With the data drive, each file is stored in a sequentially numbered and encrypted image file. The access permissions are controlled by certificates. 

Advantages:

  • Each file is saved in a single image file (if changes are made, the backup system only needs to save this file)
  • Available under Windows 95, 98, Me, NT, 2000 and XP
  • Simultaneous access by multiple users possible
  • Memory requirement on the hard disk depends only on the amount of data stored. 

Disadvantages:

  • No programs can be installed (pure data drive)

Yes, all persons authorized by certificates can even access one and the same data drive at the same time. When opening a file the fontcolor changes in the file explorer and additionally the user is shown who opened the file.

Starting with version 5.0, the source directory can be created both on the client and on a server. The connection between client and server is established via the network, where the data transfer is encrypted at all times!

Go to the file explorer in the folder view or on the desktop and choose after the right click on the abylon SHAREDDRIVE symbol (blue loop) the point lock drive.

In the Settings under SHAREDDRIVE all created data drives are displayed. With the switch Connection manager all settings can be changed, like for example also the storage location of the encrypted files (initial directory).

The data drive abylon SHAREDDRIVE is displayed on your Desktop or in the File Explorer in the Explorer bar Folder as abylon SHAREDDRIVE. By clicking you can open the data drive and start working.

In some operating systems it may happen that the folder abylon SHAREDDRIVE is displayed only after pressing the F5 key!

FAQ: Password

Information about password usage and related security issues.

For this purpose, a mouse click event was inserted programmatically from version 19.10.1 and 2020.1 on. If there are problems with this, it can be switched on or off via the registry. To do this, under HKEY_LOCAL_MACHINE\SOFTWARE\abylon\[PROGRAM NAME, e.g. ENTERPRISE]\FLAGS set the value FWACTIVATEWINDOW from YES to NO.

After the password entry the software displays the message "The entered password is wrong or the key file (certificate) does not belong to this object!". What is the reason for this?

Please check first whether the password was really entered correctly or the keyboard layout has changed.

Another possibility is that the password scrambler converts certain special characters into other characters. For this reason it is necessary in such cases to activate or deactivate the password scrambler according to the creation of the encrypted element. I.e., if the password scrambler was activated during encryption, it must also be activated during decryption.

The password scrambler must be deactivated in any case if a password or the SecureID are entered into the password field via Copy&Paste. Otherwise, the program will not recognize a keyboard entry and the password field will remain empty.

The SecureID is a so-called emergency password. If the chip card or USB stick is defective or lost, this can be entered as an alternative for decryption.
The SecureID is determined during the encryption process on the page 'Key management >SYMM-System'.
The SecureID is identical for each encrypted object (abylon KEYSAFE, abylon CRYPTDRIVE, abylon BASIC, abylon SHAREDDRIVE) and is built as follows:

# + 32 characters + . + 32 characters + # 
(characters only numbers 0-9 or letters A-F; e.g. #A54E1CB23F31464AC3B7D65F4557C1D1D. 50F4B4A9EC30705944EB12870284C419#

NOTE
- Starting with version 8.3, both upper and lower case letters can be entered. In older versions the input is Case-Sensitive.
- The password scrambler should be deactivated for input!
- The SecureID should be stored in a secure place!
- The SecureIDs are different for encryption and Windows logon.

A "brute force attack" means trying out all possible character combinations of passwords. For example, the process starts with 00000001 and then continues with 00000002, 00000003, 00000004.... A password that has only 4 digits and consists only of numbers can easily be "cracked" within a few seconds. A good password should consist of at least 12 characters with lower case letters, upper case letters, numbers and special characters. In addition, no words from dictionaries, names or relevant password databases should be used. If you follow these rules, you can be sure that it will not be possible to decrypt the protected data economically in the foreseeable future.

 

Unfortunately / fortunately it is not possible to open protected data without the corresponding password. I.e., the software of abylonsoft offers neither a back door nor a so-called "general key". If you have lost your password, you can no longer access your stored data. 

You should remember the used passwords well and possibly write them down in a secret place. However, this should not be on the hard disk or near the computer. Alternatively, so-called password managers (such as abylon KEYSAFE) offer the possibility to store the different passwords in a secure database. In this case you only have to remember a password

An insecure password is always a date of birth, a nickname, a name in principle or any other word that is frequently used or that is in the dictionary.

A secure password is a password consisting of several random characters, e.g. myz<_/k)),%06YLbcw3pU. It consists of special characters ( ! "§$%&/()==?´*?+#´\ß^.;:_@<>|{[]}), numbers (1234567890), uppercase letters (QWERTZUIOPÜÄÖLKJHGFDSAYXCVBNM) and lowercase letters (qwertzuiopüäölkjhgfdsayxcvbnm).

If you cannot remember such a password, you can use a trick. Although the password is not as secure as the previous one, it is still much more secure than "Otto" or "Müller". And this is how it works. Think of a long sentence that you can easily remember, such as : I live in the model city 134b. My phone number is 123456789.  Now simply take the first letters / characters from this sentence. In this case that would be? IwidM1.Mti1.?. However, you should make sure that at least some numbers and special characters are present in the sentence. In addition you must pay attention to upper and lower case.

To create a really secure password, you should use the integrated password generator. You can find it for example in abylon KEYSAFE.

FAQ: Installation

Questions and Answers about the installation of software products from abylonsoft.

Yes, because during the installation the software has to make some settings for which only the administrator has rights. So log in for the installation as an administrator or contact your responsible administrator.

Possible cause of error:

  1. You have entered the registration data incorrectly! The safest way is to copy and paste the name and the registration key from the email directly into the registration dialog of our software.
  2. Each license key is created individually for each program and each version. Check whether your registration data are also intended for the version you have installed!

Updates in the same major version number are free. Updates to the next major version number are subject to an update fee. If you have any questions or problems with us you are welcome to contact us in Kontakt.

This is because when a new user is created, Windows first creates the registry and makes entries. Since our software also has to make registry entries, an operating system restart is required for proper operation.

.

If this error occurs, you should manually download and install the setup from the download page. All settings of the previous version will be adopted.

FAQ: Compatibility

Questions and answers for compatibility tests of our software products with special hardware.

Microsoft has disabled the automatic installation of the framework .NET 3.5 under Windows 10. This causes crashes and protection violations during the execution of the .NET 3.5 versions of abylonsoft.

How can I still activate .NET 3.5 under Windows 10?

.NET 3.5 unter Windows 10 aktivieren

As shown in the screenshot, Microsoft .NET 3.5 can be enabled via the Windows features:

  1. Open the Control Panel under Windows 10, e.g. via the Search field or the Settings icon in the Start menu.
  2. Display all system control elements and select the entry Programs and Features. This item is also displayed directly under Programs.
  3. Open the Windows features on the left.
  4. Search entry .NET Framework 3.5 (contains .NET 2.0 and 3.0) in list.
  5. If the entry Activated is, then first Deactivate (Otherwise skip this point). With Ok Windows takes over the changes, which can take some time.
  6. After or if the point is Disabled anyway, the option is activated by clicking Activated. This operation is also done with Ok.

subsequently the version .NET 3.5 of our software should also run without problems under Windows 10.

To use a removable disk (e.g. USB stick) as "key" for login and encryption or mobile use (switch "install modules on USB stick"), the following conditions must be met:

  1. The USB stick must be plugged in
  2. The USB stick must create a new drive
  3. The drive must be formatted
  4. The drive must be writable (write permissions)
  5. The drive must have enough disk space
  6. The driver must register the drive as "Removable Device"

Card reader:

Our software supports all card readers that offer the standard PC/SC interface. In addition, you have to pay attention to which smart cards are supported by the card reader. In addition to contact smart cards, there is a large variety of suppliers and different technologies available for wireless smart cards. Here the supported frequencies 125 kHz (long wave) and 13.56 MH (short wave) are to be mentioned for example.

chip cards:

  • Contacting ACOS1 or ACOS3 chip cards
  • Other contact processor smart card (on request)
  • 13.56 MH Legic ATC
  • other 13.56 MH (on request)
  • 13.56 MH Mifare Classic
  • 13.56 MH Mifare Desfire
  • 13.56 MH Mifare UX
  • 125 kHz HITAG (on request)
  • 125 kHz EM (on request)
  • other RFID cards/keyfobs (on request)

Our software can be fully tested for 30 days. You should definitely take advantage of this offer. If you have any questions about compatibility, you can also contact us with confidence approach.
On our hardware page you will also find a selection of compatible card readers and chip cards.

Supportanfrage zur abylon SHAREDDRIVE Encrypted file storage in networks

Submit a support request

For general comments, please use our Comments Form!

Please enter your name or a pseudonym (alias) for the salutation!
Your email address will only be used for questions and notification and will not be saved!
Please enter the operating system you are using (incl. service pack and 32- or 64-bit platform) or "unknown"!
Please enter the version number of our software or "unknown"? The version number is displayed in the About dialog of our software.
Outline your problem in a short question!

The more detailed you describe your problem, the sooner we can help. We can only contact you if you have entered your email address correctly.
I have understood and accept the Privacy Policy.