Encrypt/secure files on external HDD?

[mulambo]

Hello, I would like to know how to completely secure/lock or encrypt files into an external HDD.
Basically I want those files to be read-only, uncopiable, uneditable, etc. and of course I want to the external HDD to be uncopiable as well (not formatable, or copiable/clonable on another blank or formated HDD).

Is that possible to achieve with any program or combination of them?

 

[dg1261]

Have you considered Veracrypt? I'm not sure I understand your requirements ... "unformattable?" Any disk can be reformatted, but if that is done anything that was on the disk gets erased anyway, so not sure why you would require the disk to be incapable of being reformatted.

With Veracrypt you can create an encrypted "container" (basically, an encrypted file that can be opened as a separate drive letter) or you can encrypt an entire SSD/HDD partition, ala Microsoft's Bitlocker. The choice basically depends on how much content you want to store. Without the proper password to unlock the encrypted volume, nothing within the encrypted volume can be seen or accessed. With the proper password, though, it's just like any other directory in that you can read/copy/edit the files within. I don't know whether that meets your requirements or not.

Take a look and see what you think. There is a "portable" version, so you can download it and give it a trial run. I suggest you test the portable version and create a small (2-10 GB) encrypted container and explore how to use it. That may be all you need. If you like the way it works but need something a lot larger, you could then move on to create a larger container or encrypt an entire partition, if desirable. And if it doesn't meet your needs, you can simply toss the Veracrypt folder and continue looking for something else.

 

[mulambo]

Have you considered Veracrypt? I'm not sure I understand your requirements ... "unformattable?" Any disk can be reformatted, but if that is done anything that was on the disk gets erased anyway, so not sure why you would require the disk to be incapable of being reformatted.

With Veracrypt you can create an encrypted "container" (basically, an encrypted file that can be opened as a separate drive letter) or you can encrypt an entire SSD/HDD partition, ala Microsoft's Bitlocker. The choice basically depends on how much content you want to store. Without the proper password to unlock the encrypted volume, nothing within the encrypted volume can be seen or accessed. With the proper password, though, it's just like any other directory in that you can read/copy/edit the files within. I don't know whether that meets your requirements or not.

Take a look and see what you think. There is a "portable" version, so you can download it and give it a trial run. I suggest you test the portable version and create a small (2-10 GB) encrypted container and explore how to use it. That may be all you need. If you like the way it works but need something a lot larger, you could then move on to create a larger container or encrypt an entire partition, if desirable. And if it doesn't meet your needs, you can simply toss the Veracrypt folder and continue looking for something else.

Hello, thank you for your answer, to put it simply: it's personal work I need to hand out temporarily to somebody who has to view it only. It's personal work that I don't want to be distributed or seen outside of the viewer I've chosen (basically the drive itself is a portfolio). That is why I needed that secrecy. Unformattable because, of course, I can reuse it to make someone else see it without reuploading it all again (in case the first person who views the content accidentally erases its contents... or even intentionally but that would make no sense). So I don't know if the password alone would do, as the person has full access with it (meaning he can copy the files and use them as he pleases). Hope that makes sense.

If not, think about an artwork project: you have not only the final JPG of the image, but also the "source files" which have extra features (such as layer-based files, unlike JPG) and much more. I basically want to make the viewer (let's say, somebody who is probably going to hire me) to see what I can do on full extent (ergo: seeing that the JPG file was made with the combination of different softwares such as Gimp, MyPaint, Blender) and I want him to see the separate parts of the composition made in different programs. Of course, if he gets the files he can tell me "sorry I won't hire you" then use the files without permission since they may be not protected, fully accessible, practically in his hands. That's the point, and why I need the HDD to be read-only. Afterall, I wouldn't care if the person formatted it.

 

[dg1261]

Aha, now I see. That puts things in better context. Essentially, you're looking for some form of copyright or anti-tamper protection rather than simply security from hackers and prying eyes.

Outside of water-marking, I'm not sure what else can be done. Maybe someone else has some ideas. Even "secure pdfs" can be stripped of their security, so that's not a solution. It's kind of like the age-old DVD copyright conundrum -- you can encrypt the DVD, but at some point it has to be decrypted for display on the TV, and then it's exposed to copying or screen capture. The solution there was to tie the DVD to dedicated hardware, but that won't be an option for your case.

This is well outside my level of experience, but I wonder if a solution might lie in some sort of hybrid online delivery. For example, I think a pdf can be designed to pull in and display content dynamically from over the internet; perhaps your intended viewer has similar capability. If so, that might allow your webserver to control (and revoke, when necessary) access. I'm just shooting in the dark, though.

Your best bet may be to browse around some photography forums rather than hardware forums. See what ideas photographers have used to protect their creations, and maybe there will be some ideas that you can modify for your situation.

 

[Alejandro85]

Here is the catch: there isn't anything like "uncopiable" things. Once you grant read access to something, you can get the info and display it, but nothing really prevents you from writing it somewhere else you have write access to. Read implies knowing the data, and by knowing the data you can put it elsewhere.

By handing out an external HD (or a pendrive, or an email attachment, or a webserver hosted file, literally, anything), you no longer are in control of it nor can restrict what the recipent can do with it. It's within their system now and under full control.
Encryption would helped if you don't need the other guy to view it, but now, you're after something like "DRM", and as all we know, it's impossible in practice to have good results with it (that's why music and movies piracy is still a thing and still impossible to avoid).

The only real solution to go to the meeting with your potential employeer with your own computer, open the files yourself, in your own screen, under your control, show whatever you need, then close the laptop and go away, carrying the lone copies with you. Of course this is not always practical or even possible.

Other than that, I would stick to the mentioned techniques to "dumb down" the work so that it doesn't hurts too much if it leaks: watermarking, using a lower quality or resolution of images, show only a portion of them and the like.

 

[Malneb]

I think the point would be that the contents are clearly intended for a third party but not all third parties. it means that if the drive got lost or onto the hands of someone else unintended then there is a fail safe in place.

I would just use Bitlocker on the drive set with a password.

 

[mulambo]

I think the point would be that the contents are clearly intended for a third party but not all third parties. it means that if the drive got lost or onto the hands of someone else unintended then there is a fail safe in place.

I would just use Bitlocker on the drive set with a password.

That doesn't solve the contents from being copied, even knowing the password. The password itself is no use, I just want basically to make the entire drive "read only" and I mean truely read-only (no way to copy files or the drive).

I realize that it is impossible so, I'll just give up I guess.

- - - Updated - - -

I think the point would be that the contents are clearly intended for a third party but not all third parties. it means that if the drive got lost or onto the hands of someone else unintended then there is a fail safe in place.

I would just use Bitlocker on the drive set with a password.

That doesn't solve the contents from being copied, even knowing the password. The password itself is no use, I just want basically to make the entire drive "read only" and I mean truely read-only (no way to copy files or the drive).

I realize that it is impossible so, I'll just give up I guess.

Well, not truely impossible, I mean... it would mean inventing my own hard drive with my own filesystem, accessible through my own software. But that's just a dream so it is possible, only in dreams, lol.

 

[Malneb]

What? bitlocker is AES 256 encryption capable and means you cannot read the contents unless you know the key.

Hello, I would like to know how to completely secure/lock or encrypt files into an external HDD.
Basically I want those files to be read-only, uncopiable, uneditable, etc. and of course I want to the external HDD to be uncopiable as well (not formatable, or copiable/clonable on another blank or formated HDD).
Is that possible to achieve with any program or combination of them?

I think you are confused then tbh. You are literally asking about encryption in the OP and bitlocker is just that, use it.

 

[townsbg]

I think you are confused then tbh. You are literally asking about encryption in the OP and bitlocker is just that, use it.

He isn't exactly trying to control who can access it but what can be done once it's accessed. Hard drive encryption wouldn't stop them from copying the files to another drive once they have his drive and his password. It would only keep them from accessing the files but he doesn't want that. He wants to allow access but prevent them from reusing his files.

Using windows permissions you can provide read only access but that only applies to a system under your control and doesn't prevent them copying the files to another volume anyway. This is application based protections so it would have to be built into the application that you're using. For example pdfs can be protected so that the files are read only but that's built into the application and not windows. I'm afraid that this is beyond us. You should try a forum specializing in the applications that you are using. If they have such protections that would be more affective than what computer systems provide. The only thing that I know that you could do would be to have some kind of meeting (be it in person or virtual like zoom or webex), you pull up the files on your system and let them inspect them. You control the situation and when you are gone they lose access.

Consider this, do you really want to work for an employer that would do the kind of back stabbing that you're trying to prevent? You wouldn't ever feel like you could trust them.

 

[mulambo]

He isn't exactly trying to control who can access it but what can be done once it's accessed. Hard drive encryption wouldn't stop them from copying the files to another drive once they have his drive and his password. It would only keep them from accessing the files but he doesn't want that. He wants to allow access but prevent them from reusing his files.

Using windows permissions you can provide read only access but that only applies to a system under your control and doesn't prevent them copying the files to another volume anyway. This is application based protections so it would have to be built into the application that you're using. For example pdfs can be protected so that the files are read only but that's built into the application and not windows. I'm afraid that this is beyond us. You should try a forum specializing in the applications that you are using. If they have such protections that would be more affective than what computer systems provide. The only thing that I know that you could do would be to have some kind of meeting (be it in person or virtual like zoom or webex), you pull up the files on your system and let them inspect them. You control the situation and when you are gone they lose access.

Consider this, do you really want to work for an employer that would do the kind of back stabbing that you're trying to prevent? You wouldn't ever feel like you could trust them.

Anything goes, you know. If not the boss, somebody else (data theft, unloyal employees, whatever). I just wanted to reduce risks to the bare minimum and also give the time to check all the files when he wants and for all the time he wants. So the idea was to hand the drive over and take it back after (and this is already some kind of trust I'm giving).

 

[Malneb]

OK i did skim over the thread initially because i was busy at the time, I see what you are trying to achieve now. There is no real way i can think of to achieve what you are wanting. There was a program called securom that is now defunct.

Depending on the Data type then you could look at authoring that data in a way that makes it non editable. Eg like taking a photo of documents instead of sending the actual documents. PDF are also another option that until more recent times was usually used as it was harder to edit,
eg i would send for example a resume as PDF because it means the person has to intentionally try to edit that format and also a bonus of that format means it can open in any browser so it makes accessibility easier to the recipient. You can take this sort of logic and apply it to other data. Many generic users would not even know you can edit a PDF for example.

You can also use in some cases encrypted rar files so that they person can view the data but cannot edit it because you never gave them the key.

It all depends on the data at this point Just look at the Data you have and see if there is ways to present that data in other forms which allow in a way to make them non editable.

If we are talking about gb or tb of data then ditto you are out of luck. I think also if you are sharing data with someone then you are also giving that right away, at that point the question asks why are you so concerned about them not editing anything?

 

[mulambo]

why are you so concerned about them not editing anything?

because its my stuff, you know.. pretty simple

 

[Malneb]

because its my stuff, you know.. pretty simple

Sure but that is not conductive to actually protecting data to just say "its my data simple". The paradigm is this, either protecting data where its about keeping other people away from that data which is why why use encryption. Which means in turn its already a given if you allow someone to said data then that means you trust that person with said data 100%.

Permissions in computers since UNIX state a clear paradigm which is on a basic level and also a POSIX standard and further in another method called ACL which is a system derived from the earlier system and is loosely speced around POSIX.

Basic example

r = read
w = write
x = execute

You give or deny any user, person or group any combination of those allowances. Or you encrypt entirely data where you want more robust measure of protection. There is no grey area and read access also means that the person can copy said data, they also need to be able to read to do any of the other features. So opening a document or viewing a picture or listening to a song is read permissions granted, which means they can copy that data.

You let them read and execute but not write data, so they can still copy and read but they cannot alter data. Past that then ditto.

So really you either give them access or you don't.

 

[mulambo]

Sure but that is not conductive to actually protecting data to just say "its my data simple". The paradigm is this, either protecting data where its about keeping other people away from that data which is why why use encryption. Which means in turn its already a given if you allow someone to said data then that means you trust that person with said data 100%.

Permissions in computers since UNIX state a clear paradigm which is on a basic level and also a POSIX standard and further in another method called ACL which is a system derived from the earlier system and is loosely speced around POSIX.

Basic example

r = read
w = write
x = execute

You give or deny any user, person or group any combination of those allowances. Or you encrypt entirely data where you want more robust measure of protection. There is no grey area and read access also means that the person can copy said data, they also need to be able to read to do any of the other features. So opening a document or viewing a picture or listening to a song is read permissions granted, which means they can copy that data.

You let them read and execute but not write data, so they can still copy and read but they cannot alter data. Past that then ditto.

So really you either give them access or you don't.

Logic doubt.
Why "copy" = "read" ?
Copying means duplicating.
Example: you have a written exam to do. A colleague asks you to make him read your stuff. Then he entirely copies it and presents it as his stuff. The teacher gets upset and start doubting of both the real author (you) and the smartarse (your colleague).
Hope that makes sense.

 

[Malneb]

Well copy is hard to define because its not strictly defined, it falls under a few different scenarios, technically you only need read permissions to copy data. But because most of the time data is wanting to be written then you need write permissions too.

You can get around that hence technically you only need to be able to read data to copy it.

The earlier example given is only per OS because the perms are set on any given OS. So if i had a file called A i could copy that file to computer B and computer B can do anything with it.

This logic means i can copy data outside of the OS where i have full perms and then i can do anything i want with that data.

the local permission example it was also only shown to you to show and elaborate more on that there is not simple way to do what you are wanting to do, you either give a third party access or you don't. Encryption is about protecting data from the very stuff i just mentioned, and even there is still stands you give them access or not.
Example on a basic level a password protected zip, you give the password to certain ppl so that anyone else who comes across the zip file will not be able to access that data. You see here there is the exact same mantra of "You give them access or not"

Its a catch 22 because you want to give someone the hard drive but the very act of doing that means you give them access to the data. There is no way to be in between because there is no grey area in the systems involved. You can encrypt the drive but that person needs to know the password. Else they cannot access the data and filesystem perms only pertain locally so you cannot to my knowledge change that.

All roads lead to Rome which is you trust someone to data or not.

 

[Alejandro85]

Logic doubt.
Why "copy" = "read" ?
Copying means duplicating.

In computers, when we say "read" what we actually refer to is to create a copy of the data from permanent storage, like a hard disk, to a temporary working location, like RAM. Then the CPU does calculations with it and outputs some result. The practical effect can be as to display an image on screen or dumping it to another file, or something completely different.

But the initial step is the critical one. From HD to RAM. This is unavoidable and it's what puts data outside of your control. Even if you fully control the HD it came from, it doesn't matters, it's now data in RAM under that computer's control, and it can just display it (the good case) or put it into another file outside your control (the bad case). Both are totally possible and the direct result of giving read access to the files. Hence it implies that read permission is also permission to copy.

What you're seeking is the exact problem DRM have attempted to solve, and while some obstacles were created, they all ultimate failed for a determined attacker. This is why piracy still exists and it's impossible to prevent from a technical level..
Many multimillon dollar companies have tried to do what you're asking for.
They ALL failed.
Every single time.
Music, movies, software, all is still pirated, copied without permission and plagarized, since centuries ago.
Those companies learned to accept that they can sell a lot, but some will be still copied without permission. They try to minimize those, but ultimately cannot prevent it completely.

What you can do is to manage your risk. Don't showcase your very best job, but a small portion of it, use watermarks, lower resolutions and the like. Minimize your losses should the worst happens.

Example: you have a written exam to do. A colleague asks you to make him read your stuff. Then he entirely copies it and presents it as his stuff. The teacher gets upset and start doubting of both the real author (you) and the smartarse (your colleague).

This is actually a very good example.Once your colleague reads your work, how can you prevent him from writing it somewhere else? Or saying it aloud from memory?
He has your text in his head, so from that point on, he could really do anything with that, honest or not.
The only possible way to prevent the risk is to not let him read you stuff.

 

[mulambo]

Hence it implies that read permission is also permission to copy.

Not at all.
Read and copy are two different words by themselves, on the dictionary.
If read = copy

Then anybody who reads a book, can copy it and even sell it with his/her name on it?

Come on. We're talking about honesty here.
Computers are just built the dishonest way, that's what I'm assuming.

Once your colleague reads your work, how can you prevent him from writing it somewhere else? Or saying it aloud from memory?

With my knife, that's how, lol.
Jokes aside, no. I get that computers are a simplified version of human intellect with varied results according to the wonders of artificiality. But we humans behave according to moral principles. Computers are given no morality (or are we just screwed too deep into computers so we have lost it, forgot about it?). That's how it is.

Anyway this is a whole different discussion and I'm honestly getting tired of it.
What remains is that, even in dictionaries, read and copy are different words.
If one implies the other, it means who reads is a thief.

read
verb
verb: read; 3rd person present: reads; past tense: read; past participle: read; gerund or present participle: reading
/riːd/
1.
look at and comprehend the meaning of (written or printed matter) by interpreting the characters or symbols of which it is composed.
"it's the best novel I've ever read"

copy
noun
noun: copy; plural noun: copies
1. a thing made to be similar or identical to another.

verb
verb: copy; 3rd person present: copies; past tense: copied; past participle: copied; gerund or present participle: copying

1. make a similar or identical version of; reproduce.

 

[Malneb]

Data is not safe when its read only. You can see in this basic example that its possible to copy data from a read only file and then transfer it over to a new file. Sorry for the quality this computer is a peanut.

This is a staggering issue because some files and formats are on a basic level have a degree of safeness to them by being read only but past that is shows that all data is subject to being copied if you know how. Some data needs more extreme methods to copy in this fashion.

Like what i mean is that there is actually some formats that are kind of locked down in read only mode but as soon as you copy it away from its source its no longer just readable data.

I just copied, wrote and duplicated data here.

 

[townsbg]

Jokes aside, no. I get that computers are a simplified version of human intellect with varied results according to the wonders of artificiality. But we humans behave according to moral principles. Computers are given no morality (or are we just screwed too deep into computers so we have lost it, forgot about it?). That's how it is.

Anyway this is a whole different discussion and I'm honestly getting tired of it.
What remains is that, even in dictionaries, read and copy are different words.
If one implies the other, it means who reads is a thief.

Computers don't follow those standard definitions. Anyone that has read access has copy access and can bypass any other permissions on a different volume or even another file name. This isn't just Windows but also Mac and Linux. Windows actually has more complicated permissions than the other 2 systems but they don't prevent copying files. I did find a file server system that includes the ability to prohibit copying and if I'm reading the website correctly they sell usb drives with such protection. I don't know how much they cost or how hard they are to get or use. You might look into it. SecuData.co.uk - Real USB Security I can't help you any further than that.