Protecting Data Files Using the Sentinel LDK Data Protection Facility

The Sentinel LDK Data Protection facility is used to protect and access valuable data files.

The Data Protection facility consists of the following components:

>Sentinel LDK Data Protection utility

This utility is used to protect data files that will be delivered together with a protected application or as separate files. The utility can be invoked from within Envelope (under Windows and Mac) or as a standalone application. The utility does the following:

The utility encrypts the data file. Once encrypted, the file can only be accessed by one of the modules described below.

The utility optionally assigns a Feature ID to the data file. If this is done, the data file can only be accessed if an appropriate protection key is available.

The utility is available as a GUI-based application (for Windows and Mac) or as the command-line utility dfcrypt (for Windows and Linux).

>Data File Protection module

This module is (optionally) inserted into the protected application by Sentinel LDK Envelope. This enables the protected application to encrypt and decrypt data as the data is written to or read from a protected data file.

A protected application with the Data File Protection module can work with both protected data files and regular data files.

Both the Sentinel LDK Data Protection utility and the Data File Protection plugin provide two distinct modes of operation:

>Version 1 (previously DataHASP)

Version 1 is supported for data files to be accessed under Windows, .NET (Windows shell), or Mac.

In this mode, data files that are created by or accessed by a protected application can be encrypted. As part of the protection process for the application, you enter the specific names or naming filters for protected data files that will be accessed or created by the protected application.

If you want to deliver protected data files together with the protected application, you can use the Sentinel LDK Data Protection utility to encrypt these files.

>Version 2

Version 2 is supported for data files to be accessed under Windows, .NET (Windows shell), or Linux (Intel or ARM).

In this mode, you can both encrypt and license data files with the Sentinel LDK Data Protection utility. Each protected data file is assigned a specific Feature ID. To access the data file, the end user requires a protection key with a license for the relevant Product. The data file can be accessed and modified by a protected application with the Data File Protection module (Version 2). The application and the data file must be protected with the same Batch Code.

With Version 2 mode, the protected application cannot create a new protected data file. However, you can manually create an empty data file and protect it with the Sentinel LDK Data Protection utility, and then provide the data file with the protected application. The protected application can then add content to the file.

NOTE   Under Linux, files protected with Version 2 data protection mode are read-only in the current release.

For protected data files that are accessed using a protected application, the locking type for the data files is identical to the locking type for the application.

NOTE   A given application can only work with one of the two modes of operation.

Within a given Envelope project, you cannot include both applications that use Version 1 data protection mode and applications that use Version 2 data protection mode.

The following table summarizes the differences between the two modes:

Functionality Version 1 Version 2
Supported platforms Windows, .NET (Windows shell), Mac Windows, .NET (Windows shell), Linux (Intel or ARM)
Protected data file is encrypted. Yes Yes
Protected data file can be assigned a Feature ID. The user requires a license in order to access the file. No Yes
Protected data files can be created by the protected application. Yes No
Protected data file can be accessed by the protected application. Yes Yes
Protected data file can be modified by the protected application. Yes Yes (Windows)
No (Linux)
Data encryption key Encryption key can be specified in Envelope. Encryption key is determined by the Feature ID or can be specified using the dfcrypt utility.

For information on using the Sentinel LDK Data Protection utility, refer to the online help provided in the utility.

Related Topics

Protection Details

Defining Windows Program Protection Details

Defining .NET Assembly Protection Details

Windows Default Protection Settings Screen

Working with Programs