Open the binary drawing
Hi,
We were recently working on a feature to read encrypted binary data from our server, decrypt it in memory, and then open this drawing. We don't want drawings to appear on users' disks because we don't want to leak our precious drawings. Is this solution feasible, or do you have any valuable suggestions? Our aim is not to let the drawings leak so easily.
I would appreciate any help.
Best Regards,
William.
/////////////////////////////////////////
Hi William, Owen,
Thank you for your report/update.
@William:
As it was mentioned internally by the development team (Owen Wengerd), the Open Design Alliance (ODA) has an API OdDbDatabase::readFile(OdStreamBuf*) that can read from a memory stream, but that is is not exposed in ARX or BRX.
I cannot say if the solution is feasible or not, it is probably necessary, but it could introduce various additional actions: using an updated program on each computer of your company, maybe the drawings will be more difficult to open (especially large drawings). It is your option. Maybe it would be simpler to use a program with password archiving, like WinRar?
About AutoCAD side, I see on:
www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Password-protection-feature-in-AutoCAD.html
"The ability to password encrypt drawing files is no longer available since AutoCAD 2016 and therefore not available in newer versions.
Causes:
The Password Protection feature was added in AutoCAD 2004 using RC4 Encryption which is very weak.
Per Wikipedia, Microsoft recommends disabling RC4 where possible. Therefore with AutoCAD 2016 and newer the ability to encrypt AutoCAD drawings with password protection was removed as is noted in the AutoCAD 2015.
Help documentation : About Passwords and Encryption
Important: The ability to add a password to a drawing will be removed in the next release because it does not meet contemporary security standards. You will continue to be able to open password-protected files.
Solution:
Use a third-party archiving utility to encrypt the file using Zip, RAR or a similar archiving format which incorporates higher levels of encryption.
Note: When opening an encrypted file in AutoCAD 2016 and newer, the user will be prompted for a password if it exists. The password will then be removed once the file is saved. If one opens the file in AutoCAD 2015 through 2004, the password will be available."
I am not sure if there are plans to further implement/provide BRX functionality to encrypt/decrypt dwg files, unlike AutoCAD, I am going to register this as a Feature request.
If the development team will implement solution/s in a future release, this support request number and/or a related fix resolution/description will be mentioned in the accompanying release notes.
Kind regards,
Eugen
We were recently working on a feature to read encrypted binary data from our server, decrypt it in memory, and then open this drawing. We don't want drawings to appear on users' disks because we don't want to leak our precious drawings. Is this solution feasible, or do you have any valuable suggestions? Our aim is not to let the drawings leak so easily.
I would appreciate any help.
Best Regards,
William.
/////////////////////////////////////////
Hi William, Owen,
Thank you for your report/update.
@William:
As it was mentioned internally by the development team (Owen Wengerd), the Open Design Alliance (ODA) has an API OdDbDatabase::readFile(OdStreamBuf*) that can read from a memory stream, but that is is not exposed in ARX or BRX.
I cannot say if the solution is feasible or not, it is probably necessary, but it could introduce various additional actions: using an updated program on each computer of your company, maybe the drawings will be more difficult to open (especially large drawings). It is your option. Maybe it would be simpler to use a program with password archiving, like WinRar?
About AutoCAD side, I see on:
www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Password-protection-feature-in-AutoCAD.html
"The ability to password encrypt drawing files is no longer available since AutoCAD 2016 and therefore not available in newer versions.
Causes:
The Password Protection feature was added in AutoCAD 2004 using RC4 Encryption which is very weak.
Per Wikipedia, Microsoft recommends disabling RC4 where possible. Therefore with AutoCAD 2016 and newer the ability to encrypt AutoCAD drawings with password protection was removed as is noted in the AutoCAD 2015.
Help documentation : About Passwords and Encryption
Important: The ability to add a password to a drawing will be removed in the next release because it does not meet contemporary security standards. You will continue to be able to open password-protected files.
Solution:
Use a third-party archiving utility to encrypt the file using Zip, RAR or a similar archiving format which incorporates higher levels of encryption.
Note: When opening an encrypted file in AutoCAD 2016 and newer, the user will be prompted for a password if it exists. The password will then be removed once the file is saved. If one opens the file in AutoCAD 2015 through 2004, the password will be available."
I am not sure if there are plans to further implement/provide BRX functionality to encrypt/decrypt dwg files, unlike AutoCAD, I am going to register this as a Feature request.
If the development team will implement solution/s in a future release, this support request number and/or a related fix resolution/description will be mentioned in the accompanying release notes.
Kind regards,
Eugen
0
Comments
-
I always thought this would be a cool feature. I have a routine where I store DWG files (Blocks) in an SQL database. It would be so much easier to stream in a buffer than write it to a temp file and then insert it.
However, I think what you’re trying to do would be very difficult because you would have to disable so many features. For example, commands, SaveAS, WBlock, Export .etc. You’d also have to disable all the autosave .bak stuff. Someone with scripting skills would be able to dump the file outside a command context. It may be more practical to send a password protected PDF
edit:
BTW, I’ve mixed .TX and BRX before. It works, but it’s a header nightmare, I used a static library for ODA stuff. This might be a scenario where C++20 modules would save the day
0 -
Where I worked PC's had the USB's turned off for saving. So the pocket theft could not happen.0
