In a previous post (http://mobilitydojo.net/2008/09/16/windows-mobile-61-how-do-i-encrypt-my-device/) I explained some details regarding encryption of files on Windows Mobile, and I also presented a tool designed to aid in troubleshooting/testing device encryption. I added a few disclaimers regarding known issues with the utility called DojoCrypt though. I have now gotten around to actually do something about some of those shortcomings, and upgraded version number to 1.0 in the hope that it deserves the status 
This new version includes a “Check File”-tab where you can test the encryption status of a file. (This is functionality previously found in CheckEncryption.exe which I haven’t really published here, only linked to over at the SCMDM forums. But I have fixed file browsing this time.) This feature is “stand-alone” in the sense that you don’t need to use DojoCrypt’s encryption to test the file. This might come in handy if you are applying include/exclude filters from SCMDM, (or other MDM solutions using the built-in encryption in Windows Mobile), and want to check that you’ve set it correctly. Including folders, and excluding subfolders requires you to be very sure you’ve typed it correctly.
Also the program will now list your current inclusions/exclusions at startup as that was sort of a showstopper previously. There’s also some minor code changes. (And hey, I even made a shortcut on your “Programs”-menu.)
And here’s the interactive part of this post; I am still only releasing a version for WM Professional. I can probably produce a version for WM Standard as well, but I don’t know if there is a demand for it. If nobody is using this utility I’m ok with that, but then it would not make sense to put another version high up on my to-do list. So it’s up to you. Let me know if you are interested in a version for Standard, and I’ll see what I can do
Here’s the download link:
http://mobilitydojo.net/files/DojoCrypt_10.cab
This is a great stand alone tool for testing device encryption. Works great on 6.1 Pro, but unfortunately not on 6.1 Standard. Any plans for stand alone client for Standard?
So yes, I’m obviously interested in a Standard version.
The core functionality should be similar on Pro and Standard, but there’s obviously some differences in the UI.
I’ll see if I can get around to coding a version for Standard as well when time permits
*bump*
Any news on a version for WM6.1 Standard?
Well, I was looking at porting it to WM Standard. But I ran into another issue holding me back (on both Pro and Std). I wanted to include encryption of memory cards as well, but the provisioning I use isn’t working on removable media (a limitation of the file system). Haven’t quite figured out how to get past that.
Other than that there never really was a great demand for a Standard version (the Pro version gets a download every now and then but nothing spectacular in those numbers either).
If I don’t include encryption of memory cards a port could probably be done in a short amount of time.
Andreas,
I’m intrigued by what you have developed & it is indeed a very useful tool to enable the feature I’ve been looking for. Since this can be achieved using XML provisioning, could you advise me on what the XML file should contain in order to activate it in WM 6.x Standard devices? Thanks!
Yes, it is indeed performed by creating “standard” provisioning xml. For some examples of how it looks check out this link:
http://msdn.microsoft.com/en-us/library/cc563008(v=MSDN.10).aspx
Thanks! That worked great. Now to figure out the inclusion list & how to query the EncryptList. Would be excellent if you released a version for Standard/non-touch screen devices.
Andreas, I tested the manual XML provisioning method & managed to add new files/folders to the inclusion/exclusion list. However, when checking the status of the files in those included folders using DojoCrypt, I discovered that they show up as unencrypted even when I’ve specifically included those files in the specific folders. Is there a known limitation with inclusion paths for storage cards?
The inclusion/exclusion list isn’t necessarily intuitive at first
I never got around to the Standard version, as you can already tell, partly due to the what you have already learned about encrypting the storage card. The storage card and it’s contents have “Removable” set as an attribute on the folder (since the storage card is classified as a special folder). Files that have this attribute cannot be encrypted, and thus it is not possible to use this same mechanism for encrypting storage cards unless one finds a way to remove said attribute. It might be device specific if the OEM has set this attribute, and for the cases where it’s set I have not found a clean way to remove it. It’s not there just to create a head-ache for us admins of course – if a file is in the process of being encrypted (which the user is not able to tell) and the card is removed you’ll most likely see corruption as a result. So, to encrypt storage cards you need to set the encryption policy for storage cards (which is a separate csp). But that mechanism has other drawbacks, so my unofficial conclusion has been that there is no good way to ensure proper encryption of storage cards in the current Windows Mobile OS. (I don’t think this will change in the first Windows Phone 7 release either.)
Andreas, would it be possible to still develop a WM Standard version of DojoCrypt without the said Storage Card integration? I think I might have another solution for storage card encryption without using the inbuilt feature as I think storing the files in it’s original file name is not a good approach for storage card encryption.
Having a UI to check the status of the device encryption along with the respective files to be encrypted will be a great advantage & major step forward…short of releasing the source code for DojoCrypt.
Well, that’s sort of a both yes and no kind of answer to that question
It would of course be possible to release a version without encryption of storage card – after all it’s not working in the current release for WM Pro either. (I don’t think I’ll pursue a hackish approach to encrypting the storage card.)
The issue is that the current file browser I use in the app (so you can select files instead of typing the entire path and filename) only works on WM Pro. I have not made this myself, so I do not know right off the bat if there is something available for WM Standard (short of coding a new one). Building a version without the file browser shouldn’t take too long, but it would of course be less user friendly.
Andreas, wouldn’t it be possible to programatically call the system’s default file browser to browse for files/folders to include/exclude for encryption? That way, it does not matter which version of WM DojoCrypt is being installed on & it will eliminate possible conflicts with other system hacks enabled by the end-user. Just a thought…
Sorry for the late reply – got derailed with some other things.
I can call the regular explorer, but the problem is that I am not aware of a way of getting any “returns” from it so I don’t know what the user chose
But thinking about it – with the performance you get on a regular device I hardly ever use inclusions/exclusions. So for my purposes a simple on/off switch would be enough. Except the system files all contents are encrypted by default, and as long as you don’t have enough space to store a ton of mp3s on the device memory you don’t need exclusions for file types either.
So it boils down to the CheckEncryption feature actually being the one place you “need” the file browser…hmm…
Andreas, no probs!
I’m on vacation with my family so I’ve got limited internet access.
It’s actually the CheckEncryption feature that I find really important because other than DojoCrypt, I cannot really verify the status of the deafault encrypted contents & other custom defined inclusion list that I’ve set via XML provisioning.
I really appreciate that you keep the conversation going.
Andreas, am I hopeful for a WM Standard release of DojoCrypt? Any ETA? Thanks!
I have started a new project in the current Visual Studio solution, which I guess you could call a start
I’ll have to evaluate how I will solve the “file browser”-challenge though, so I’m not making any guarantees or ETAs at the present. All the core code (simple as it is) can be reused so it’s just the interface bits I need to sort out.
Andreas,
That’s great news, even for a start!
Hope that you overcome the one key challenge quickly so that we can see the WM-Standard version soon.
Andreas,
How’s the “file-browser” challenge coming along?
I would like to test it for you with the different handsets I have.
Hope to hear some good news from you.
Well, you are in luck today
I was on vacation last week, and didn’t do much coding, but I sat down for a couple of hours yesterday and today and did some actual work.
I’ll put up a new blog post, and publish it “proper” later today, but in the meantime you can download it here:
http://mobilitydojo.net/files/DojoCrypt_Std.cab
As you’ll see there are currently no option to add inclusions/exclusions. Only enable encryption, and check the file. And I also had to split selection of files and folders into separate menu choices.
If you hit an exception when you try to apply the encryption it means your device is in two-tier mode or locked down in some other way preventing my app from accessing the encryption settings.
It seems you might also get an exception when exiting the app – currently I have no idea why.
But feel free to give it a go while I do my QA, and write a short little user guide.
Andreas,
That great! Will give it a try now.
Thanks!
Andreas,
I installed the file on a WM6.5Std ROM. After enabling DE & rebooting, I checked for pim.vol & DojoCrypt says pim.vol: Unencrypted.
I checked My Documents folder & the same outcome.
DE is definitely enabled as DojoCrypt reponded with “Device is already encrypted.” when I select Apply.
I don’t know what’s wrong.
Thanks for taking the time to do this.
Will feedback as I continue to test it.
I noticed that myself while testing – if I check a specific file under “\My Documents\My Pictures” it’s reported as encrypted, but if I choose the folder it says unencrypted. Most likely something wrong in how I handle the full path name. While pim.vol is a file there could be something similar – going over my code as we speak
Andreas,
A quick update, it appears the problem was with the WM6.5Std ROM on my device. Another device with WM6.1Std worked as expected.
PIM.vol checked out properly & so did the contents of My Documents.
However, I discovered that on both devices, when I hit Exit, I will encounter an unexpected error. Clicking on Details brings me to another page entitled:
Error
DojoCrypt.exe
ObjectDisposedException
at
Microsoft.AGL.Common.MISC.HandleAR(PAL_ERROR ar
at….(too long to type it out)
Any clue what this might be?
I’m probably trying to exit the application before I have properly disposed of all objects in memory. Trying to add a couple of extra exception handling to prevent this.
Did a couple bug fixes, wrote the post, and now it should be online for everyone
Andreas,
Thanks for working out the bugs!
Now, I can exit DojoCrypt without any error exceptions.
I’ll be posting my comments at the new post from here on.