Fortanix-Data-Security-Manager (DSM) provides a Filesystem Encryption (FSE) solution for Windows, built on the open-source cppcryptfs and the Dokany framework. Dokany allows non-privileged users to create file systems in user space without kernel modifications, enabling seamless encryption and decryption of file data through Fortanix FSE agents. These agents operate as daemons, managing input and output operations transparently using the Dokany driver, enforcing access policies, and ensuring compatibility with existing applications without requiring changes.
The encryption process involves Fortanix DSM securely managing the Master Key and Key Encryption Key (KEK). During initialization, the Master Key is encrypted with the KEK and stored in DSM. When the filesystem is mounted, the FSE agent retrieves and decrypts the Master Key to derive a Content Encryption Key for file contents and an optional File Name Encryption Key for filenames (if the ciphertexnames feature is enabled). With audit logging, Quorum policies, and Rego-based access policies, DSM ensures robust, fine-grained security and control for encrypted filesystems on Windows.
For more details on how to install and configure Filesystem Encryption on Windows, refer to Filesystem Encryption for Windows as a Service Using Fortanix Data Security Manager - Setup and Usage guide.