What Is on-The-Fly Encryption?

On-the-fly encryption is a method of securing data on a computer storage device in a way that allows the information to remain accessible to a verified user but protected on the drive itself. The hallmark of an on-the-fly encryption scheme is that information is read and written while encoded, so at no point is any information that is stored on the drive not protected and encrypted. The encryption methods and algorithms used for on-the-fly encryption must be very fast and completely automatic so \a user does not need to do anything more than provide some type of authentication to use the encrypted drive and files. In general, a drive that is protected in this way must use special system drivers for access to the data, meaning that some on-the-fly encryption software is not necessarily portable from one system to another unless the software is installed in advance. Most often, encryption that is defined as on-the-fly is used in cases in which the storage medium is removable, portable or can otherwise be accessed or stolen at any point, requiring that data be stored encrypted at all times.

In computer security, encryption means taking otherwise normal data or files and processing them in a way so the information, and potentially the name of the file itself, becomes unreadable and unusable to a person who does not have a key or password that can decrypt the data. There are many types of encryption algorithms, some of which take a fair amount of time to execute on large files. The process of on-the-fly encryption uses real-time encryption algorithms to encrypt and decrypt a file as it is being accessed.

When on-the-fly encryption is in effect and a user wants to load and change a file, the first thing that occurs is that the file is read and quickly decrypted from the physical storage media. The decoded file is not written to any permanent location but, instead, is stored in random access memory (RAM). Once the user is done with the file, changes are passed back to the encryption software and the software will write it directly to the storage medium as an encrypted file. The only time the unencrypted information is exposed is while it is held in RAM.

In addition to encrypting files and directories, on-the-fly encryption also can be used to encrypt an entire disk and its filesystem. This means something such as a thumb drive could be rendered completely inaccessible to someone who does not have the correct software and keys installed to view it. Some very secure on-the-fly encryption setups — such as a security card, special removable media key or an actual cryptographic processor chip inside of the computer — being used actually can require physical authentication to work.