Certain application programs (e.g., backup daemons, file directory management programs, etc.) running on a computing device may need to read from, and write to, both insecure and secure storage areas. Such storage areas may be local or remote to the computing device. This can create complications since some security mechanisms may prevent non-secure applications from accessing files in the secure storage area (e.g., reading from, writing to, moving, etc.).
To deal with this and/or other similar issues, techniques can be used to selectively decrypt files based on the requesting application. For example, encrypted files can be stored in a secure file storage area that monitors access requests to the encrypted files to determine whether to decrypt part or all of a file associated with the access request (e.g., by determining whether the accessing program is authorized to access the associated file). If the secure file storage area determines that the device is authorized to view the encrypted file, the secure file storage area can decrypt the file and return the unencrypted file to the requesting program. However, if the device is not authorized to view the encrypted file, the secure file storage area can return the encrypted version of the file.
However, such secure file storage areas are often configured to encrypt each new write request regardless of whether the underlying file is encrypted (or not). For example, if a secure file storage area returns an encrypted file to a requesting program and the requesting program subsequently copies the encrypted file back to the secure file storage area, the secure file storage area may again encrypt the already-encrypted file, resulting in a file that cannot be decrypted since the secure file storage area is not aware of the initial level of encryption.