Add HTML documentation.
51
doc/html/AES.html
Normal file
@ -0,0 +1,51 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Encryption%20Algorithms.html">Encryption Algorithms</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="AES.html">AES</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>AES</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm (Rijndael, designed by Joan Daemen and Vincent Rijmen, published in 1998) that may be used by US federal departments and agencies to cryptographically protect sensitive
|
||||
information [3]. VeraCrypt uses AES with 14 rounds and a 256-bit key (i.e., AES-256, published in 2001) operating in
|
||||
<a href="Modes%20of%20Operation.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
XTS mode</a> (see the section <a href="Modes%20of%20Operation.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Modes of Operation</a>).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
In June 2003, after the NSA (US National Security Agency) conducted a review and analysis of AES, the U.S. CNSS (Committee on National Security Systems) announced in [1] that the design and strength of AES-256 (and AES-192) are sufficient to protect classified
|
||||
information up to the Top Secret level. This is applicable to all U.S. Government Departments or Agencies that are considering the acquisition or use of products incorporating the Advanced Encryption Standard (AES) to satisfy Information Assurance requirements
|
||||
associated with the protection of national security systems and/or national security information [1].</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<a href="Camellia.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
58
doc/html/Acknowledgements.html
Normal file
@ -0,0 +1,58 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Acknowledgements.html">Acknowledgements</a>
|
||||
</p></div>
|
||||
<div class="wikidoc">
|
||||
<div>
|
||||
<h1>Acknowledgements</h1>
|
||||
<p>We would like to thank the following people:</p>
|
||||
<p>The TrueCrypt Developers team who have done an amazing job over the course of 10 years. Without their hard work, VeraCrypt would not exist today.</p>
|
||||
<p>Paul Le Roux for making his E4M source code available. TrueCrypt 1.0 was derived from E4M and some parts of the E4M source code are still incorporated in the latest version of the TrueCrypt source code.</p>
|
||||
<p>Brian Gladman, who wrote the excellent AES, Twofish, and SHA-512 routines.</p>
|
||||
<p>Peter Gutmann for his paper on random numbers, and for creating his cryptlib, which was the source of parts of the random number generator source code.</p>
|
||||
<p>Wei Dai, who wrote the Serpent and RIPEMD-160 and Whirlpool routines.</p>
|
||||
<p>Tom St Denis, the author of LibTomCrypt which includes compact SHA-256 routines.</p>
|
||||
<p>Mark Adler and Jean-loup Gailly, who wrote the zlib library.</p>
|
||||
<p>The designers of the encryption algorithms, hash algorithms, and the mode of operation:</p>
|
||||
<p>Horst Feistel, Don Coppersmith, Walt Tuchmann, Lars Knudsen, Ross Anderson, Eli Biham, Bruce Schneier, David Wagner, John Kelsey, Niels Ferguson, Doug Whiting, Chris Hall, Joan Daemen, Vincent Rijmen, Carlisle Adams, Stafford Tavares, Phillip Rogaway, Hans
|
||||
Dobbertin, Antoon Bosselaers, Bart Preneel, Paulo S. L. M. Barreto.</p>
|
||||
<p>Andreas Becker for designing VeraCrypt logo and icons.</p>
|
||||
<p>Xavier de Carné de Carnavalet who proposed a speed optimization for PBKDF2 that reduced mount/boot time by half.</p>
|
||||
<p>kerukuro for cppcrypto library (http://cppcrypto.sourceforge.net/) from which Kuznyechik cipher implementation was taken.</p>
|
||||
<p><br>
|
||||
Dieter Baron and Thomas Klausner who wrote the libzip library.</p>
|
||||
<p><br>
|
||||
Jack Lloyd who wrote the SIMD optimized Serpent implementation.</p>
|
||||
<p>All the others who have made this project possible, all who have morally supported us, and all who sent us bug reports or suggestions for improvements.</p>
|
||||
<p>Thank you very much.</p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
@ -0,0 +1,52 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Additional%20Security%20Requirements%20and%20Precautions.html">Additional Security Requirements and Precautions</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<div>
|
||||
<h1>Additional Security Requirements and Precautions</h1>
|
||||
<p>In addition to the requirements and precautions described in this chapter (<a href="Security%20Requirements%20and%20Precautions.html"><em>Security Requirements and Precautions</em></a>), you must follow and keep in
|
||||
mind the security requirements, precautions, and limitations listed in the following chapters and sections:</p>
|
||||
<ul>
|
||||
<li><a href="How%20to%20Back%20Up%20Securely.html"><em><strong>How to Back Up Securely</strong></em></a>
|
||||
</li><li><a href="Issues%20and%20Limitations.html"><em><strong>Limitations</strong></em></a>
|
||||
</li><li><a href="Security%20Model.html"><em><strong>Security Model</strong></em></a>
|
||||
</li><li><a href="Security%20Requirements%20for%20Hidden%20Volumes.html"><em><strong>Security Requirements and Precautions Pertaining to Hidden Volumes</strong></em></a>
|
||||
</li><li><a href="Plausible%20Deniability.html"><em><strong>Plausible Deniability</strong></em></a>
|
||||
</li></ul>
|
||||
<p>See also: <a href="Digital%20Signatures.html">
|
||||
<em>Digital Signatures</em></a></p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
49
doc/html/Authenticity and Integrity.html
Normal file
@ -0,0 +1,49 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Authenticity%20and%20Integrity.html">Authenticity and Integrity</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<div>
|
||||
<h1>Authenticity and Integrity</h1>
|
||||
<p>VeraCrypt uses encryption to preserve the <em>confidentiality</em> of data it encrypts. VeraCrypt neither preserves nor verifies the integrity or authenticity of data it encrypts or decrypts. Hence, if you allow an adversary to modify data encrypted by VeraCrypt,
|
||||
he can set the value of any 16-byte block of the data to a random value or to a previous value, which he was able to obtain in the past. Note that the adversary cannot choose the value that you will obtain when VeraCrypt decrypts the modified block —
|
||||
the value will be random — unless the attacker restores an older version of the encrypted block, which he was able to obtain in the past. It is your responsibility to verify the integrity and authenticity of data encrypted or decrypted by VeraCrypt (for
|
||||
example, by using appropriate third-party software).<br>
|
||||
<br>
|
||||
See also: <a href="Physical%20Security.html">
|
||||
<em>Physical Security</em></a>, <a href="Security%20Model.html">
|
||||
<em>Security Model</em></a></p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
42
doc/html/Authors.html
Normal file
@ -0,0 +1,42 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="VeraCrypt%20Volume.html">VeraCrypt Volume</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h2>Authors</h2>
|
||||
<p>Mounir IDRASSI (<a href="https://www.idrix.fr" target="_blank">IDRIX</a>, <a href="https://fr.linkedin.com/in/idrassi" target="_blank">
|
||||
https://fr.linkedin.com/in/idrassi</a>) is the creator and main developer of VeraCrypt. He managed all development and deployment aspects on all supported platforms (Windows,Linux and OSX).</p>
|
||||
<p>Alex Kolotnikov (<a href="https://ru.linkedin.com/in/alex-kolotnikov-6625568b" target="_blank">https://ru.linkedin.com/in/alex-kolotnikov-6625568b</a>) is the author of VeraCrypt EFI bootloader. He manages all aspects of EFI support and his strong expertise
|
||||
helps bring new exciting features to VeraCrypt Windows system encryption.</p>
|
||||
<p> </p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
207
doc/html/Beginner's Tutorial.html
Normal file
@ -0,0 +1,207 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Beginner's%20Tutorial.html">Beginner's Tutorial</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Beginner's Tutorial</h1>
|
||||
<h2>How to Create and Use a VeraCrypt Container</h2>
|
||||
<p>This chapter contains step-by-step instructions on how to create, mount, and use a VeraCrypt volume. We strongly recommend that you also read the other sections of this manual, as they contain important information.</p>
|
||||
<h4>STEP 1:</h4>
|
||||
<p>If you have not done so, download and install VeraCrypt. Then launch VeraCrypt by double-clicking the file VeraCrypt.exe or by clicking the VeraCrypt shortcut in your Windows Start menu.</p>
|
||||
<h4>STEP 2:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_001.jpg" alt="" width="579" height="498"><br>
|
||||
<br>
|
||||
The main VeraCrypt window should appear. Click <strong>Create Volume </strong>(marked with a red rectangle for clarity).</p>
|
||||
<h4>STEP 3:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_002.jpg" alt="" width="616" height="410"><br>
|
||||
<br>
|
||||
The VeraCrypt Volume Creation Wizard window should appear.<br>
|
||||
<br>
|
||||
In this step you need to choose where you wish the VeraCrypt volume to be created. A VeraCrypt volume can reside in a file, which is also called container, in a partition or drive. In this tutorial, we will choose the first option and create a VeraCrypt volume
|
||||
within a file.<br>
|
||||
<br>
|
||||
As the option is selected by default, you can just click <strong>Next</strong>.</p>
|
||||
<p>Note: In the following steps, the screenshots will show only the right-hand part of the Wizard window.</p>
|
||||
<h4>STEP 4:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_003.jpg" alt="" width="371" height="333"><br>
|
||||
<br>
|
||||
In this step you need to choose whether to create a standard or hidden VeraCrypt volume. In this tutorial, we will choose the former option and create a standard VeraCrypt volume.<br>
|
||||
<br>
|
||||
As the option is selected by default, you can just click <strong>Next</strong>.</p>
|
||||
<h4>STEP 5:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_004.jpg" alt="" width="363" height="336"><br>
|
||||
<br>
|
||||
In this step you have to specify where you wish the VeraCrypt volume (file container) to be created. Note that a VeraCrypt container is just like any normal file. It can be, for example, moved or deleted as any normal file. It also needs a filename, which you
|
||||
will choose in the next step.<br>
|
||||
<br>
|
||||
Click <strong>Select File</strong>.<br>
|
||||
<br>
|
||||
The standard Windows file selector should appear (while the window of the VeraCrypt Volume Creation Wizard remains open in the background).</p>
|
||||
<h4>STEP 6:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_005.jpg" alt="" width="720" height="452"><br>
|
||||
<br>
|
||||
In this tutorial, we will create our VeraCrypt volume in the folder F<em>:\Data\ </em>
|
||||
and the filename of the volume (container) will be <em>My Volume </em>(as can be seen in the screenshot above). You may, of course, choose any other filename and location you like (for example, on a USB memory stick). Note that the file
|
||||
<em>My Volume </em>does not exist yet – VeraCrypt will create it.</p>
|
||||
<p>IMPORTANT: Note that VeraCrypt will <em>not </em>encrypt any existing files (when creating a VeraCrypt file container). If you select an existing file in this step, it will be overwritten and replaced by the newly created volume (so the overwritten file
|
||||
will be <em>lost</em>, <em>not </em>encrypted). You will be able to encrypt existing files (later on) by moving them to the VeraCrypt volume that we are creating now.*</p>
|
||||
<p>Select the desired path (where you wish the container to be created) in the file selector. Type the desired container file name in the
|
||||
<strong>Filename </strong>box.<br>
|
||||
<br>
|
||||
Click <strong>Save</strong>.<br>
|
||||
<br>
|
||||
The file selector window should disappear.<br>
|
||||
<br>
|
||||
In the following steps, we will return to the VeraCrypt Volume Creation Wizard.</p>
|
||||
<p>* Note that after you copy existing unencrypted files to a VeraCrypt volume, you should securely erase (wipe) the original unencrypted files. There are software tools that can be used for the purpose of secure erasure (many of them are free).</p>
|
||||
<h4>STEP 7:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_007.jpg" alt="" width="360" height="335"><br>
|
||||
<br>
|
||||
In the Volume Creation Wizard window, click <strong>Next</strong>.</p>
|
||||
<h4>STEP 8:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_008.jpg" alt="" width="359" height="331"><br>
|
||||
<br>
|
||||
Here you can choose an encryption algorithm and a hash algorithm for the volume. If you are not sure what to select here, you can use the default settings and click
|
||||
<strong>Next </strong>(for more information, see chapters <a href="Encryption Algorithms.html">
|
||||
<em>Encryption Algorithms</em></a> and <a href="Hash%20Algorithms.html">
|
||||
<em>Hash Algorithms</em></a>).</p>
|
||||
<h4>STEP 9:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_009.jpg" alt="" width="369" height="332"><br>
|
||||
<br>
|
||||
Here we specify that we wish the size of our VeraCrypt container to be 250 megabyte. You may, of course, specify a different size. After you type the desired size in the input field (marked with a red rectangle), click
|
||||
<strong>Next</strong>.</p>
|
||||
<h4>STEP 10:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_010.jpg" alt="" width="372" height="368"><br>
|
||||
<br>
|
||||
This is one of the most important steps. Here you have to choose a good volume password. Read carefully the information displayed in the Wizard window about what is considered a good password.<br>
|
||||
<br>
|
||||
After you choose a good password, type it in the first input field. Then re-type it in the input field below the first one and click
|
||||
<strong>Next</strong>.</p>
|
||||
<p>Note: The button <strong>Next </strong>will be disabled until passwords in both input fields are the same.</p>
|
||||
<h4>STEP 11:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_011.jpg" alt="" width="365" height="368"><br>
|
||||
<br>
|
||||
Move your mouse as randomly as possible within the Volume Creation Wizard window at least until the randomness indicator becomes green. The longer you move the mouse, the better (moving the mouse for at least 30 seconds is recommended). This significantly increases
|
||||
the cryptographic strength of the encryption keys (which increases security).<br>
|
||||
<br>
|
||||
Click <strong>Format</strong>.<br>
|
||||
<br>
|
||||
Volume creation should begin. VeraCrypt will now create a file called <em>My Volume
|
||||
</em>in the folder F<em>:\Data\ </em>(as we specified in Step 6). This file will be a VeraCrypt container (it will contain the encrypted VeraCrypt volume). Depending on the size of the volume, the volume creation may take a long time. After it finishes, the
|
||||
following dialog box will appear:<br>
|
||||
<br>
|
||||
<img src="Beginner's Tutorial_Image_012.jpg" alt="" width="398" height="171"><br>
|
||||
<br>
|
||||
Click <strong>OK </strong>to close the dialog box.</p>
|
||||
<h4>STEP 12:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_013.jpg" alt="" width="361" height="333"><br>
|
||||
<br>
|
||||
We have just successfully created a VeraCrypt volume (file container). In the VeraCrypt Volume Creation Wizard window, click
|
||||
<strong>Exit</strong>.<br>
|
||||
<br>
|
||||
The Wizard window should disappear.<br>
|
||||
<br>
|
||||
In the remaining steps, we will mount the volume we just created. We will return to the main VeraCrypt window (which should still be open, but if it is not, repeat Step 1 to launch VeraCrypt and then continue from Step 13.)</p>
|
||||
<h4>STEP 13:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_014.jpg" alt="" width="579" height="498"><br>
|
||||
<br>
|
||||
Select a drive letter from the list (marked with a red rectangle). This will be the drive letter to which the VeraCrypt container will be mounted.<br>
|
||||
<br>
|
||||
Note: In this tutorial, we chose the drive letter M, but you may of course choose any other available drive letter.</p>
|
||||
<h4>STEP 14:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_015.jpg" alt="" width="579" height="498"><br>
|
||||
<br>
|
||||
Click <strong>Select File</strong>.<br>
|
||||
<br>
|
||||
The standard file selector window should appear.</p>
|
||||
<h4>STEP 15:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_016.jpg" alt="" width="625" height="453"><br>
|
||||
<br>
|
||||
In the file selector, browse to the container file (which we created in Steps 6-12) and select it. Click
|
||||
<strong>Open </strong>(in the file selector window).<br>
|
||||
<br>
|
||||
The file selector window should disappear.<br>
|
||||
<br>
|
||||
In the following steps, we will return to the main VeraCrypt window.</p>
|
||||
<h4>STEP 16:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_017.jpg" alt="" width="579" height="498"><br>
|
||||
<br>
|
||||
In the main VeraCrypt window, click <strong>Mount</strong>. Password prompt dialog window should appear.</p>
|
||||
<h4>STEP 17:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_018.jpg" alt="" width="499" height="205"><br>
|
||||
<br>
|
||||
Type the password (which you specified in Step 10) in the password input field (marked with a red rectangle).</p>
|
||||
<h4>STEP 18:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_019.jpg" alt="" width="499" height="205"><br>
|
||||
<br>
|
||||
Select the PRF algorithm that was used during the creation of the volume (SHA-512 is the default PRF used by VeraCrypt). If you don’t remember which PRF was used, just leave it set to “autodetection” but the mounting process will take more
|
||||
time. Click <strong>OK</strong> after entering the password.<br>
|
||||
<br>
|
||||
VeraCrypt will now attempt to mount the volume. If the password is incorrect (for example, if you typed it incorrectly), VeraCrypt will notify you and you will need to repeat the previous step (type the password again and click
|
||||
<strong>OK</strong>). If the password is correct, the volume will be mounted.</p>
|
||||
<h4>FINAL STEP:</h4>
|
||||
<p><img src="Beginner's Tutorial_Image_020.jpg" alt="" width="579" height="498"><br>
|
||||
<br>
|
||||
We have just successfully mounted the container as a virtual disk M:<br>
|
||||
<br>
|
||||
The virtual disk is entirely encrypted (including file names, allocation tables, free space, etc.) and behaves like a real disk. You can save (or copy, move, etc.) files to this virtual disk and they will be encrypted on the fly as they are being written.<br>
|
||||
<br>
|
||||
If you open a file stored on a VeraCrypt volume, for example, in media player, the file will be automatically decrypted to RAM (memory) on the fly while it is being read.</p>
|
||||
<p>Important: Note that when you open a file stored on a VeraCrypt volume (or when you write/copy a file to/from the VeraCrypt volume) you will not be asked to enter the password again. You need to enter the correct password only when mounting the volume.</p>
|
||||
<p>You can open the mounted volume, for example, by selecting it on the list as shown in the screenshot above (blue selection) and then double-clicking on the selected item.</p>
|
||||
<p>You can also browse to the mounted volume the way you normally browse to any other types of volumes. For example, by opening the ‘<em>Computer</em>’ (or ‘<em>My Computer</em>’) list and double clicking the corresponding drive letter
|
||||
(in this case, it is the letter M).<br>
|
||||
<br>
|
||||
<img src="Beginner's Tutorial_Image_021.jpg" alt="" width="406" height="264"><br>
|
||||
<br>
|
||||
You can copy files (or folders) to and from the VeraCrypt volume just as you would copy them to any normal disk (for example, by simple drag-and-drop operations). Files that are being read or copied from the encrypted VeraCrypt volume are automatically decrypted
|
||||
on the fly in RAM (memory). Similarly, files that are being written or copied to the VeraCrypt volume are automatically encrypted on the fly in RAM (right before they are written to the disk).<br>
|
||||
<br>
|
||||
Note that VeraCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume
|
||||
will be dismounted and all files stored on it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), all files stored on the volume will be inaccessible (and encrypted). To make them accessible
|
||||
again, you have to mount the volume. To do so, repeat Steps 13-18.</p>
|
||||
<p>If you want to close the volume and make files stored on it inaccessible, either restart your operating system or dismount the volume. To do so, follow these steps:<br>
|
||||
<br>
|
||||
<img src="Beginner's Tutorial_Image_022.jpg" alt="" width="579" height="498"><br>
|
||||
<br>
|
||||
Select the volume from the list of mounted volumes in the main VeraCrypt window (marked with a red rectangle in the screenshot above) and then click
|
||||
<strong>Dismount </strong>(also marked with a red rectangle in the screenshot above). To make files stored on the volume accessible again, you will have to mount the volume. To do so, repeat Steps 13-18.</p>
|
||||
<h2>How to Create and Use a VeraCrypt-Encrypted Partition/Device</h2>
|
||||
<p>Instead of creating file containers, you can also encrypt physical partitions or drives (i.e., create VeraCrypt device-hosted volumes). To do so, repeat the steps 1-3 but in the step 3 select the second or third option. Then follow the remaining instructions
|
||||
in the wizard. When you create a device-hosted VeraCrypt volume within a <em>non-system
|
||||
</em>partition/drive, you can mount it by clicking <em>Auto-Mount Devices </em>in the main VeraCrypt window. For information pertaining to encrypted
|
||||
<em>system </em>partition/drives, see the chapter <a href="System%20Encryption.html">
|
||||
<em>System Encryption</em></a>.</p>
|
||||
<p>Important: <em>We strongly recommend that you also read the other chapters of this manual, as they contain important information that has been omitted in this tutorial for simplicity.</em></p>
|
||||
</div>
|
||||
</body></html>
|
BIN
doc/html/Beginner's Tutorial_Image_001.jpg
Normal file
After Width: | Height: | Size: 71 KiB |
BIN
doc/html/Beginner's Tutorial_Image_002.jpg
Normal file
After Width: | Height: | Size: 95 KiB |
BIN
doc/html/Beginner's Tutorial_Image_003.jpg
Normal file
After Width: | Height: | Size: 45 KiB |
BIN
doc/html/Beginner's Tutorial_Image_004.jpg
Normal file
After Width: | Height: | Size: 59 KiB |
BIN
doc/html/Beginner's Tutorial_Image_005.jpg
Normal file
After Width: | Height: | Size: 66 KiB |
BIN
doc/html/Beginner's Tutorial_Image_007.jpg
Normal file
After Width: | Height: | Size: 59 KiB |
BIN
doc/html/Beginner's Tutorial_Image_008.jpg
Normal file
After Width: | Height: | Size: 43 KiB |
BIN
doc/html/Beginner's Tutorial_Image_009.jpg
Normal file
After Width: | Height: | Size: 35 KiB |
BIN
doc/html/Beginner's Tutorial_Image_010.jpg
Normal file
After Width: | Height: | Size: 64 KiB |
BIN
doc/html/Beginner's Tutorial_Image_011.jpg
Normal file
After Width: | Height: | Size: 57 KiB |
BIN
doc/html/Beginner's Tutorial_Image_012.jpg
Normal file
After Width: | Height: | Size: 18 KiB |
BIN
doc/html/Beginner's Tutorial_Image_013.jpg
Normal file
After Width: | Height: | Size: 21 KiB |
BIN
doc/html/Beginner's Tutorial_Image_014.jpg
Normal file
After Width: | Height: | Size: 75 KiB |
BIN
doc/html/Beginner's Tutorial_Image_015.jpg
Normal file
After Width: | Height: | Size: 75 KiB |
BIN
doc/html/Beginner's Tutorial_Image_016.jpg
Normal file
After Width: | Height: | Size: 68 KiB |
BIN
doc/html/Beginner's Tutorial_Image_017.jpg
Normal file
After Width: | Height: | Size: 75 KiB |
BIN
doc/html/Beginner's Tutorial_Image_018.jpg
Normal file
After Width: | Height: | Size: 34 KiB |
BIN
doc/html/Beginner's Tutorial_Image_019.jpg
Normal file
After Width: | Height: | Size: 36 KiB |
BIN
doc/html/Beginner's Tutorial_Image_020.jpg
Normal file
After Width: | Height: | Size: 78 KiB |
BIN
doc/html/Beginner's Tutorial_Image_021.jpg
Normal file
After Width: | Height: | Size: 44 KiB |
BIN
doc/html/Beginner's Tutorial_Image_022.jpg
Normal file
After Width: | Height: | Size: 78 KiB |
BIN
doc/html/Beginner's Tutorial_Image_023.gif
Normal file
After Width: | Height: | Size: 2.3 KiB |
BIN
doc/html/Beginner's Tutorial_Image_024.gif
Normal file
After Width: | Height: | Size: 9.4 KiB |
BIN
doc/html/Beginner's Tutorial_Image_034.png
Normal file
After Width: | Height: | Size: 17 KiB |
47
doc/html/Camellia.html
Normal file
@ -0,0 +1,47 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Encryption%20Algorithms.html">Encryption Algorithms</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Camellia.html">Camellia</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Camellia</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Jointly developed by Mitsubishi Electric and NTT of Japan, Camellia is a 128-bit block cipher that was first published on 2000. It has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
VeraCrypt uses Camellia with 24 rounds and a 256-bit key operating in <a href="Modes%20of%20Operation.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
XTS mode</a> (see the section <a href="Modes%20of%20Operation.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Modes of Operation</a>).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<a href="Kuznyechik.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
66
doc/html/Cascades.html
Normal file
@ -0,0 +1,66 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Encryption%20Algorithms.html">Encryption Algorithms</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Cascades.html">Cascades of ciphers</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Cascades of ciphers</h1>
|
||||
<p> </p>
|
||||
<h2>AES-Twofish</h2>
|
||||
<p>Two ciphers in a cascade [15, 16] operating in XTS mode (see the section <a href="Modes%20of%20Operation.html">
|
||||
<em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with Twofish (256-bit key) in XTS mode and then with AES (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that
|
||||
header keys are independent too, even though they are derived from a single password – see
|
||||
<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.</p>
|
||||
<h2>AES-Twofish-Serpent</h2>
|
||||
<p>Three ciphers in a cascade [15, 16] operating in XTS mode (see the section <a href="Modes%20of%20Operation.html">
|
||||
<em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with Serpent (256-bit key) in XTS mode, then with Twofish (256-bit key) in XTS mode, and finally with AES (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption
|
||||
keys are mutually independent (note that header keys are independent too, even though they are derived from a single password – see the section
|
||||
<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.</p>
|
||||
<h2>Serpent-AES</h2>
|
||||
<p>Two ciphers in a cascade [15, 16] operating in XTS mode (see the section <a href="Modes%20of%20Operation.html">
|
||||
<em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with AES (256-bit key) in XTS mode and then with Serpent (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that
|
||||
header keys are independent too, even though they are derived from a single password – see the section
|
||||
<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.</p>
|
||||
<h2>Serpent-Twofish-AES</h2>
|
||||
<p>Three ciphers in a cascade [15, 16] operating in XTS mode (see the section <a href="Modes%20of%20Operation.html">
|
||||
<em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with AES (256-bit key) in XTS mode, then with Twofish (256- bit key) in XTS mode, and finally with Serpent (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All
|
||||
encryption keys are mutually independent (note that header keys are independent too, even though they are derived from a single password – see the section
|
||||
<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.</p>
|
||||
<h2>Twofish-Serpent</h2>
|
||||
<p>Two ciphers in a cascade [15, 16] operating in XTS mode (see the section <a href="Modes%20of%20Operation.html">
|
||||
<em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with Serpent (256-bit key) in XTS mode and then with Twofish (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note
|
||||
that header keys are independent too, even though they are derived from a single password – see the section
|
||||
<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.</p>
|
||||
</div>
|
||||
</body></html>
|
56
doc/html/Changing Passwords and Keyfiles.html
Normal file
@ -0,0 +1,56 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Changing%20Passwords%20and%20Keyfiles.html">Changing Passwords and Keyfiles</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Changing Passwords and Keyfiles</h1>
|
||||
<p>Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key (not to be confused with the password) with which the volume is encrypted. If an adversary is allowed to make a copy of your volume
|
||||
before you change the volume password and/or keyfile(s), he may be able to use his copy or fragment (the old header) of the VeraCrypt volume to mount your volume using a compromised password and/or compromised keyfiles that were necessary to mount the volume
|
||||
before you changed the volume password and/or keyfile(s).<br>
|
||||
<br>
|
||||
If you are not sure whether an adversary knows your password (or has your keyfiles) and whether he has a copy of your volume when you need to change its password and/or keyfiles, it is strongly recommended that you create a new VeraCrypt volume and move files
|
||||
from the old volume to the new volume (the new volume will have a different master key).<br>
|
||||
<br>
|
||||
Also note that if an adversary knows your password (or has your keyfiles) and has access to your volume, he may be able to retrieve and keep its master key. If he does, he may be able to decrypt your volume even after you change its password and/or keyfile(s)
|
||||
(because the master key does not change when you change the volume password and/or keyfiles). In such a case, create a new VeraCrypt volume and move all files from the old volume to this new one.<br>
|
||||
<br>
|
||||
The following sections of this chapter contain additional information pertaining to possible security issues connected with changing passwords and/or keyfiles:</p>
|
||||
<ul>
|
||||
<li><a href="Security%20Requirements%20and%20Precautions.html"><em>Security Requirements and Precautions</em></a>
|
||||
</li><li><a href="Journaling%20File%20Systems.html"><em>Journaling File Systems</em></a>
|
||||
</li><li><a href="Defragmenting.html"><em>Defragmenting</em></a>
|
||||
</li><li><a href="Reallocated%20Sectors.html"><em>Reallocated Sectors</em></a>
|
||||
</li></ul>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
51
doc/html/Choosing Passwords and Keyfiles.html
Normal file
@ -0,0 +1,51 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Choosing%20Passwords%20and%20Keyfiles.html">Choosing Passwords and Keyfiles</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<div>
|
||||
<h1>Choosing Passwords and Keyfiles</h1>
|
||||
<p>It is very important that you choose a good password. You must avoid choosing one that contains only a single word that can be found in a dictionary (or a combination of such words). It must not contain any names, dates of birth, account numbers, or any
|
||||
other items that could be easy to guess. A good password is a random combination of upper and lower case letters, numbers, and special characters, such as @ ^ = $ * + etc. We strongly recommend choosing a password consisting of more than 20 characters (the
|
||||
longer, the better). Short passwords are easy to crack using brute-force techniques.<br>
|
||||
<br>
|
||||
To make brute-force attacks on a keyfile infeasible, the size of the keyfile must be at least 30 bytes. If a volume uses multiple keyfiles, then at least one of the keyfiles must be 30 bytes in size or larger. Note that the 30-byte limit assumes a large amount
|
||||
of entropy in the keyfile. If the first 1024 kilobytes of a file contain only a small amount of entropy, it must not be used as a keyfile (regardless of the file size). If you are not sure what entropy means, we recommend that you let VeraCrypt generate a
|
||||
file with random content and that you use it as a keyfile (select <em>Tools -> Keyfile Generator</em>).</p>
|
||||
<p>When creating a volume, encrypting a system partition/drive, or changing passwords/keyfiles, you must not allow any third party to choose or modify the password/keyfile(s) before/while the volume is created or the password/keyfiles(s) changed. For example,
|
||||
you must not use any password generators (whether website applications or locally run programs) where you are not sure that they are high-quality and uncontrolled by an attacker, and keyfiles must not be files that you download from the internet or that are
|
||||
accessible to other users of the computer (whether they are administrators or not).</p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
258
doc/html/Command Line Usage.html
Normal file
@ -0,0 +1,258 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Command%20Line%20Usage.html">Command Line Usage</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<div>
|
||||
<h1>Command Line Usage</h1>
|
||||
<p>Note that this section applies to the Windows version of VeraCrypt. For information on command line usage applying to the
|
||||
<strong>Linux and Mac OS X versions</strong>, please run: veracrypt –h</p>
|
||||
<table border="1" cellspacing="0" cellpadding="0">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><em>/help</em> or <em>/?</em></td>
|
||||
<td>Display command line help.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/truecrypt or /tc</em></td>
|
||||
<td>Activate TrueCrypt compatibility mode which enables mounting volumes created with TrueCrypt 6.x and 7.x series.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/hash</em></td>
|
||||
<td>It must be followed by a parameter indicating the PRF hash algorithm to use when mounting the volume. Possible values for /hash parameter are: sha256, sha-256, sha512, sha-512, whirlpool, ripemd160 and ripemd-160. When /hash is omitted, VeraCrypt will try
|
||||
all possible PRF algorithms thus lengthening the mount operation time.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td id="volume"><em>/volume</em> or <em>/v</em></td>
|
||||
<td>
|
||||
<p>It must be followed by a parameter indicating the file and path name of a VeraCrypt volume to mount (do not use when dismounting) or the Volume ID of the disk/partition to mount.<br>
|
||||
The syntax of the volume ID is <strong>ID:XXXXXX...XX</strong> where the XX part is a 64 hexadecimal characters string that represent the 32-Bytes ID of the desired volume to mount.<br>
|
||||
<br>
|
||||
To mount a partition/device-hosted volume, use, for example, /v \Device\Harddisk1\Partition3 (to determine the path to a partition/device, run VeraCrypt and click
|
||||
<em>Select Device</em>). You can also mount a partition or dynamic volume using its volume name (for example, /v \\?\Volume{5cceb196-48bf-46ab-ad00-70965512253a}\). To determine the volume name use e.g. mountvol.exe. Also note that device paths are case-sensitive.<br>
|
||||
<br>
|
||||
You can also specify the Volume ID of the partition/device-hosted volume to mount, for example: /v ID:53B9A8D59CC84264004DA8728FC8F3E2EE6C130145ABD3835695C29FD601EDCA. The Volume ID value can be retrieved using the volume properties dialog.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/letter</em> or <em>/l</em></td>
|
||||
<td>It must be followed by a parameter indicating the driver letter to mount the volume as. When /l is omitted and when /a is used, the first free drive letter is used.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/explore</em> or <em>/e</em></td>
|
||||
<td>Open an Explorer window after a volume has been mounted.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/beep</em> or <em>/b</em></td>
|
||||
<td>Beep after a volume has been successfully mounted or dismounted.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/auto</em> or <em>/a</em></td>
|
||||
<td>If no parameter is specified, automatically mount the volume. If devices is specified as the parameter (e.g., /a devices), auto-mount all currently accessible device/partition-hosted VeraCrypt volumes. If favorites is specified as the parameter, auto-mount
|
||||
favorite volumes. Note that /auto is implicit if /quit and /volume are specified. If you need to prevent the application window from appearing, use /quit.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/dismount</em> or <em>/d</em></td>
|
||||
<td>Dismount volume specified by drive letter (e.g., /d x). When no drive letter is specified, dismounts all currently mounted VeraCrypt volumes.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/force</em> or <em>/f</em></td>
|
||||
<td>Forces dismount (if the volume to be dismounted contains files being used by the system or an application) and forces mounting in shared mode (i.e., without exclusive access).</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/keyfile</em> or <em>/k</em></td>
|
||||
<td>It must be followed by a parameter specifying a keyfile or a keyfile search path. For multiple keyfiles, specify e.g.: /k c:\keyfile1.dat /k d:\KeyfileFolder /k c:\kf2 To specify a keyfile stored on a security token or smart card, use the following syntax:
|
||||
token://slot/SLOT_NUMBER/file/FILE_NAME</td>
|
||||
</tr>
|
||||
<tr id="tryemptypass">
|
||||
<td><em>/tryemptypass </em></td>
|
||||
<td>ONLY when default keyfile configured or when a keyfile is specified in the command line.<br>
|
||||
If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: try to mount using an empty password and the keyfile before displaying password prompt.<br>
|
||||
if it is followed by <strong>n </strong>or<strong> no</strong>: don't try to mount using an empty password and the keyfile, and display password prompt right away.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/nowaitdlg</em></td>
|
||||
<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: don’t display the waiting dialog while performing operations like mounting volumes.<br>
|
||||
If it is followed by <strong>n</strong> or <strong>no</strong>: force the display waiting dialog is displayed while performing operations.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/tokenlib</em></td>
|
||||
<td>It must be followed by a parameter indicating the PKCS #11 library to use for security tokens and smart cards. (e.g.: /tokenlib c:\pkcs11lib.dll)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/tokenpin</em></td>
|
||||
<td>It must be followed by a parameter indicating the PIN to use in order to authenticate to the security token or smart card (e.g.: /tokenpin 0000). Warning: This method of entering a smart card PIN may be insecure, for example, when an unencrypted command
|
||||
prompt history log is being saved to unencrypted disk.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/cache</em> or <em>/c</em></td>
|
||||
<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: enable password cache;
|
||||
<br>
|
||||
If it is followed by <strong>n </strong>or<strong> no</strong>: disable password cache (e.g., /c n).<br>
|
||||
If it is followed by <strong>f </strong>or<strong> favorites</strong>: temporary cache password when mounting multiple favorites (e.g., /c f).<br>
|
||||
Note that turning the password cache off will not clear it (use /w to clear the password cache).</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/history</em> or <em>/h</em></td>
|
||||
<td>If it is followed by <strong>y</strong> or no parameter: enables saving history of mounted volumes; if it is followed by
|
||||
<strong>n</strong>: disables saving history of mounted volumes (e.g., /h n).</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/wipecache</em> or <em>/w</em></td>
|
||||
<td>Wipes any passwords cached in the driver memory.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/password</em> or <em>/p</em></td>
|
||||
<td>It must be followed by a parameter indicating the volume password. If the password contains spaces, it must be enclosed in quotation marks (e.g., /p ”My Password”). Use /p ”” to specify an empty password.
|
||||
<em>Warning: This method of entering a volume password may be insecure, for example, when an unencrypted command prompt history log is being saved to unencrypted disk.</em></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/pim</em></td>
|
||||
<td>It must be followed by a positive integer indicating the PIM (Personal Iterations Multiplier) to use for the volume.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/quit</em> or <em>/q</em></td>
|
||||
<td>Automatically perform requested actions and exit (main VeraCrypt window will not be displayed). If preferences is specified as the parameter (e.g., /q preferences), then program settings are loaded/saved and they override settings specified on the command
|
||||
line. /q background launches the VeraCrypt Background Task (tray icon) unless it is disabled in the Preferences.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/silent</em> or <em>/s</em></td>
|
||||
<td>If /q is specified, suppresses interaction with the user (prompts, error messages, warnings, etc.). If /q is not specified, this option has no effect.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/mountoption</em> or <em>/m</em></td>
|
||||
<td>
|
||||
<p>It must be followed by a parameter which can have one of the values indicated below.</p>
|
||||
<p><strong>ro</strong> or<strong> readonly</strong>: Mount volume as read-only.</p>
|
||||
<p><strong>rm</strong> or <strong>removable</strong>: Mount volume as removable medium (see section
|
||||
<a href="Removable%20Medium%20Volume.html">
|
||||
<em>Volume Mounted as Removable Medium</em></a>).</p>
|
||||
<p><strong>ts</strong> or <strong>timestamp</strong>: Do not preserve container modification timestamp.</p>
|
||||
<p><strong>sm</strong> or <strong>system</strong>: Without pre-boot authentication, mount a partition that is within the key scope of system encryption (for example, a partition located on the encrypted system drive of another operating system that is not running).
|
||||
Useful e.g. for backup or repair operations. Note: If you supply a password as a parameter of /p, make sure that the password has been typed using the standard US keyboard layout (in contrast, the GUI ensures this automatically). This is required due to the
|
||||
fact that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available.</p>
|
||||
<p><strong>bk</strong> or <strong>headerbak</strong>: Mount volume using embedded backup header. Note: All volumes created by VeraCrypt contain an embedded backup header (located at the end of the volume).</p>
|
||||
<p><strong>recovery</strong>: Do not verify any checksums stored in the volume header. This option should be used only when the volume header is damaged and the volume cannot be mounted even with the mount option headerbak. Example: /m ro</p>
|
||||
<p><strong>label=LabelValue</strong>: Use the given string value <strong>LabelValue</strong> as a label of the mounted volume in Windows Explorer. The maximum length for
|
||||
<strong>LabelValue </strong> is 32 characters for NTFS volumes and 11 characters for FAT volumes. For example,
|
||||
<em>/m label=MyDrive</em> will set the label of the drive in Explorer to <em>MyDrive</em>.<br>
|
||||
<br>
|
||||
Please note that this switch may be present several times in the command line in order to specify multiple mount options (e.g.: /m rm /m ts)</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h4>VeraCrypt Format.exe (VeraCrypt Volume Creation Wizard):</h4>
|
||||
<table border="1" cellspacing="0" cellpadding="0">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>/create</td>
|
||||
<td>Create a container based volume in command line mode. It must be followed by the file name of the container to be created.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>/size</td>
|
||||
<td>
|
||||
<p>(Only with /create)<br>
|
||||
It must be followed by a parameter indicating the size of the container file that will be created. This parameter is a number indicating the size in Bytes. It can have a suffixe 'K', 'M', 'G' or 'T' to indicate that the value is in Kilobytes, Megabytes, Gigabytes
|
||||
or Terabytes respectively. For example:</p>
|
||||
<ul>
|
||||
<li>/size 5000000: the container size will be 5000000 bytes </li><li>/size 25K: the container size will be 25 KiloBytes. </li><li>/size 100M: the container size will be 100 MegaBytes. </li><li>/size 2G: the container size will be 2 GigaBytes. </li><li>/size 1T: the container size will be 1 TeraBytes. </li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td> /password</td>
|
||||
<td> (Only with /create)<br>
|
||||
It must be followed by a parameter indicating the password of the container that will be created.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td> <em>/hash</em></td>
|
||||
<td>(Only with /create)<br>
|
||||
It must be followed by a parameter indicating the PRF hash algorithm to use when creating the volume. It has the same syntax as VeraCrypt.exe.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>/encryption</td>
|
||||
<td>(Only with /create)<br>
|
||||
It must be followed by a parameter indicating the encryption algorithm to use. The default is AES if this switch is not specified. The parameter can have the following values (case insensitive):
|
||||
<ul>
|
||||
<li>AES </li><li>Serpent </li><li>Twofish </li><li>AES(Twofish) </li><li>AES(Twofish(Serpent)) </li><li>Serpent(AES) </li><li>Serpent(Twofish(AES)) </li><li>Twofish(Serpent) </li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>/filesystem</td>
|
||||
<td>(Only with /create)<br>
|
||||
It must be followed by a parameter indicating the file system to use for the volume. The parameter can have the following values:
|
||||
<ul>
|
||||
<li>None: don't use any filesystem </li><li>FAT: format using FAT/FAT32 </li><li>NTFS: format using NTFS. Please note that in this case a UAC prompt will be displayed unless the process is run with full administrative privileges.
|
||||
</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>/dynamic</td>
|
||||
<td>(Only with /create)<br>
|
||||
It has no parameters and it indicates that the volume will be created as a dynamic volume.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>/force</td>
|
||||
<td>(Only with /create)<br>
|
||||
It has no parameters and it indicates that overwrite will be forced without requiring user confirmation.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>/silent</td>
|
||||
<td>(Only with /create)<br>
|
||||
It has no parameters and it indicates that no message box or dialog will be displayed to the user. If there is any error, the operation will fail silently.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>/noisocheck</em> or <em>/n</em></td>
|
||||
<td>Do not verify that VeraCrypt Rescue Disks are correctly burned. <strong>WARNING</strong>: Never attempt to use this option to facilitate the reuse of a previously created VeraCrypt Rescue Disk. Note that every time you encrypt a system partition/drive,
|
||||
you must create a new VeraCrypt Rescue Disk even if you use the same password. A previously created VeraCrypt Rescue Disk cannot be reused as it was created for a different master key.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h4>Syntax</h4>
|
||||
<p>VeraCrypt.exe [/tc] [/hash {sha256|sha-256|sha512|sha-512|whirlpool |ripemd160|ripemd-160}][/a [devices|favorites]] [/b] [/c [y|n|f]] [/d [drive letter]] [/e] [/f] [/h [y|n]] [/k keyfile or search path] [tryemptypass [y|n]] [/l drive letter] [/m {bk|rm|recovery|ro|sm|ts}]
|
||||
[/p password] [/pim pimvalue] [/q [background|preferences]] [/s] [/tokenlib path] [/v volume] [/w]</p>
|
||||
<p>"VeraCrypt Format.exe" [/n] [/create] [/size number[{K|M|G|T}]] [/p password] [/encryption {AES | Serpent | Twofish | AES(Twofish) | AES(Twofish(Serpent)) | Serpent(AES) | Serpent(Twofish(AES)) | Twofish(Serpent)}] [/hash {sha256|sha-256|sha512|sha-512|whirlpool|ripemd160|ripemd-160}]
|
||||
[/filesystem {None|FAT|NTFS}] [/dynamic] [/force] [/silent]</p>
|
||||
<p>Note that the order in which options are specified does not matter.</p>
|
||||
<h4>Examples</h4>
|
||||
<p>Mount the volume <em>d:\myvolume</em> as the first free drive letter, using the password prompt (the main program window will not be displayed):</p>
|
||||
<p>veracrypt /q /v d:\myvolume</p>
|
||||
<p>Dismount a volume mounted as the drive letter <em>X</em> (the main program window will not be displayed):</p>
|
||||
<p>veracrypt /q /d x</p>
|
||||
<p>Mount a volume called <em>myvolume.tc</em> using the password <em>MyPassword</em>, as the drive letter
|
||||
<em>X</em>. VeraCrypt will open an explorer window and beep; mounting will be automatic:</p>
|
||||
<p>veracrypt /v myvolume.tc /l x /a /p MyPassword /e /b</p>
|
||||
<p>Create a 10 MB file container using the password <em>test</em> and formatted using FAT:</p>
|
||||
<p><code>"C:\Program Files\VeraCrypt\VeraCrypt Format.exe" /create c:\Data\test.hc /password test /hash sha512 /encryption serpent /filesystem FAT /size 10M /force</code></p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
53
doc/html/Contact.html
Normal file
@ -0,0 +1,53 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Contact.html">Contact</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1><strong style="text-align:left">Contact us</strong></h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
You can contact us by sending a message to veracrypt-contact [at] lists dot sourceforge.net .<br>
|
||||
You can also use the address veracrypt [at] idrix dot fr, which is associated with VeraCrypt Team PGP key.<em style="text-align:left"><br>
|
||||
</em></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
To contact IDRIX directly, you can use <a href="https://www.idrix.fr/Root/mos/Contact_Us/Itemid,3" target="_blank">
|
||||
our contact form</a>.</div>
|
||||
</div>
|
||||
<div>
|
||||
<p>
|
||||
We are also present on social media:<br>
|
||||
<a title="VeraCrypt on Twitter" href="https://twitter.com/VeraCrypt_IDRIX" target="_blank"><img src="twitter_veracrypt.PNG" alt="VeraCrypt on Twitter" width="168" height="28"></a>
|
||||
<a title="VeraCrypt on Facebook" href="https://www.facebook.com/veracrypt" target="_blank"><img src="Home_facebook_veracrypt.png" alt="VeraCrypt on Facebook" width="61" height="28"></a>
|
||||
<a title="VeraCrypt on Reddit" href="https://www.reddit.com/r/VeraCrypt/" target="_blank"><img src="Home_reddit.png" alt="VeraCrypt on Reddit" width="94" height="28"></a>
|
||||
</p>
|
||||
</div>
|
||||
</body></html>
|
65
doc/html/Contributed Resources.html
Normal file
@ -0,0 +1,65 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a class="active" href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<p>Here you'll find useful resources contributed by VeraCrypt users.</p>
|
||||
<h3>Third party binaries:</h3>
|
||||
<ul>
|
||||
<li>Linux Ubuntu <strong>PPA</strong> provided by user <a href="https://unit193.net/" target="_blank">"Unit 193"</a> (build done by Launchpad):
|
||||
<ul>
|
||||
<li><a href="https://launchpad.net/~unit193/+archive/ubuntu/encryption" target="_blank">https://launchpad.net/~unit193/+archive/ubuntu/encryption</a>
|
||||
</li></ul>
|
||||
</li><li>Linux <strong>Armv7</strong> GUI/console 32-bit build on ChromeBook by user <a href="https://www.codeplex.com/site/users/view/haggster">
|
||||
haggster</a>:
|
||||
<ul>
|
||||
<li><a href="http://sourceforge.net/projects/veracrypt/files/Contributions/ARM%20Linux/veracrypt-1.0f-1-setup-arm.tar.bz2/download" target="_blank">veracrypt-1.0f-1-setup-arm.tar.bz2</a>
|
||||
</li></ul>
|
||||
</li></ul>
|
||||
<h3>Tutorials:</h3>
|
||||
<ul>
|
||||
<li><a href="http://schneckchen.in/veracrypt-anleitung-zum-daten-verschluesseln/" target="_blank">http://schneckchen.in/veracrypt-anleitung-zum-daten-verschluesseln/</a>:
|
||||
<ul>
|
||||
<li>German tutorial on VeraCrypt by Andreas Heinz. </li></ul>
|
||||
</li><li><a href="http://howto.wared.fr/raspberry-pi-arch-linux-arm-installation-veracrypt/" target="_blank">http://howto.wared.fr/raspberry-pi-arch-linux-arm-installation-veracrypt/</a>:
|
||||
<ul>
|
||||
<li>French HowTo for building VeraCrypt on Raspberry Pi Arch Linux by <a href="http://howto.wared.fr/author/wared/" target="_blank">
|
||||
Edouard WATTECAMPS</a>. </li></ul>
|
||||
</li><li><a href="http://sourceforge.net/projects/veracrypt/files/Contributions/clonezilla_using_veracrypt_ver_1.1.doc/download" target="_blank">clonezilla_using_veracrypt_ver_1.1.doc</a>:
|
||||
<ul>
|
||||
<li>Tutorial on using VeraCrypt in CloneZilla for accessing encrypted backups. By
|
||||
<a href="https://www.codeplex.com/site/users/view/pjc123" target="_blank">pjc123</a>.
|
||||
</li></ul>
|
||||
</li><li><a href="https://bohdan-danishevsky.blogspot.fr/2016/11/raspberry-pi-raspbian-installing.html" target="_blank">https://bohdan-danishevsky.blogspot.fr/2016/11/raspberry-pi-raspbian-installing.html</a>
|
||||
<ul>
|
||||
<li>Tutorial on installing and using official VeraCrypt binaries on Raspberry Pi (Raspbian) by Bohdan Danishevsky.
|
||||
</li></ul>
|
||||
</li></ul>
|
||||
<h3>Miscellaneous:</h3>
|
||||
<ul>
|
||||
<li><a href="http://sourceforge.net/projects/veracrypt/files/Contributions/vcsteg2.py/download" target="_blank">vcsteg2.py</a> : a Python script that tries to hide a VeraCrypt volume inside a video file (Steganography)
|
||||
</li></ul>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
43
doc/html/Converting TrueCrypt volumes and partitions.html
Normal file
@ -0,0 +1,43 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Converting%20TrueCrypt%20volumes%20and%20partitions.html">Converting TrueCrypt volumes and partitions</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Converting TrueCrypt volumes and partitions</h1>
|
||||
<p>Starting from version 1.0f, TrueCrypt volumes and <strong>non-system</strong> partitions can be converted to VeraCrypt format using any of the following actions:</p>
|
||||
<ul>
|
||||
<li>Change Volume Password </li><li>Set Header Key Derivation Algorithm </li><li>Add/Remove key files </li><li>Remove all key files </li></ul>
|
||||
<p>“TrueCrypt Mode” must be checked in the dialog as show below:</p>
|
||||
<p> <img src="Converting TrueCrypt volumes and partitions_truecrypt_convertion.jpg" alt="" width="511" height="436"></p>
|
||||
<p><strong>Note: </strong>Converting system partitions encrypted with TrueCrypt is not supported.</p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
After Width: | Height: | Size: 64 KiB |
111
doc/html/Creating New Volumes.html
Normal file
@ -0,0 +1,111 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="VeraCrypt%20Volume.html">VeraCrypt Volume</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Creating%20New%20Volumes.html">Creating New Volumes</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Creating a New VeraCrypt Volume</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<p>To create a new VeraCrypt file-hosted volume or to encrypt a partition/device (requires administrator privileges), click on ‘Create Volume’ in the main program window. VeraCrypt Volume Creation Wizard should appear. As soon as the Wizard appears,
|
||||
it starts collecting data that will be used in generating the master key, secondary key (XTS mode), and salt, for the new volume. The collected data, which should be as random as possible, include your mouse movements, key presses, and other values obtained
|
||||
from the system (for more information, please see the section <a href="Random%20Number%20Generator.html">
|
||||
<em>Random Number Generator</em></a>). The Wizard provides help and information necessary to successfully create a new VeraCrypt volume. However, several items deserve further explanation:</p>
|
||||
<h3>Hash Algorithm</h3>
|
||||
<p>Allows you to select which hash algorithm VeraCrypt will use. The selected hash algorithm is used by the random number generator (as a pseudorandom mixing function), which generates the master key, secondary key (XTS mode), and salt (for more information,
|
||||
please see the section <a href="Random%20Number%20Generator.html">
|
||||
<em>Random Number Generator</em></a>). It is also used in deriving the new volume header key and secondary header key (see the section
|
||||
<a href="Header%20Key%20Derivation.html">
|
||||
<em>Header Key Derivation, Salt, and Iteration Count</em></a>).<br>
|
||||
<br>
|
||||
For information about the implemented hash algorithms, see the chapter <a href="Hash%20Algorithms.html">
|
||||
<em>Hash Algorithms.</em></a><br>
|
||||
<br>
|
||||
Note that the output of a hash function is <em>never </em>used directly as an encryption key. For more information, please refer to the chapter
|
||||
<a href="Technical%20Details.html"><em>Technical Details</em></a>.</p>
|
||||
<h3>Encryption Algorithm</h3>
|
||||
<p>This allows you to select the encryption algorithm with which your new volume will be encrypted. Note that the encryption algorithm cannot be changed after the volume is created. For more information, please see the chapter
|
||||
<a href="Encryption%20Algorithms.html"><em>Encryption Algorithms</em></a>.</p>
|
||||
<h3 id="QuickFormat">Quick Format</h3>
|
||||
<p>If unchecked, each sector of the new volume will be formatted. This means that the new volume will be
|
||||
<em>entirely </em>filled with random data. Quick format is much faster but may be less secure because until the whole volume has been filled with files, it may be possible to tell how much data it contains (if the space was not filled with random data beforehand).
|
||||
If you are not sure whether to enable or disable Quick Format, we recommend that you leave this option unchecked. Note that Quick Format can only be enabled when encrypting partitions/devices.</p>
|
||||
<p>Important: When encrypting a partition/device within which you intend to create a hidden volume afterwards, leave this option unchecked.</p>
|
||||
<h3 id="dynamic">Dynamic</h3>
|
||||
<p>Dynamic VeraCrypt container is a pre-allocated NTFS sparse file whose physical size (actual disk space used) grows as new data is added to it. Note that the physical size of the container (actual disk space that the container uses) will not decrease when
|
||||
files are deleted on the VeraCrypt volume. The physical size of the container can only
|
||||
<em>increase </em>up to the maximum value that is specified by the user during the volume creation process. After the maximum specified size is reached, the physical size of the container will remain constant.<br>
|
||||
<br>
|
||||
Note that sparse files can only be created in the NTFS file system. If you are creating a container in the FAT file system, the option
|
||||
<em>Dynamic </em>will be disabled (“grayed out”).<br>
|
||||
<br>
|
||||
Note that the size of a dynamic (sparse-file-hosted) VeraCrypt volume reported by Windows and by VeraCrypt will always be equal to its maximum size (which you specify when creating the volume). To find out current physical size of the container (actual disk
|
||||
space it uses), right-click the container file (in a Windows Explorer window, not in VeraCrypt), then select
|
||||
<em>Properties </em>and see the Size on disk value.</p>
|
||||
<p>WARNING: Performance of dynamic (sparse-file-hosted) VeraCrypt volumes is significantly worse than performance of regular volumes. Dynamic (sparse-file-hosted) VeraCrypt volumes are also less secure, because it is possible to tell which volume sectors are
|
||||
unused. Furthermore, if data is written to a dynamic volume when there is not enough free space in its host file system, the encrypted file system may get corrupted.</p>
|
||||
<h3>Cluster Size</h3>
|
||||
<p>Cluster is an allocation unit. For example, one cluster is allocated on a FAT file system for a one- byte file. When the file grows beyond the cluster boundary, another cluster is allocated. Theoretically, this means that the bigger the cluster size, the
|
||||
more disk space is wasted; however, the better the performance. If you do not know which value to use, use the default.</p>
|
||||
<h3>VeraCrypt Volumes on CDs and DVDs</h3>
|
||||
<p>If you want a VeraCrypt volume to be stored on a CD or a DVD, first create a file-hosted VeraCrypt container on a hard drive and then burn it onto a CD/DVD using any CD/DVD burning software (or, under Windows XP or later, using the CD burning tool provided
|
||||
with the operating system). Remember that if you need to mount a VeraCrypt volume that is stored on a read-only medium (such as a CD/DVD) under Windows 2000, you must format the VeraCrypt volume as FAT. The reason is that Windows 2000 cannot mount NTFS file
|
||||
system on read-only media (Windows XP and later versions of Windows can).</p>
|
||||
<h3>Hardware/Software RAID, Windows Dynamic Volumes</h3>
|
||||
<p>VeraCrypt supports hardware/software RAID as well as Windows dynamic volumes.</p>
|
||||
<p>Windows Vista or later: Dynamic volumes are displayed in the ‘Select Device’ dialog window as \Device\HarddiskVolumeN.</p>
|
||||
<p>Windows XP/2000/2003: If you intend to format a Windows dynamic volume as a VeraCrypt volume, keep in mind that after you create the Windows dynamic volume (using the Windows Disk Management tool), you must restart the operating system in order for the volume
|
||||
to be available/displayed in the ‘Select Device’ dialog window of the VeraCrypt Volume Creation Wizard. Also note that, in the ‘Select Device’ dialog window, a Windows dynamic volume is not displayed as a single device (item). Instead,
|
||||
all volumes that the Windows dynamic volume consists of are displayed and you can select any of them in order to format the entire Windows dynamic volume.</p>
|
||||
<h3>Additional Notes on Volume Creation</h3>
|
||||
<p>After you click the ‘Format’ button in the Volume Creation Wizard window (the last step), there will be a short delay while your system is being polled for additional random data. Afterwards, the master key, header key, secondary key (XTS mode),
|
||||
and salt, for the new volume will be generated, and the master key and header key contents will be displayed.<br>
|
||||
<br>
|
||||
For extra security, the portions of the randomness pool, master key, and header key can be prevented from being displayed by unchecking the checkbox in the upper right corner of the corresponding field:<br>
|
||||
<br>
|
||||
<img src="Beginner's Tutorial_Image_023.gif" alt="" width="338" height="51"><br>
|
||||
<br>
|
||||
Note that only the first 128 bits of the pool/keys are displayed (not the entire contents).<br>
|
||||
<br>
|
||||
You can create FAT (whether it will be FAT12, FAT16, or FAT32, is automatically determined from the number of clusters) or NTFS volumes (however, NTFS volumes can only be created by users with administrator privileges). Mounted VeraCrypt volumes can be reformatted
|
||||
as FAT12, FAT16, FAT32, or NTFS anytime. They behave as standard disk devices so you can right-click the drive letter of the mounted VeraCrypt volume (for example in the ‘<em>Computer</em>’ or ‘<em>My Computer</em>’ list) and select
|
||||
‘Format’.<br>
|
||||
<br>
|
||||
For more information about creating VeraCrypt volumes, see also the section <a href="Hidden%20Volume.html">
|
||||
<em>Hidden Volume</em></a>.</p>
|
||||
<p> </p>
|
||||
<p><a href="Favorite%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</body></html>
|
70
doc/html/Data Leaks.html
Normal file
@ -0,0 +1,70 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Data%20Leaks.html">Data Leaks</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h2>Data Leaks</h2>
|
||||
<p>When a VeraCrypt volume is mounted, the operating system and third-party applications may write to unencrypted volumes (typically, to the unencrypted system volume) unencrypted information about the data stored in the VeraCrypt volume (e.g. filenames and
|
||||
locations of recently accessed files, databases created by file indexing tools, etc.), or the data itself in an unencrypted form (temporary files, etc.), or unencrypted information about the filesystem residing in the VeraCrypt volume. Note that Windows automatically
|
||||
records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc.</p>
|
||||
<p>Also, starting from Windows 8, every time a VeraCrypt volume that is formatted using NTFS is mounted, an Event 98 is written for the system Events Log and it will contain the device name (\\device\VeraCryptVolumeXX) of the volume. This event log "feature"
|
||||
was introduced in Windows 8 as part of newly introduced NTFS health checks as explained
|
||||
<a href="https://blogs.msdn.microsoft.com/b8/2012/05/09/redesigning-chkdsk-and-the-new-ntfs-health-model/" target="_blank">
|
||||
here</a>. To avoid this leak, the VeraCrypt volume must be mounted <a href="Removable%20Medium%20Volume.html">
|
||||
as a removable medium</a>. Big thanks to Liran Elharar for discovering this leak and its workaround.<br>
|
||||
<br>
|
||||
In order to prevent data leaks, you must follow these steps (alternative steps may exist):</p>
|
||||
<ul>
|
||||
<li>If you do <em>not</em> need plausible deniability:
|
||||
<ul>
|
||||
<li>Encrypt the system partition/drive (for information on how to do so, see the chapter
|
||||
<a href="System%20Encryption.html"><em>System Encryption</em></a>) and ensure that only encrypted or read-only filesystems are mounted during each session in which you work with sensitive data.<br>
|
||||
<br>
|
||||
or, </li><li>If you cannot do the above, download or create a "live CD" version of your operating system (i.e. a "live" system entirely stored on and booted from a CD/DVD) that ensures that any data written to the system volume is written to a RAM disk. When you need
|
||||
to work with sensitive data, boot such a live CD/DVD and ensure that only encrypted and/or read-only filesystems are mounted during the session.
|
||||
</li></ul>
|
||||
</li><li>If you need plausible deniability:
|
||||
<ul>
|
||||
<li>Create a hidden operating system. VeraCrypt will provide automatic data leak protection. For more information, see the section
|
||||
<a href="Hidden%20Operating%20System.html">
|
||||
<em>Hidden Operating System</em></a>.<br>
|
||||
<br>
|
||||
or, </li><li>If you cannot do the above, download or create a "live CD" version of your operating system (i.e. a "live" system entirely stored on and booted from a CD/DVD) that ensures that any data written to the system volume is written to a RAM disk. When you need
|
||||
to work with sensitive data, boot such a live CD/DVD. If you use hidden volumes, follow the security requirements and precautions listed in the subsection
|
||||
<a href="Security%20Requirements%20for%20Hidden%20Volumes.html">
|
||||
<em>Security Requirements and Precautions Pertaining to Hidden Volumes</em></a>. If you do not use hidden volumes, ensure that only non-system partition-hosted VeraCrypt volumes and/or read-only filesystems are mounted during the session.
|
||||
</li></ul>
|
||||
</li></ul>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
51
doc/html/Default Mount Parameters.html
Normal file
@ -0,0 +1,51 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Default%20Mount%20Parameters.html">Default Mount Parameters</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h2>Default Mount Parameters</h2>
|
||||
<p>Starting from version 1.0f-2, it is possible to specify the PRF algorithm and the TrueCrypt mode that will be selected by default in the password dialog.</p>
|
||||
<p>As show below, select the entry "Default Mount Parameters" under the menu "Settings":</p>
|
||||
<p><img src="Home_VeraCrypt_menu_Default_Mount_Parameters.png" alt="Menu Default Mount Parameters" width="241" height="254"></p>
|
||||
<p> </p>
|
||||
<p>The following dialog will be displayed:</p>
|
||||
<p><img src="Home_VeraCrypt_Default_Mount_Parameters.png" alt="Default Mount Parameters Dialog" width="267" height="144"></p>
|
||||
<p>Make your modifications and then click OK.</p>
|
||||
<p>The chosen values are then written to VeraCrypt main configuration file (Configuration.xml) making them persistent.</p>
|
||||
<p>All subsequent password request dialogs will use the default values chosen previously. For example, if in the Default Mount Parameters dialog you check TrueCrypt Mode and you select SHA-512 as a PRF, then subsequent password dialogs will look like:<br>
|
||||
<img src="Default Mount Parameters_VeraCrypt_password_using_default_parameters.png" alt="Mount Password Dialog using default values" width="499" height="205"></p>
|
||||
<p> </p>
|
||||
<p><strong>Note:</strong> The default mount parameters can be overridden by the <a href="Command%20Line%20Usage.html">Command Line</a> switches
|
||||
<strong>/tc</strong> and <strong>/hash</strong> which always take precedence.</p>
|
||||
<p> </p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
After Width: | Height: | Size: 21 KiB |
48
doc/html/Defragmenting.html
Normal file
@ -0,0 +1,48 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Defragmenting.html">Defragmenting</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Defragmenting</h1>
|
||||
<p>When you (or the operating system) defragment the file system in which a file-hosted VeraCrypt container is stored, a copy of the VeraCrypt container (or of its fragment) may remain in the free space on the host volume (in the defragmented file system).
|
||||
This may have various security implications. For example, if you change the volume password/keyfile(s) afterwards, and an adversary finds the old copy or fragment (the old header) of the VeraCrypt volume, he might use it to mount the volume using an old compromised
|
||||
password (and/or using compromised keyfiles that were necessary to mount the volume before the volume header was re-encrypted). To prevent this and other possible security issues (such as those mentioned in the section
|
||||
<a href="Volume%20Clones.html"><em>Volume Clones</em></a>), do one of the following:</p>
|
||||
<ul>
|
||||
<li>Use a partition/device-hosted VeraCrypt volume instead of file-hosted. </li><li><em>Securely</em> erase free space on the host volume (in the defragmented file system) after defragmenting. On Windows, this can be done using the Microsoft free utility
|
||||
<code>SDelete</code> (<a href="https://technet.microsoft.com/en-us/sysinternals/bb897443.aspx" rel="nofollow">https://technet.microsoft.com/en-us/sysinternals/bb897443.aspx</a>). On Linux, the
|
||||
<code>shred</code> utility from GNU coreutils package can be used for this purpose.
|
||||
</li><li>Do not defragment file systems in which you store VeraCrypt volumes. </li></ul>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
99
doc/html/Digital Signatures.html
Normal file
@ -0,0 +1,99 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Miscellaneous.html">Miscellaneous</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Digital%20Signatures.html">Digital Signatures</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Digital Signatures</h1>
|
||||
<h3>Why Verify Digital Signatures</h3>
|
||||
<p>It might happen that a VeraCrypt installation package you download from our server was created or modified by an attacker. For example, the attacker could exploit a vulnerability in the server software we use and alter the installation packages stored on
|
||||
the server, or he/she could alter any of the files en route to you.<br>
|
||||
<br>
|
||||
Therefore, you should always verify the integrity and authenticity of each VeraCrypt distribution package you download or otherwise obtain from any source. In other words, you should always make sure that the file was created by us and it was not altered by
|
||||
an attacker. One way to do so is to verify so-called digital signature(s) of the file.</p>
|
||||
<h3>Types of Digital Signatures We Use</h3>
|
||||
<p>We currently use two types of digital signatures:</p>
|
||||
<ul>
|
||||
<li><strong>PGP</strong> signatures (available for all binary and source code packages for all supported systems).
|
||||
</li><li><strong>X.509</strong> signatures (available for binary packages for Windows).
|
||||
</li></ul>
|
||||
<h3>Advantages of X.509 Signatures</h3>
|
||||
<p>X.509 signatures have the following advantages, in comparison to PGP signatures:</p>
|
||||
<ul>
|
||||
<li>It is much easier to verify that the key that signed the file is really ours (not attacker’s).
|
||||
</li><li>You do not have to download or install any extra software to verify an X.509 signature (see below).
|
||||
</li><li>You do not have to download and import our public key (it is embedded in the signed file).
|
||||
</li><li>You do not have to download any separate signature file (the signature is embedded in the signed file).
|
||||
</li></ul>
|
||||
<h3>Advantages of PGP Signatures</h3>
|
||||
<p>PGP signatures have the following advantages, in comparison to X.509 signatures:</p>
|
||||
<ul>
|
||||
<li>They do not depend on any certificate authority (which might be e.g. infiltrated or controlled by an adversary, or be untrustworthy for other reasons).
|
||||
</li></ul>
|
||||
<h3>How to Verify X.509 Signatures</h3>
|
||||
<p>Please note that X.509 signatures are currently available only for the VeraCrypt self-extracting installation packages for Windows. An X.509 digital signature is embedded in each of those files along with the digital certificate of the VeraCrypt Foundation
|
||||
issued by a public certification authority. To verify the integrity and authenticity of a self-extracting installation package for Windows, follow these steps:</p>
|
||||
<ol>
|
||||
<li>Download the VeraCrypt self-extracting installation package. </li><li>In the Windows Explorer, click the downloaded file (‘<em>VeraCrypt Setup.exe</em>’) with the right mouse button and select ‘<em>Properties</em>’ from the context menu.
|
||||
</li><li>In the <em>Properties</em> dialog window, select the ‘<em>Digital Signatures</em>’ tab.
|
||||
</li><li>On the ‘<em>Digital Signatures</em>’ tab, in the ‘<em>Signature list</em>’, double click the line saying "<em>IDRIX</em>" or
|
||||
<em>"IDRIX SARL"</em>. </li><li>The ‘<em>Digital Signature Details</em>’ dialog window should appear now. If you see the following sentence at the top of the dialog window, then the integrity and authenticity of the package have been successfully verified:<br>
|
||||
<br>
|
||||
"<em>This digital signature is OK.</em>"<br>
|
||||
<br>
|
||||
If you do not see the above sentence, the file is very likely corrupted. Note: On some obsolete versions of Windows, some of the necessary certificates are missing, which causes the signature verification to fail.
|
||||
</li></ol>
|
||||
<h3 id="VerifyPGPSignature">How to Verify PGP Signatures</h3>
|
||||
<p>To verify a PGP signature, follow these steps:</p>
|
||||
<ol>
|
||||
<li>Install any public-key encryption software that supports PGP signatures. For Windows, you can download
|
||||
<a href="http://www.gpg4win.org/" target="_blank">Gpg4win</a>. For more information, you can visit
|
||||
<a href="https://www.gnupg.org/">https://www.gnupg.org/</a>. </li><li>Create a private key (for information on how to do so, please see the documentation for the public-key encryption software).
|
||||
</li><li>Download our PGP public key from <strong>IDRIX</strong> website (<a href="https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc" target="_blank">https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc</a>) or from a trusted public key repository
|
||||
(ID=0x54DDD393), and import the downloaded key to your keyring (for information on how to do so, please see the documentation for the public-key encryption software). Please check that its fingerprint is
|
||||
<strong>993B7D7E8E413809828F0F29EB559C7C54DDD393</strong>. </li><li>Sign the imported key with your private key to mark it as trusted (for information on how to do so, please see the documentation for the public-key encryption software).<br>
|
||||
<br>
|
||||
Note: If you skip this step and attempt to verify any of our PGP signatures, you will receive an error message stating that the signing key is invalid.
|
||||
</li><li>Download the digital signature by downloading the <em>PGP Signature</em> of the file you want to verify (on the
|
||||
<a href="Downloads.html">Downloads page</a>).
|
||||
</li><li>Verify the downloaded signature (for information on how to do so, please see the documentation for the public-key encryption software).
|
||||
</li></ol>
|
||||
<p>Under Linux, these steps can be achieved using the following commands:</p>
|
||||
<ul>
|
||||
<li>Check that the fingerprint of the public key is <strong>993B7D7E8E413809828F0F29EB559C7C54DDD393</strong>:
|
||||
<strong>gpg --with-fingerprint VeraCrypt_PGP_public_key.asc</strong> </li><li>If the fingerprint is the expected one, import the public key: <strong>gpg --import VeraCrypt_PGP_public_key.asc</strong>
|
||||
</li><li>Verify the signature of the Linux setup archive (here for version 1.0e): <strong>
|
||||
gpg --verify veracrypt-1.0e-setup.tar.bz2.sig veracrypt-1.0e-setup.tar.bz2</strong>
|
||||
</li></ul>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
47
doc/html/Disclaimers.html
Normal file
@ -0,0 +1,47 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Disclaimers.html">Disclaimers</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h2>Disclaimer of Warranty</h2>
|
||||
<div align="justify" style="margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
THE CONTENT OF THIS WEBSITE (AND OF ANY ASSOCIATED WEBSITES/SERVERS) IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY. THE CONTENT OF THIS WEBSITE (AND OF ANY ASSOCIATED WEBSITES) MAY BE INACCURATE, INCORRECT, INVALID,
|
||||
UNTRUE, FALSE, INCOMPLETE AND/OR MISLEADING. THE ENTIRE RISK AS TO THE QUALITY, CORRECTNESS, ACCURACY, OR COMPLETENESS OF THE CONTENT OF THIS WEBSITE (AND OF ANY ASSOCIATED WEBSITES) IS WITH YOU. THE AUTHOR(S), OWNER(S), PUBLISHER(S), AND ADMINISTRATOR(S)
|
||||
OF THIS WEBSITE (AND ASSOCIATED WEBSITES/SERVERS), AND APPLICABLE INTELLECTUAL-PROPERTY OWNER(S) DISCLAIM ANY AND ALL WARRANTIES OF ANY KIND.</div>
|
||||
<h2>Disclaimer of Liability</h2>
|
||||
<div align="justify" style="margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
THE AUTHOR(S), OWNER(S), PUBLISHER(S), AND ADMINISTRATOR(S) OF THIS WEBSITE (AND ASSOCIATED WEBSITES/SERVERS), AND APPLICABLE INTELLECTUAL-PROPERTY OWNER(S) DISCLAIM ANY AND ALL LIABILITY AND IN NO EVENT WILL ANY OF THOSE PARTIES BE LIABLE TO YOU OR TO ANY
|
||||
OTHER PARTY FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, ANY DIRECT, INDIRECT, GENERAL, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, ANY LOSSES SUSTAINED BY YOU OR THIRD PARTIES, PROCUREMENT OF SUBSTITUTE
|
||||
SERVICES, OR BUSINESS INTERRUPTION), WHETHER IN CONTRACT, STRICT LIABILITY, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, ARISING OUT OF ANY USE OF THIS WEBSITE (OR ASSOCIATED WEBSITES/SERVERS) OR THE CONTENT THEREOF OR OF ANY THIRD-PARTY WEBSITE LINKED IN ANY
|
||||
WAY FROM THIS WEBSITE (OR FROM ASSOCIATED WEBSITES), EVEN IF SUCH DAMAGES (OR THE POSSIBILITY OF SUCH DAMAGES) ARE/WERE PREDICTABLE OR KNOWN TO ANY AUTHOR, OWNER, PUBLISHER, ADMINISTRATOR, OR ANY OTHER PARTY.</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
146
doc/html/Documentation.html
Normal file
@ -0,0 +1,146 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<p><em style="text-align:left">This documentation is not guaranteed to be error-free and is provided "as is" without warranty of any kind. For more information, see
|
||||
<a href="Disclaimers.html">Disclaimers</a>.</em></p>
|
||||
<ul>
|
||||
<li><a title="Preface" href="Preface.html"><strong>Preface</strong></a>
|
||||
</li><li><strong><a href="Introduction.html">Introduction</a></strong>
|
||||
</li><li><strong><a href="Beginner%27s%20Tutorial.html">Beginner's Tutorial</a></strong>
|
||||
</li><li><strong><strong><a href="VeraCrypt%20Volume.html">VeraCrypt Volume</a></strong></strong>
|
||||
<ul>
|
||||
<li><a href="Creating%20New%20Volumes.html">Creating a New VeraCrypt Volume</a>
|
||||
</li><li><a href="Favorite%20Volumes.html">Favorite Volumes</a>
|
||||
</li><li><a href="System%20Favorite%20Volumes.html">System Favorite Volumes</a>
|
||||
</li></ul>
|
||||
</li><li><strong><a href="System%20Encryption.html">System Encryption</a></strong>
|
||||
<ul>
|
||||
<li><a href="Hidden%20Operating%20System.html">Hidden Operating System</a>
|
||||
</li><li><a href="Supported%20Systems%20for%20System%20Encryption.html">Operating Systems Supported for System Encryption</a>
|
||||
</li><li><a href="VeraCrypt%20Rescue%20Disk.html">VeraCrypt Rescue Disk</a>
|
||||
</li></ul>
|
||||
</li><li><strong><a href="Plausible%20Deniability.html">Plausible Deniability</a></strong><br>
|
||||
<ul>
|
||||
<li><a href="Hidden%20Volume.html">Hidden Volume</a>
|
||||
<ul>
|
||||
<li><a href="Protection%20of%20Hidden%20Volumes.html">Protection of Hidden Volumes Against Damage</a>
|
||||
</li><li><a href="Security%20Requirements%20for%20Hidden%20Volumes.html">Security Requirements and Precautions Pertaining to Hidden Volumes</a>
|
||||
</li></ul>
|
||||
</li><li><a href="VeraCrypt%20Hidden%20Operating%20System.html">Hidden Operating System</a>
|
||||
</li></ul>
|
||||
</li><li><strong><a href="Main%20Program%20Window.html">Main Program Window</a></strong>
|
||||
<ul>
|
||||
<li><a href="Program%20Menu.html">Program Menu</a>
|
||||
</li><li><a href="Mounting%20VeraCrypt%20Volumes.html">Mounting Volumes</a>
|
||||
</li></ul>
|
||||
</li><li><strong><a href="Parallelization.html">Parallelization</a></strong>
|
||||
</li><li><strong><a href="Pipelining.html">Pipelining</a></strong>
|
||||
</li><li><strong><a href="Hardware%20Acceleration.html">Hardware acceleration</a></strong>
|
||||
</li><li><strong><a href="Hot%20Keys.html">Hot keys</a></strong>
|
||||
</li><li><strong><a href="Keyfiles%20in%20VeraCrypt.html">Keyfiles</a></strong>
|
||||
</li><li><strong><a href="Security%20Tokens%20%26%20Smart%20Cards.html">Security Tokens & Smart Cards</a></strong>
|
||||
</li><li><strong><a href="Portable%20Mode.html">Portable Mode</a></strong>
|
||||
</li><li><strong><a href="TrueCrypt%20Support.html">TrueCrypt Support</a></strong>
|
||||
</li><li><strong><a href="Converting%20TrueCrypt%20volumes%20and%20partitions.html">Converting TrueCrypt Volumes & Partitions</a></strong>
|
||||
</li><li><strong><a href="Default%20Mount%20Parameters.html">Default Mount Parameters</a></strong>
|
||||
</li><li><strong><a href="Language%20Packs.html">Language Packs</a></strong>
|
||||
</li><li><strong><a href="Encryption%20Algorithms.html">Encryption Algorithms</a></strong>
|
||||
<ul>
|
||||
<li><a href="AES.html">AES</a> </li><li><a href="Camellia.html">Camellia</a>
|
||||
</li><li><a href="Kuznyechik.html">Kuznyechik</a>
|
||||
</li><li><a href="Serpent.html">Serpent</a> </li><li><a href="Twofish.html">Twofish</a> </li><li><a href="Cascades.html">Cascades of ciphers</a>
|
||||
</li></ul>
|
||||
</li><li><strong><a href="Hash%20Algorithms.html">Hash Algorithms</a></strong>
|
||||
<ul>
|
||||
<li><a href="RIPEMD-160.html">RIPEMD-160</a>
|
||||
</li><li><a href="SHA-256.html">SHA-256</a> </li><li><a href="SHA-512.html">SHA-512</a> </li><li><a href="Whirlpool.html">Whirlpool</a>
|
||||
</li><li><a href="Streebog.html">Streebog</a></li></ul>
|
||||
</li><li><strong><a href="Supported%20Operating%20Systems.html">Supported Operating Systems</a></strong>
|
||||
</li><li><strong><a href="Command%20Line%20Usage.html">Command Line Usage</a></strong>
|
||||
</li><li><strong><a href="Security%20Model.html">Security Model</a></strong>
|
||||
</li><li><strong><a href="Security%20Requirements%20and%20Precautions.html">Security Requirements And Precautions<br>
|
||||
</a></strong>
|
||||
<ul>
|
||||
<li><a href="Data%20Leaks.html">Data Leaks</a>
|
||||
<ul>
|
||||
<li><a href="Paging%20File.html">Paging File</a>
|
||||
</li><li><a href="Memory%20Dump%20Files.html">Memory Dump Files</a>
|
||||
</li><li><a href="Hibernation%20File.html">Hibernation File</a>
|
||||
</li></ul>
|
||||
</li><li><a href="Unencrypted%20Data%20in%20RAM.html">Unencrypted Data in RAM</a>
|
||||
</li><li><a href="Physical%20Security.html">Physical Security</a>
|
||||
</li><li><a href="Malware.html">Malware</a> </li><li><a href="Multi-User%20Environment.html">Multi-User Environment</a>
|
||||
</li><li><a href="Authenticity%20and%20Integrity.html">Authenticity and Integrity</a>
|
||||
</li><li><a href="Choosing%20Passwords%20and%20Keyfiles.html">Choosing Passwords and Keyfiles</a>
|
||||
</li><li><a href="Changing%20Passwords%20and%20Keyfiles.html">Changing Passwords and Keyfiles</a>
|
||||
</li><li><a href="Trim%20Operation.html">Trim Operation</a>
|
||||
</li><li><a href="Wear-Leveling.html">Wear-Leveling</a>
|
||||
</li><li><a href="Reallocated%20Sectors.html">Reallocated Sectors</a>
|
||||
</li><li><a href="Defragmenting.html">Defragmenting</a>
|
||||
</li><li><a href="Journaling%20File%20Systems.html">Journaling File Systems</a>
|
||||
</li><li><a href="Volume%20Clones.html">Volume Clones</a>
|
||||
</li><li><a href="Additional%20Security%20Requirements%20and%20Precautions.html">Additional Security Requirements and Precautions</a>
|
||||
</li></ul>
|
||||
</li><li><strong><a href="How%20to%20Back%20Up%20Securely.html">How To Back Up Securely</a></strong>
|
||||
</li><li><strong><a href="Miscellaneous.html">Miscellaneous</a></strong>
|
||||
<ul>
|
||||
<li><a href="Using%20VeraCrypt%20Without%20Administrator%20Privileges.html">Using VeraCrypt Without Administrator Privileges</a>
|
||||
</li><li><a href="Sharing%20over%20Network.html">Sharing Over Network</a>
|
||||
</li><li><a href="VeraCrypt%20Background%20Task.html">VeraCrypt Background Task</a>
|
||||
</li><li><a href="Removable%20Medium%20Volume.html">Volume Mounted as Removable Medium</a>
|
||||
</li><li><a href="VeraCrypt%20System%20Files.html">VeraCrypt System Files & Application Data</a>
|
||||
</li><li><a href="Removing%20Encryption.html">How To Remove Encryption</a>
|
||||
</li><li><a href="Uninstalling%20VeraCrypt.html">Uninstalling VeraCrypt</a>
|
||||
</li><li><a href="Digital%20Signatures.html">Digital Signatures</a>
|
||||
</li></ul>
|
||||
</li><li><strong><a href="Troubleshooting.html">Troubleshooting</a></strong>
|
||||
</li><li><strong><a href="Incompatibilities.html">Incompatibilities</a></strong>
|
||||
</li><li><strong><a href="Issues%20and%20Limitations.html">Kown Issues and Limitations</a></strong>
|
||||
</li><li><strong><a href="FAQ.html">Frequently Asked Questions</a></strong>
|
||||
</li><li><strong><strong><a href="Technical%20Details.html">Technical Details</a></strong></strong>
|
||||
<ul>
|
||||
<li><a href="Notation.html">Notation</a>
|
||||
</li><li><a href="Encryption%20Scheme.html">Encryption Scheme</a>
|
||||
</li><li><a href="Modes%20of%20Operation.html">Modes of Operation</a>
|
||||
</li><li><a href="Header%20Key%20Derivation.html">Header Key Derivation, Salt, and Iteration Count</a>
|
||||
</li><li><a href="Random%20Number%20Generator.html">Random Number Generator</a>
|
||||
</li><li><a href="Keyfiles.html">Keyfiles</a>
|
||||
</li><li><a title="PIM" href="Personal%20Iterations%20Multiplier%20(PIM).html">PIM</a>
|
||||
</li><li><a href="VeraCrypt%20Volume%20Format%20Specification.html">VeraCrypt Volume Format Specification</a>
|
||||
</li><li><a href="Standard%20Compliance.html">Compliance with Standards and Specifications</a>
|
||||
</li><li><a href="Source%20Code.html">Source Code</a>
|
||||
</li></ul>
|
||||
</li><li><strong><a href="Contact.html">Contact</a></strong>
|
||||
</li><li><strong><a href="Legal%20Information.html">Legal Information</a></strong>
|
||||
</li><li><strong><a href="Release%20Notes.html">Version History</a></strong>
|
||||
</li><li><strong><a href="Acknowledgements.html">Acknowledgements</a></strong>
|
||||
</li><li><strong><a href="References.html">References</a></strong>
|
||||
</li></ul>
|
||||
</div>
|
||||
|
||||
</body></html>
|
210
doc/html/Encryption Algorithms.html
Normal file
@ -0,0 +1,210 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Encryption%20Algorithms.html">Encryption Algorithms</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Encryption Algorithms</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
VeraCrypt volumes can be encrypted using the following algorithms:</div>
|
||||
<table style="border-collapse:separate; border-spacing:0px; width:608px; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; border-width:0px 0px 1px 1px; border-style:solid; border-color:#ffffff #ffffff #000000 #000000">
|
||||
<tbody style="text-align:left">
|
||||
<tr style="text-align:left">
|
||||
<th style="width:151px; font-weight:normal; text-align:center; vertical-align:middle; color:#000000; border-width:1px 1px 1px 0px; border-style:solid solid solid none; padding:12px 0px; border-color:#000000 #000000 #000000 white">
|
||||
Algorithm</th>
|
||||
<th style="width:225px; font-weight:normal; text-align:center; vertical-align:middle; color:#000000; border-width:1px 1px 1px 0px; border-style:solid solid solid none; padding:12px 0px; border-color:#000000 #000000 #000000 white">
|
||||
Designer(s)</th>
|
||||
<th style="width:94px; font-weight:normal; text-align:center; vertical-align:middle; color:#000000; border-width:1px 1px 1px 0px; border-style:solid solid solid none; padding:12px 0px; border-color:#000000 #000000 #000000 white">
|
||||
Key Size<br>
|
||||
(Bits)</th>
|
||||
<th style="width:68px; font-weight:normal; text-align:center; vertical-align:middle; color:#000000; border-width:1px 1px 1px 0px; border-style:solid solid solid none; padding:12px 0px; border-color:#000000 #000000 #000000 white">
|
||||
Block Size (Bits)</th>
|
||||
<th style="width:68px; font-weight:normal; text-align:center; vertical-align:middle; color:#000000; border-width:1px 1px 1px 0px; border-style:solid solid solid none; padding:12px 0px; border-color:#000000 #000000 #000000 white">
|
||||
<a href="Modes%20of%20Operation.html" style="color:#0080c0; text-decoration:none.html">Mode of Operation</a></th>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<a href="AES.html" style="color:#0080c0; text-decoration:none.html">AES</a></td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
J. Daemen, V. Rijmen</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
256</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
128</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<a href="Modes%20of%20Operation.html" style="color:#0080c0; text-decoration:none.html">XTS</a></td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<a href="Camellia.html">Camellia</a></td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<p align="center" style="margin-left:0cm"><font face="Arial, serif"><font size="2" style="font-size:9pt">Mitsubishi Electric and NTT of Japan</font></font></p>
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
256</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
128</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
XTS</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<p align="center" style="margin-left:0cm"><a href="Kuznyechik.html">Kuznyechik</a></p>
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<p align="center" style="margin-left:0cm"><font face="Arial, serif"><font size="2" style="font-size:9pt">National Standard of the Russian Federation<br>
|
||||
GOST R 34.12-2015</font></font></p>
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
256</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
128</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
XTS</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<a href="Serpent.html" style="color:#0080c0; text-decoration:none.html">Serpent</a></td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
R. Anderson, E. Biham, L. Knudsen</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
256</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
128</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
XTS</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<a href="Twofish.html" style="color:#0080c0; text-decoration:none.html">Twofish</a></td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
B. Schneier, J. Kelsey, D. Whiting,<br>
|
||||
D. Wagner, C. Hall, N. Ferguson</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
256</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
128</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
XTS</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<a href="Cascades.html" style="color:#0080c0; text-decoration:none.html">AES-Twofish</a></td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
256; 256</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
128</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
XTS</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<a href="Cascades.html" style="color:#0080c0; text-decoration:none.html">AES-Twofish-Serpent</a></td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
256; 256; 256</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
128</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
XTS</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<a href="Cascades.html" style="color:#0080c0; text-decoration:none.html">Serpent-AES</a></td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
256; 256</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
128</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
XTS</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<a href="Cascades.html" style="color:#0080c0; text-decoration:none.html">Serpent-Twofish-AES</a></td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
256; 256; 256</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
128</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
XTS</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
<a href="Cascades.html" style="color:#0080c0; text-decoration:none.html">Twofish-Serpent</a></td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
256; 256</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
128</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
XTS</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
<td style="color:#000000; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; text-align:center; vertical-align:middle; border-width:0px 1px 0px 0px; border-style:none solid solid none; padding:5px; border-color:white #000000 #ffffff white">
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
For information about XTS mode, please see the section <a href="Modes%20of%20Operation.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Modes of Operation</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<a href="AES.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
89
doc/html/Encryption Scheme.html
Normal file
@ -0,0 +1,89 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Technical%20Details.html">Technical Details</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Encryption%20Scheme.html">Encryption Scheme</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Encryption Scheme</h1>
|
||||
<p>When mounting a VeraCrypt volume (assume there are no cached passwords/keyfiles) or when performing pre-boot authentication, the following steps are performed:</p>
|
||||
<ol>
|
||||
<li>The first 512 bytes of the volume (i.e., the standard volume header) are read into RAM, out of which the first 64 bytes are the salt (see
|
||||
<a href="VeraCrypt%20Volume%20Format%20Specification.html">
|
||||
<em>VeraCrypt Volume Format Specification</em></a>). For system encryption (see the chapter
|
||||
<a href="System%20Encryption.html"><em>System Encryption</em></a>), the last 512 bytes of the first logical drive track are read into RAM (the VeraCrypt Boot Loader is stored in the first track of the system drive and/or
|
||||
on the VeraCrypt Rescue Disk). </li><li>Bytes 65536–66047 of the volume are read into RAM (see the section <a href="VeraCrypt%20Volume%20Format%20Specification.html">
|
||||
<em>VeraCrypt Volume Format Specification</em></a>). For system encryption, bytes 65536–66047 of the first partition located behind the active partition* are read (see the section
|
||||
<a href="Hidden%20Operating%20System.html">
|
||||
Hidden Operating System</a>). If there is a hidden volume within this volume (or within the partition behind the boot partition), we have read its header at this point; otherwise, we have just read random data (whether or not there is a hidden volume within
|
||||
it has to be determined by attempting to decrypt this data; for more information see the section
|
||||
<a href="Hidden%20Volume.html"><em>Hidden Volume</em></a>).
|
||||
</li><li>Now VeraCrypt attempts to decrypt the standard volume header read in (1). All data used and generated in the course of the process of decryption are kept in RAM (VeraCrypt never saves them to disk). The following parameters are unknown† and have
|
||||
to be determined through the process of trial and error (i.e., by testing all possible combinations of the following):
|
||||
<ol type="a">
|
||||
<li>PRF used by the header key derivation function (as specified in PKCS #5 v2.0; see the section
|
||||
<a href="Header%20Key%20Derivation.html">
|
||||
<em>Header Key Derivation, Salt, and Iteration Count</em></a>), which can be one of the following:
|
||||
<p>HMAC-SHA-512, HMAC-SHA-256, HMAC-RIPEMD-160, HMAC-Whirlpool. If a PRF is explicitly specified by the user, it will be used directly without trying the other possibilities.</p>
|
||||
<p>A password entered by the user (to which one or more keyfiles may have been applied – see the section
|
||||
<a href="Keyfiles%20in%20VeraCrypt.html">
|
||||
<em>Keyfiles</em></a>), a PIM value (if specified) and the salt read in (1) are passed to the header key derivation function, which produces a sequence of values (see the section
|
||||
<a href="Header%20Key%20Derivation.html">
|
||||
<em>Header Key Derivation, Salt, and Iteration Count</em></a>) from which the header encryption key and secondary header key (XTS mode) are formed. (These keys are used to decrypt the volume header.)</p>
|
||||
</li><li>Encryption algorithm: AES-256, Serpent, Twofish, AES-Serpent, AES-Twofish- Serpent, etc.
|
||||
</li><li>Mode of operation: only XTS is supported </li><li>Key size(s) </li></ol>
|
||||
</li><li>Decryption is considered successful if the first 4 bytes of the decrypted data contain the ASCII string “VERA”, and if the CRC-32 checksum of the last 256 bytes of the decrypted data (volume header) matches the value located at byte #8 of the
|
||||
decrypted data (this value is unknown to an adversary because it is encrypted – see the section
|
||||
<a href="VeraCrypt%20Volume%20Format%20Specification.html">
|
||||
<em>VeraCrypt Volume Format Specification</em></a>). If these conditions are not met, the process continues from (3) again, but this time, instead of the data read in (1), the data read in (2) are used (i.e., possible hidden volume header). If the conditions
|
||||
are not met again, mounting is terminated (wrong password, corrupted volume, or not a VeraCrypt volume).
|
||||
</li><li>Now we know (or assume with very high probability) that we have the correct password, the correct encryption algorithm, mode, key size, and the correct header key derivation algorithm. If we successfully decrypted the data read in (2), we also know that
|
||||
we are mounting a hidden volume and its size is retrieved from data read in (2) decrypted in (3).
|
||||
</li><li>The encryption routine is reinitialized with the primary master key** and the secondary master key (XTS mode – see the section
|
||||
<a href="Modes%20of%20Operation.html"><em>Modes of Operation</em></a>), which are retrieved from the decrypted volume header (see the section
|
||||
<a href="VeraCrypt%20Volume%20Format%20Specification.html">
|
||||
<em>VeraCrypt Volume Format Specification</em></a>). These keys can be used to decrypt any sector of the volume, except the volume header area (or the key data area, for system encryption), which has been encrypted using the header keys. The volume is mounted.
|
||||
</li></ol>
|
||||
<p>See also section <a href="Modes%20of%20Operation.html">
|
||||
<em>Modes of Operation</em></a> and section <a href="Header%20Key%20Derivation.html">
|
||||
<em>Header Key Derivation, Salt, and Iteration Count</em></a> and also the chapter
|
||||
<a href="Security%20Model.html"><em>Security Model</em></a>.</p>
|
||||
<p>* If the size of the active partition is less than 256 MB, then the data is read from the
|
||||
<em>second</em> partition behind the active one (Windows 7 and later, by default, do not boot from the partition on which they are installed).</p>
|
||||
<p>† These parameters are kept secret <em>not</em> in order to increase the complexity of an attack, but primarily to make VeraCrypt volumes unidentifiable (indistinguishable from random data), which would be difficult to achieve if these parameters
|
||||
were stored unencrypted within the volume header. Also note that if a non-cascaded encryption algorithm is used for system encryption, the algorithm
|
||||
<em>is</em> known (it can be determined by analyzing the contents of the unencrypted VeraCrypt Boot Loader stored in the first logical drive track or on the VeraCrypt Rescue Disk).</p>
|
||||
<p>** The master keys were generated during the volume creation and cannot be changed later. Volume password change is accomplished by re-encrypting the volume header using a new header key (derived from a new password).</p>
|
||||
<p> </p>
|
||||
<p><a href="Modes%20of%20Operation.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
734
doc/html/FAQ.html
Normal file
@ -0,0 +1,734 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="FAQ.html">Frequently Asked Questions</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Frequently Asked Questions</h1>
|
||||
<div style="text-align:left; margin-bottom:19px; padding-top:0px; padding-bottom:0px; margin-top:0px">
|
||||
Last Updated December 23th, 2015</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<em style="text-align:left">This document is not guaranteed to be error-free and is provided "as is" without warranty of any kind. For more information, see
|
||||
<a href="Disclaimers.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Disclaimers</a>.</em></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left">Can TrueCrypt and VeraCrypt be running on the same machine?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. There are generally no conflicts between TrueCrypt and VeraCrypt, thus they can be installed and used on the same machine. On Windows however, if they are both used to mount the same volume, two drives may appear when mounting it. This can be solved by
|
||||
running the following command in an elevated command prompt (using Run as an administrator) before mounting any volume:
|
||||
<strong>mountvol.exe /r</strong>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left">Can I use my TrueCrypt volumes in VeraCrypt?</strong></div>
|
||||
Yes. Starting from version 1.0f, VeraCrypt supports mounting TrueCrypt volumes.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left">Can I convert my TrueCrypt volumes to VeraCrypt format?</strong></div>
|
||||
Yes. Starting from version 1.0f, VeraCrypt offers the possibility to convert TrueCrypt containers and non-system partitions to VeraCrypt format. This can achieved using the "Change Volume Password" or "Set Header Key Derivation Algorithm" actions. Just check
|
||||
the "TrueCrypt Mode", enter you TrueCrypt password and perform the operation. After that, you volume will have the VeraCrypt format.<br>
|
||||
Before doing the conversion, it is advised to backup the volume header using TrueCrypt. You can delete this backup safely once the conversion is done and after checking that the converted volume is mounted properly by VeraCrypt.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left">What's the difference between TrueCrypt and VeraCrypt?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.<br>
|
||||
It also solves many vulnerabilities and security issues found in TrueCrypt.<br>
|
||||
As an example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use
|
||||
<span style="text-decoration:underline">327661</span>. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses
|
||||
<span style="text-decoration:underline">655331 </span>for RIPEMD160 and <span style="text-decoration:underline">
|
||||
500000 </span>iterations for SHA-2 and Whirlpool.<br>
|
||||
This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much harder for an attacker to gain access to the encrypted
|
||||
data.</div>
|
||||
</div>
|
||||
<br id="PasswordLost" style="text-align:left">
|
||||
<strong style="text-align:left">I forgot my password – is there any way ('backdoor') to recover the files from my VeraCrypt volume?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
We have not implemented any 'backdoor' in VeraCrypt (and will never implement any even if asked to do so by a government agency), because it would defeat the purpose of the software. VeraCrypt does not allow decryption of data without knowing the correct password
|
||||
or key. We cannot recover your data because we do not know and cannot determine the password you chose or the key you generated using VeraCrypt. The only way to recover your files is to try to "crack" the password or the key, but it could take thousands or
|
||||
millions of years (depending on the length and quality of the password or keyfiles, on the software/hardware performance, algorithms, and other factors). Back in 2010, there was news about the
|
||||
<a href="http://www.webcitation.org/query?url=g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html" target="_blank">
|
||||
FBI failing to decrypt a TrueCrypt volume after a year of trying</a>. While we can't verify if this is true or just a "psy-op" stunt, in VeraCrypt we have increased the security of the key derivation to a level where any brute-force of the password is virtually
|
||||
impossible, provided that all security requirements are respected.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Is there a "Quick Start Guide" or some tutorial for beginners?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. The first chapter, <strong style="text-align:left"><a href="Beginner%27s%20Tutorial.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">Beginner's Tutorial</a></strong>, in the VeraCrypt
|
||||
User Guide contains screenshots and step-by-step instructions on how to create, mount, and use a VeraCrypt volume.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I encrypt a partition/drive where Windows is installed?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, see the chapter <a href="System%20Encryption.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
System Encryption</a> in the VeraCrypt User Guide.</div>
|
||||
<div id="BootingHang" style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong>The system encryption Pre Test fails because the bootloader hangs with the messaging "booting" after successfully verifying the password. How to make the Pre Test succeed?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
There two known workarounds for this issue (Both require having a Windows Installation disk):</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<ol>
|
||||
<li>Boot your machine using a Windows Installation disk and select to repair your computer. Choose "Command Prompt" option and when it opens, type the commands below and then restart your system:
|
||||
<ul>
|
||||
<li>BootRec /fixmbr </li><li>BootRec /FixBoot </li></ul>
|
||||
</li><li>Delete the 100 MB System Reserved partition located at the beginning of your drive and set the system partition next to it as the active partition (both can be done using diskpart utility available in Windows Installation disk repair option). After that,
|
||||
run Startup Repair after rebooting on Windows Installation disk. The following link contains detailed instructions:
|
||||
<a href="https://www.sevenforums.com/tutorials/71363-system-reserved-partition-delete.html" target="_blank">
|
||||
https://www.sevenforums.com/tutorials/71363-system-reserved-partition-delete.html</a>
|
||||
</li></ol>
|
||||
</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<div id="PreTestFail" style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong>The system encryption Pre Test fails even though the password was correctly entered in the bootloader. How to make the Pre Test succeed?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
This can be caused by the TrueCrypt driver that clears BIOS memory before VeraCrypt is able to read it. In this case, uninstalling TrueCrypt solves the issue.<br>
|
||||
This can also be caused by some hardware drivers and other software that access BIOS memory. There is no generic solution for this and affected users should identify such software and remove it from the system.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I directly play a video (.avi, .mpg, etc.) stored on a VeraCrypt volume?</strong></div>
|
||||
</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, VeraCrypt-encrypted volumes are like normal disks. You provide the correct password (and/or keyfile) and mount (open) the VeraCrypt volume. When you double click the icon of the video file, the operating system launches the application associated with
|
||||
the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, VeraCrypt is automatically
|
||||
decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the VeraCrypt-encrypted volume to
|
||||
RAM (memory) and the process repeats.<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
The same goes for video recording: Before a chunk of a video file is written to a VeraCrypt volume, VeraCrypt encrypts it in RAM and then writes it to the disk. This process is called on-the-fly encryption/decryption and it works for all file types (not only
|
||||
for video files).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Will VeraCrypt be open-source and free forever?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, it will. We will never create a commercial version of VeraCrypt, as we believe in open-source and free security software.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Is it possible to donate to the VeraCrypt project?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. You can use the donation buttons at <a href="https://www.veracrypt.fr/en/Donation.html" target="_blank">
|
||||
https://www.veracrypt.fr/en/donation/</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Why is VeraCrypt open-source? What are the advantages?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
As the source code for VeraCrypt is publicly available, independent researchers can verify that the source code does not contain any security flaw or secret 'backdoor'. If the source code were not available, reviewers would need to reverse-engineer the executable
|
||||
files. However, analyzing and understanding such reverse-engineered code is so difficult that it is practically
|
||||
<em style="text-align:left">impossible</em> to do (especially when the code is as large as the VeraCrypt code).<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Remark: A similar problem also affects cryptographic hardware (for example, a self-encrypting storage device). It is very difficult to reverse-engineer it to verify that it does not contain any security flaw or secret 'backdoor'.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">VeraCrypt is open-source, but has anybody actually reviewed the source code?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. An <a href="http://blog.quarkslab.com/security-assessment-of-veracrypt-fixes-and-evolutions-from-truecrypt.html" target="_blank">
|
||||
audit</a> has been performed by <a href="https://quarkslab.com/" target="_blank">
|
||||
Quarkslab</a>. The technical report can be downloaded from <a href="http://blog.quarkslab.com/resources/2016-10-17-audit-veracrypt/16-08-215-REP-VeraCrypt-sec-assessment.pdf">here</a>. VeraCrypt 1.19 addressed the issues found by this audit.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">As VeraCrypt is open-source software, independent researchers can verify that the source code does not contain any security flaw or secret 'backdoor'. Can they also verify that the official executable files were built from the
|
||||
published source code and contain no additional code?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, they can. In addition to reviewing the source code, independent researchers can compile the source code and compare the resulting executable files with the official ones. They may find some differences (for example, timestamps or embedded digital signatures)
|
||||
but they can analyze the differences and verify that they do not form malicious code.</div>
|
||||
<div id="UsbFlashDrive" style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">How can I use VeraCrypt on a USB flash drive? </strong>
|
||||
</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
You have three options:</div>
|
||||
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Encrypt the entire USB flash drive. However, you will not be able run VeraCrypt from the USB flash drive.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Create two or more partitions on your USB flash drive. Leave the first partition non encrypted and encrypt the other partition(s). You can store VeraCrypt on the first partition in order to run it directly from the USB flash drive.<br style="text-align:left">
|
||||
Note: Windows can only access the primary partition of a USB flash drive, nevertheless the extra partitions remain accessible through VeraCrypt.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Create a VeraCrypt file container on the USB flash drive (for information on how to do so, see the chapter
|
||||
<strong style="text-align:left"><a href="Beginner%27s%20Tutorial.html" style="text-align:left; color:#0080c0; text-decoration:none.html">Beginner's Tutorial</a></strong>, in the
|
||||
<a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
VeraCrypt User Guide</a>). If you leave enough space on the USB flash drive (choose an appropriate size for the VeraCrypt container), you will also be able to store VeraCrypt on the USB flash drive (along with the container – not
|
||||
<em style="text-align:left">in</em> the container) and you will be able to run VeraCrypt from the USB flash drive (see also the chapter
|
||||
<a href="Portable%20Mode.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Portable Mode</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
VeraCrypt User Guide</a>). </li></ol>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Does VeraCrypt also encrypt file names and folder names?
|
||||
</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. The entire file system within a VeraCrypt volume is encrypted (including file names, folder names, and contents of every file). This applies to both types of VeraCrypt volumes – i.e., to file containers (virtual VeraCrypt disks) and to VeraCrypt-encrypted
|
||||
partitions/devices.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Does VeraCrypt use parallelization?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. Increase in encryption/decryption speed is directly proportional to the number of cores/processors your computer has. For more information, please see the chapter
|
||||
<a href="Parallelization.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Parallelization</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can data be read from and written to an encrypted volume/drive as fast as if the drive was not encrypted?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, since VeraCrypt uses pipelining and parallelization. For more information, please see the chapters
|
||||
<a href="Pipelining.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Pipelining</a> and <a href="Parallelization.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Parallelization</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Does VeraCrypt support hardware-accelerated encryption?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. For more information, please see the chapter <a href="Hardware%20Acceleration.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Hardware Acceleration</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Is it possible to boot Windows installed in a hidden VeraCrypt volume?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, it is. For more information, please see the section <a href="Hidden%20Operating%20System.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Hidden Operating System</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Will I be able to mount my VeraCrypt volume (container) on any computer?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, <a href="VeraCrypt%20Volume.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
VeraCrypt volumes</a> are independent of the operating system. You will be able to mount your VeraCrypt volume on any computer on which you can run VeraCrypt (see also the question '<em style="text-align:left">Can I use VeraCrypt on Windows if I do not have
|
||||
administrator privileges?</em>').</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I unplug or turn off a hot-plug device (for example, a USB flash drive or USB hard drive) when there is a mounted VeraCrypt volume on it?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Before you unplug or turn off the device, you should always dismount the VeraCrypt volume in VeraCrypt first, and then perform the '<em style="text-align:left">Eject</em>' operation if available (right-click the device in the '<em style="text-align:left">Computer</em>'
|
||||
or '<em style="text-align:left">My Computer</em>' list), or use the '<em style="text-align:left">Safely Remove Hardware</em>' function (built in Windows, accessible via the taskbar notification area). Otherwise, data loss may occur.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">What is a hidden operating system?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
See the section <a href="Hidden%20Operating%20System.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Hidden Operating System</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">What is plausible deniability?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
See the chapter <a href="Plausible%20Deniability.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Plausible Deniability</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div id="SystemReinstallUpgrade" style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Will I be able to mount my VeraCrypt partition/container after I reinstall or upgrade the operating system?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, <a href="VeraCrypt%20Volume.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
VeraCrypt volumes</a> are independent of the operating system. However, you need to make sure your operating system installer does not format the partition where your VeraCrypt volume resides.<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Note: If the system partition/drive is encrypted and you want to reinstall or upgrade Windows, you need to decrypt it first (select
|
||||
<em style="text-align:left">System</em> > <em style="text-align:left">Permanently Decrypt System Partition/Drive</em>). However, a running operating system can be
|
||||
<em style="text-align:left">updated</em> (security patches, service packs, etc.) without any problems even when the system partition/drive is encrypted.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I upgrade from an older version of VeraCrypt to the latest version without any problems?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Generally, yes. However, before upgrading, please read the <a href="Release%20Notes.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
release notes</a> for all versions of VeraCrypt that have been released since your version was released. If there are any known issues or incompatibilities related to upgrading from your version to a newer one, they will be listed in the
|
||||
<a href="Release%20Notes.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
release notes</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I upgrade VeraCrypt if the system partition/drive is encrypted or do I have to decrypt it first?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Generally, you can upgrade to the latest version without decrypting the system partition/drive (just run the VeraCrypt installer and it will automatically upgrade VeraCrypt on the system). However, before upgrading, please read the
|
||||
<a href="Release%20Notes.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
release notes</a> for all versions of VeraCrypt that have been released since your version was released. If there are any known issues or incompatibilities related to upgrading from your version to a newer one, they will be listed in the
|
||||
<a href="Release%20Notes.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
release notes</a>. Note that this FAQ answer is also valid for users of a <a href="Hidden%20Operating%20System.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
hidden operating system</a>. Also note that you cannot <em style="text-align:left">
|
||||
down</em>grade VeraCrypt if the system partition/drive is encrypted.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">I use pre-boot authentication. Can I prevent a person (adversary) that is watching me start my computer from knowing that I use VeraCrypt?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. To do so, boot the encrypted system, start VeraCrypt, select <em style="text-align:left">
|
||||
Settings</em> > <em style="text-align:left">System Encryption</em>, enable the option '<em style="text-align:left">Do not show any texts in the pre-boot authentication screen</em>' and click
|
||||
<em style="text-align:left">OK</em>. Then, when you start the computer, no texts will be displayed by the VeraCrypt boot loader (not even when you enter the wrong password). The computer will appear to be "frozen" while you can type your password. It is, however,
|
||||
important to note that if the adversary can analyze the content of the hard drive, he can still find out that it contains the VeraCrypt boot loader.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">I use pre-boot authentication. Can I configure the VeraCrypt Boot Loader to display only a fake error message?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. To do so, boot the encrypted system, start VeraCrypt, select <em style="text-align:left">
|
||||
Settings</em> > <em style="text-align:left">System Encryption</em>, enable the option '<em style="text-align:left">Do not show any texts in the pre-boot authentication screen</em>' and enter the fake error message in the corresponding field (for example,
|
||||
the "<em style="text-align:left">Missing operating system</em>" message, which is normally displayed by the Windows boot loader if it finds no Windows boot partition). It is, however, important to note that if the adversary can analyze the content of the hard
|
||||
drive, he can still find out that it contains the VeraCrypt boot loader.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I configure VeraCrypt to mount automatically whenever Windows starts a non-system VeraCrypt volume that uses the same password as my system partition/drive (i.e. my pre-boot authentication password)?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. To do so, follow these steps:</div>
|
||||
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Mount the volume (to the drive letter to which you want it to be mounted every time).
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Right-click the mounted volume in the drive list in the main VeraCrypt window and select '<em style="text-align:left">Add to System Favorites</em>'.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
The System Favorites Organizer window should appear now. In this window, enable the option '<em style="text-align:left">Mount system favorite volumes when Windows starts</em>' and click
|
||||
<em style="text-align:left">OK</em>. </li></ol>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
For more information, see the chapter <a href="System%20Favorite%20Volumes.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
System Favorite Volumes</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can a volume be automatically mounted whenever I log on to Windows?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. To do so, follow these steps:</div>
|
||||
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Mount the volume (to the drive letter to which you want it to be mounted every time).
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Right-click the mounted volume in the drive list in the main VeraCrypt window and select '<em style="text-align:left">Add to Favorites</em>'.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
The <a href="Favorite%20Volumes.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Favorites</a> Organizer window should appear now. In this window, enable the option '<em style="text-align:left">Mount selected volume upon logon</em>' and click
|
||||
<em style="text-align:left">OK</em>. </li></ol>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Then, when you log on to Windows, you will be asked for the volume password (and/or keyfiles) and if it is correct, the volume will be mounted.<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Alternatively, if the volumes are partition/device-hosted and if you do not need to mount them to particular drive letters every time, you can follow these steps:</div>
|
||||
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Select <em style="text-align:left">Settings</em> > <em style="text-align:left">
|
||||
Preferences. </em>The <em style="text-align:left">Preferences</em> window should appear now.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
In the section '<em style="text-align:left">Actions to perform upon logon to Windows</em>', enable the option '<em style="text-align:left">Mount all devices-hosted VeraCrypt volumes</em>' and click
|
||||
<em style="text-align:left">OK</em>. </li></ol>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Note: VeraCrypt will not prompt you for a password if you have enabled caching of the
|
||||
<a href="System%20Encryption.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
pre-boot authentication</a> password (<em style="text-align:left">Settings</em> > '<em style="text-align:left">System Encryption</em>') and the volumes use the same password as the system partition/drive.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can a volume be automatically mounted whenever its host device gets connected to the computer?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. For example, if you have a VeraCrypt container on a USB flash drive and you want VeraCrypt to mount it automatically when you insert the USB flash drive into the USB port, follow these steps:</div>
|
||||
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Mount the volume (to the drive letter to which you want it to be mounted every time).
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Right-click the mounted volume in the drive list in the main VeraCrypt window and select '<em style="text-align:left">Add to Favorites</em>'.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
The <a href="Favorite%20Volumes.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Favorites</a> Organizer window should appear now. In this window, enable the option '<em style="text-align:left">Mount selected volume when its host device gets connected</em>' and click
|
||||
<em style="text-align:left">OK</em>. </li></ol>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Then, when you insert the USB flash drive into the USB port, you will be asked for the volume password (and/or keyfiles) (unless it is cached) and if it is correct, the volume will be mounted.<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Note: VeraCrypt will not prompt you for a password if you have enabled caching of the
|
||||
<a href="System%20Encryption.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
pre-boot authentication</a> password (<em style="text-align:left">Settings</em> > '<em style="text-align:left">System Encryption</em>') and the volume uses the same password as the system partition/drive.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can my pre-boot authentication password be cached so that I can use it mount non-system volumes during the session?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. Select <em style="text-align:left">Settings</em> > '<em style="text-align:left">System Encryption</em>' and enable the following option: '<em style="text-align:left">Cache pre-boot authentication password in driver memory</em>'.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<a name="notraces" style="text-align:left; color:#0080c0; text-decoration:none"></a><br style="text-align:left">
|
||||
<strong style="text-align:left">I live in a country that violates basic human rights of its people. Is it possible to use VeraCrypt without leaving any 'traces' on unencrypted Windows?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. This can be achieved by running VeraCrypt in <a href="Portable%20Mode.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
portable mode</a> under <a href="http://www.nu2.nu/pebuilder/" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
BartPE</a> or in a similar environment. BartPE stands for "Bart's Preinstalled Environment", which is essentially the Windows operating system prepared in a way that it can be entirely stored on and booted from a CD/DVD (registry, temporary files, etc., are
|
||||
stored in RAM – hard drive is not used at all and does not even have to be present). The freeware
|
||||
<a href="http://www.nu2.nu/pebuilder/" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
Bart's PE Builder</a> can transform a Windows XP installation CD into a BartPE CD. Note that you do not even need any special VeraCrypt plug-in for BartPE. Follow these steps:</div>
|
||||
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Create a BartPE CD and boot it. (Note: You must perform each of the following steps from within BartPE.)
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Download the VeraCrypt self-extracting package to the RAM disk (which BartPE automatically creates).
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Note</strong>: If the adversary can intercept data you send or receive over the Internet and you need to prevent the adversary from knowing you downloaded VeraCrypt, consider downloading it via
|
||||
<a href="https://geti2p.net/en/" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
<strong style="text-align:left">I2P</strong></a>, <a href="http://www.torproject.org/" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
<strong style="text-align:left">Tor</strong></a>, or a similar anonymizing network.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Verify the digital signatures of the downloaded file (see <a href="Digital%20Signatures.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
this</a> section of the documentation for more information). </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Run the downloaded file, and select <em style="text-align:left">Extract</em> (instead of
|
||||
<em style="text-align:left">Install</em>) on the second page of the VeraCrypt Setup wizard. Extract the contents to the RAM disk.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Run the file <em style="text-align:left">VeraCrypt.exe</em> from the RAM disk. </li></ol>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Note: You may also want to consider creating a hidden operating system (see the section
|
||||
<a href="Hidden%20Operating%20System.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Hidden Operating System</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>). See also the chapter <a href="Plausible%20Deniability.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Plausible Deniability</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I encrypt my system partition/drive if I don't have a US keyboard?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, VeraCrypt supports all keyboard layouts. Because of BIOS requirement, the pre-boot password is typed using
|
||||
<strong>US keyboard layout. </strong>During the system encryption process, VeraCrypt automatically and transparently switches the keyboard to US layout in order to ensure that the password value typed will match the one typed in pre-boot mode. Thus, in order
|
||||
to avoid wrong password errors, one must type the password using the same keys as when creating the system encryption.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I save data to the decoy system partition without risking damage to the hidden system partition?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. You can write data to the decoy system partition anytime without any risk that the hidden volume will get damaged (because the decoy system is
|
||||
<em style="text-align:left">not</em> installed within the same partition as the hidden system). For more information, see the section
|
||||
<a href="Hidden%20Operating%20System.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Hidden Operating System</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I use VeraCrypt on Windows if I do not have administrator privileges?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
See the chapter '<a href="Using%20VeraCrypt%20Without%20Administrator%20Privileges.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">Using VeraCrypt Without Administrator Privileges</a>'
|
||||
in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Does VeraCrypt save my password to a disk?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
No.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">How does VeraCrypt verify that the correct password was entered?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
See the section <a href="Encryption%20Scheme.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Encryption Scheme</a> (chapter <a href="Technical%20Details.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Technical Details</a>) in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div id="encrypt-in-place" style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I encrypt a partition/drive without losing the data currently stored on it?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, but the following conditions must be met:</div>
|
||||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
If you want to encrypt an entire system drive (which may contain multiple partitions) or a system partition (in other words, if you want to encrypt a drive or partition where Windows is installed), you can do so provided that you use Windows XP or a later version
|
||||
of Windows (such as Windows 7) <span style="text-align:left; font-size:10px; line-height:12px">
|
||||
(select '<em style="text-align:left">System</em>' > '<em style="text-align:left">Encrypt System Partition/Drive</em>' and then follow the instructions in the wizard)</span>.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
If you want to encrypt a non-system partition in place, you can do so provided that it contains an NTFS filesystem and that you use Windows Vista or a later version of Windows (for example, Windows 7)
|
||||
<span style="text-align:left; font-size:10px; line-height:12px">(click '<em style="text-align:left">Create Volume</em>' > '<em style="text-align:left">Encrypt a non-system partition</em>' > '<em style="text-align:left">Standard volume</em>' > '<em style="text-align:left">Select
|
||||
Device</em>' > '<em style="text-align:left">Encrypt partition in place</em>' and then follow the instructions in the wizard)</span>.
|
||||
</li></ul>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I run VeraCrypt if I don't install it?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, see the chapter <a href="Portable%20Mode.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Portable Mode</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
VeraCrypt User Guide</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<a name="tpm" style="text-align:left; color:#0080c0; text-decoration:none"></a><br style="text-align:left">
|
||||
<strong style="text-align:left">Some encryption programs use TPM to prevent attacks. Will VeraCrypt use it too?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
No. Those programs use TPM to protect against attacks that <em style="text-align:left">
|
||||
require</em> the attacker to have administrator privileges, or physical access to the computer, and the attacker needs you to use the computer after such an access.
|
||||
<em style="text-align:left">However, if any of these conditions is met, it is actually impossible to secure the computer</em> (see below) and, therefore, you must stop using it (instead of relying on TPM).
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
If the attacker has administrator privileges, he can, for example, reset the TPM, capture the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over
|
||||
the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer).
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
If the attacker can physically access the computer hardware (and you use it after such an access), he can, for example, attach a malicious component to it (such as a hardware keystroke logger) that will capture the password, the content of RAM (containing master
|
||||
keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical
|
||||
access to the computer again). <br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
The only thing that TPM is almost guaranteed to provide is a false sense of security (even the name itself, "Trusted Platform Module", is misleading and creates a false sense of security). As for real security, TPM is actually redundant (and implementing redundant
|
||||
features is usually a way to create so-called bloatware). <br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
For more information, please see the sections <a title="Physical%20Security"" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
Physical Security</a> and <a href="Malware.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Malware</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Do I have to dismount VeraCrypt volumes before shutting down or restarting Windows?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
No. VeraCrypt automatically dismounts all mounted VeraCrypt volumes on system shutdown/restart.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Which type of VeraCrypt volume is better – partition or file container?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<a href="VeraCrypt%20Volume.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">File containers</a> are normal files so you can work with them as with any normal files (file containers
|
||||
can be, for example, moved, renamed, and deleted the same way as normal files). <a href="VeraCrypt%20Volume.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Partitions/drives</a> may be better as regards performance. Note that reading and writing to/from a file container may take significantly longer when the container is heavily fragmented. To solve this problem, defragment the file system in which the container
|
||||
is stored (when the VeraCrypt volume is dismounted).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">What's the recommended way to back up a VeraCrypt volume?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
See the chapter <a href="How%20to%20Back%20Up%20Securely.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
How to Back Up Securely</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">What will happen if I format a VeraCrypt partition?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
See the question '<em style="text-align:left"><a href="#changing-filesystem" style="text-align:left; color:#0080c0; text-decoration:none">Is it possible to change the file system of an encrypted volume?</a></em>'</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left"><a name="changing-filesystem" style="text-align:left; color:#0080c0; text-decoration:none"></a>Is it possible to change the file system of an encrypted volume?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, when mounted, VeraCrypt volumes can be formatted as FAT12, FAT16, FAT32, NTFS, or any other file system. VeraCrypt volumes behave as standard disk devices so you can right-click the device icon (for example in the '<em style="text-align:left">Computer</em>'
|
||||
or '<em style="text-align:left">My Computer</em>' list) and select '<em style="text-align:left">Format</em>'. The actual volume contents will be lost. However, the whole volume will remain encrypted. If you format a VeraCrypt-encrypted partition when the VeraCrypt
|
||||
volume that the partition hosts is not mounted, then the volume will be destroyed, and the partition will not be encrypted anymore (it will be empty).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Is it possible to mount a VeraCrypt container that is stored on a CD or DVD?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. However, if you need to mount a VeraCrypt volume that is stored on a read-only medium (such as a CD or DVD) under Windows 2000, the file system within the VeraCrypt volume must be FAT (Windows 2000 cannot mount an NTFS file system on read-only media).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Is it possible to change the password for a hidden volume?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, the password change dialog works both for standard and <a href="Hidden%20Volume.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
hidden volumes</a>. Just type the password for the hidden volume in the 'Current Password' field of the 'Volume Password Change' dialog.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px; font-size:10px; line-height:12px">
|
||||
Remark: VeraCrypt first attempts to decrypt the standard <a href="VeraCrypt%20Volume%20Format%20Specification.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
volume header</a> and if it fails, it attempts to decrypt the area within the volume where the hidden volume header may be stored (if there is a hidden volume within). In case it is successful, the password change applies to the hidden volume. (Both attempts
|
||||
use the password typed in the 'Current Password' field.)</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">When I use HMAC-RIPEMD-160, is the size of the header encryption key only 160 bits?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
No, VeraCrypt never uses an output of a hash function (nor of a HMAC algorithm) directly as an encryption key. See the section
|
||||
<a href="Header%20Key%20Derivation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Header Key Derivation, Salt, and Iteration Count</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a> for more information.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">How do I burn a VeraCrypt container larger than 2 GB onto a DVD?</strong><br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
The DVD burning software you use should allow you to select the format of the DVD. If it does, select the UDF format (ISO format does not support files larger than 2 GB).</div>
|
||||
<div id="disk_defragmenter" style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I use tools like <em style="text-align:left">
|
||||
chkdsk</em>, Disk Defragmenter, etc. on the contents of a mounted VeraCrypt volume?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, VeraCrypt volumes behave like real physical disk devices, so it is possible to use any filesystem checking/repairing/defragmenting tools on the contents of a mounted VeraCrypt volume.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Does VeraCrypt support 64-bit versions of Windows?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, it does. <span style="text-align:left; font-size:10px; line-height:12px">Note: 64-bit versions of Windows load only drivers that are digitally signed with a digital certificate issued by a certification authority approved for issuing kernel-mode code signing
|
||||
certificates. VeraCrypt complies with this requirement (the VeraCrypt driver is <a href="Digital%20Signatures.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
digitally signed</a> with the digital certificate of IDRIX, which was issued by the certification authority Thawte).</span></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can I mount my VeraCrypt volume under Windows, Mac OS X, and Linux?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, VeraCrypt volumes are fully cross-platform.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left">How can I uninstall VeraCrypt on Linux?</strong>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
To uninstall VeraCrypt on Linux, run the following command in Terminal as root: <strong>
|
||||
veracrypt-uninstall.sh</strong>. On Ubuntu, you can use "<strong>sudo veracrypt-uninstall.sh</strong>".</div>
|
||||
</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Is there a list of all operating systems that VeraCrypt supports?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, see the chapter <a href="Supported%20Operating%20Systems.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Supported Operating Systems</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
VeraCrypt User Guide</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Is it possible to install an application to a VeraCrypt volume and run it from there?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">What will happen when a part of a VeraCrypt volume becomes corrupted?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
In encrypted data, one corrupted bit usually corrupts the whole ciphertext block in which it occurred. The ciphertext block size used by VeraCrypt is 16 bytes (i.e., 128 bits). The
|
||||
<a href="Modes%20of%20Operation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
mode of operation</a> used by VeraCrypt ensures that if data corruption occurs within a block, the remaining blocks are not affected. See also the question '<em style="text-align:left">What do I do when the encrypted filesystem on my VeraCrypt volume is corrupted?</em></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">What do I do when the encrypted filesystem on my VeraCrypt volume is corrupted?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
File system within a VeraCrypt volume may become corrupted in the same way as any normal unencrypted file system. When that happens, you can use filesystem repair tools supplied with your operating system to fix it. In Windows, it is the '<em style="text-align:left">chkdsk</em>'
|
||||
tool. VeraCrypt provides an easy way to use this tool on a VeraCrypt volume: Right-click the mounted volume in the main VeraCrypt window (in the drive list) and from the context menu select '<em style="text-align:left">Repair Filesystem</em>'.</div>
|
||||
<div id="reset_volume_password" style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">We use VeraCrypt in a corporate/enterprise environment. Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes. Note that there is no "backdoor" implemented in VeraCrypt. However, there is a way to "reset" volume passwords/<a href="Keyfiles.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">keyfiles</a>
|
||||
and <a href="System%20Encryption.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
pre-boot authentication</a> passwords. After you create a volume, back up its header to a file (select
|
||||
<em style="text-align:left">Tools</em> -> <em style="text-align:left">Backup Volume Header</em>) before you allow a
|
||||
<a href="Using%20VeraCrypt%20Without%20Administrator%20Privileges.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
non-admin user</a> to use the volume. Note that the <a href="VeraCrypt%20Volume%20Format%20Specification.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
volume header</a> (which is encrypted with a <a href="Header%20Key%20Derivation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
header key</a> derived from a password/keyfile) contains the <a href="Encryption%20Scheme.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
master key</a> with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (<em style="text-align:left">Volumes</em> ->
|
||||
<em style="text-align:left">Change Volume Password</em>); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or
|
||||
loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header from the backup file (<em style="text-align:left">Tools</em> ->
|
||||
<em style="text-align:left">Restore Volume Header</em>). <br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Similarly, you can reset a <a href="System%20Encryption.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
pre-boot authentication</a> password<a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">.
|
||||
</a>To create a backup of the master key data (that will be stored on a <a href="VeraCrypt%20Rescue%20Disk.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
VeraCrypt Rescue Disk</a> and encrypted with your administrator password), select '<em style="text-align:left">System</em>' > '<a href="VeraCrypt%20Rescue%20Disk.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none"><em style="text-align:left.html">Create
|
||||
Rescue Disk</em></a>'. To set a user <a href="System%20Encryption.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
pre-boot authentication</a> password, select '<em style="text-align:left">System</em>' > '<em style="text-align:left">Change Password</em>'. To restore your administrator password, boot the VeraCrypt Rescue Disk, select '<em style="text-align:left">Repair
|
||||
Options</em>' > '<em style="text-align:left">Restore key data</em>' and enter your administrator password.
|
||||
<br style="text-align:left">
|
||||
<span style="text-align:left; font-size:10px; line-height:12px">Note: It is not required to burn each
|
||||
<a href="VeraCrypt%20Rescue%20Disk.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
VeraCrypt Rescue Disk</a> ISO image to a CD/DVD. You can maintain a central repository of ISO images for all workstations (rather than a repository of CDs/DVDs). For more information see the section
|
||||
<a href="Command%20Line%20Usage.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Command Line Usage</a> (option <em style="text-align:left">/noisocheck</em>).</span></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can our commercial company use VeraCrypt free of charge?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Provided that you comply with the terms and conditions of the <a href="VeraCrypt%20License.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
VeraCrypt License</a>, you can install and run VeraCrypt free of charge on an arbitrary number of your computers.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">We share a volume over a network. Is there a way to have the network share automatically restored when the system is restarted?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Please see the chapter '<a href="Sharing%20over%20Network.html" style="text-align:left; color:#0080c0; text-decoration:none.html">Sharing over Network</a>' in the
|
||||
<a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
VeraCrypt User Guide</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">It is possible to access a single VeraCrypt volume simultaneously from multiple operating systems (for example, a volume shared over a network)?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Please see the chapter '<a href="Sharing%20over%20Network.html" style="text-align:left; color:#0080c0; text-decoration:none.html">Sharing over Network</a>' in the
|
||||
<a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
VeraCrypt User Guide</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Can a user access his or her VeraCrypt volume via a network?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Please see the chapter '<a href="Sharing%20over%20Network.html" style="text-align:left; color:#0080c0; text-decoration:none.html">Sharing over Network</a>' in the
|
||||
<a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
VeraCrypt User Guide</a>.</div>
|
||||
<div id="non_system_drive_letter" style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">I encrypted a non-system partition, but its original drive letter is still visible in the '<span style="text-align:left; font-style:italic">My Computer</span>' list. When I double click this drive letter, Windows asks if I want
|
||||
to format the drive. Is there a way to hide or free this drive letter? </strong>
|
||||
</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, to free the drive letter follow these steps:</div>
|
||||
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Right-click the '<em style="text-align:left">Computer</em>' (or '<span style="text-align:left; font-style:italic">My Computer</span>') icon on your desktop or in the Start Menu and select
|
||||
<span style="text-align:left; font-style:italic">Manage</span>. The '<span style="text-align:left; font-style:italic">Computer Management</span>' window should appear.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
From the list on the left, select '<span style="text-align:left; font-style:italic">Disk Management</span>' (within the
|
||||
<span style="text-align:left; font-style:italic">Storage</span> sub-tree). </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Right-click the encrypted partition/device and select <span style="text-align:left; font-style:italic">
|
||||
Change Drive Letter and Paths</span>. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Click <span style="text-align:left; font-style:italic">Remove</span>. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
If Windows prompts you to confirm the action, click <span style="text-align:left; font-style:italic">
|
||||
Yes</span>. </li></ol>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left"><br style="text-align:left">
|
||||
When I plug in my encrypted USB flash drive, Windows asks me if I want to format it. Is there a way to prevent that?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, but you will need to remove the drive letter assigned to the device. For information on how to do so, see the question '<em style="text-align:left">I encrypted a non-system partition, but its original drive letter is still visible in the 'My Computer'
|
||||
list.</em>'</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left"><br style="text-align:left">
|
||||
How do I remove or undo encryption if I do not need it anymore? How do I permanently decrypt a volume?
|
||||
</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Please see the section '<a href="Removing%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">How to Remove Encryption</a>' in the
|
||||
<a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
VeraCrypt User Guide</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">What will change when I enable the option '<em style="text-align:left">Mount volumes as removable media</em>'?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Please see the section '<a href="Removable%20Medium%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">Volume Mounted as Removable Medium</a>' in the
|
||||
<a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
VeraCrypt User Guide</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Is the online documentation available for download as a single file?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Yes, the documentation is contained in the file <em style="text-align:left">VeraCrypt User Guide.pdf</em> that is included in all official VeraCrypt distribution packages. You can also download the PDF using the link available at the home page
|
||||
<a href="https://www.veracrypt.fr/en/Downloads.html" target="_blank">https://www.veracrypt.fr/en/downloads/</a>. Note that you do
|
||||
<em style="text-align:left">not</em> have to install VeraCrypt to obtain the PDF documentation. Just run the self-extracting installation package and then select
|
||||
<em style="text-align:left">Extract</em> (instead of <em style="text-align:left">
|
||||
Install</em>) on the second page of the VeraCrypt Setup wizard. Also note that when you
|
||||
<em style="text-align:left">do</em> install VeraCrypt, the PDF documentation is automatically copied to the folder to which VeraCrypt is installed, and is accessible via the VeraCrypt user interface (by pressing F1 or choosing
|
||||
<em style="text-align:left">Help</em> > <em style="text-align:left">User's Guide</em>).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">Do I have to "wipe" free space and/or files on a VeraCrypt volume?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<span style="text-align:left; font-size:10px; line-height:12px">Remark: to "wipe" = to securely erase; to overwrite sensitive data in order to render them unrecoverable.
|
||||
</span><br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
If you believe that an adversary will be able to decrypt the volume (for example that he will make you reveal the password), then the answer is yes. Otherwise, it is not necessary, because the volume is entirely encrypted.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left">How does VeraCrypt know which encryption algorithm my VeraCrypt volume has been encrypted with?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Please see the section <a href="Encryption%20Scheme.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Encryption Scheme</a> (chapter <a href="Technical%20Details.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Technical Details</a>) in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
documentation</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left">How can I perform a Windows built-in backup on a VeraCrypt volume? The VeraCrypt volume doesn't show up in the list of available backup paths.<br>
|
||||
</strong>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Windows built-in backup utility looks only for physical driver, that's why it doesn't display the VeraCrypt volume. Nevertheless, you can still backup on a VeraCrypt volume by using a trick: activate sharing on the VeraCrypt volume through Explorer interface
|
||||
(of course, you have to put the correct permission to avoid unauthorized access) and then choose the option "Remote shared folder" (it is not remote of course but Windows needs a network path). There you can type the path of the shared drive (for example \\ServerName\sharename)
|
||||
and the backup will be configured correctly.</div>
|
||||
</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left">Is the encryption used by VeraCrypt vulnerable to Quantum attacks?</strong>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
VeraCrypt uses block ciphers (AES, Serpent, Twofish) for its encryption. Quantum attacks against these block ciphers are just a faster brute-force since the best know attack against these algorithms is exhaustive search (related keys attacks are irrelevant
|
||||
to our case because all keys are random and independent from each other).<br>
|
||||
Since VeraCrypt always uses 256-bit random and independent keys, we are assured of a 128-bit security<br>
|
||||
level against quantum algorithms which makes VeraCrypt encryption immune to such attacks.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong>How to make a VeraCrypt volume available for Windows Search indexing?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
In order to be able to index a VeraCrypt volume through Windows Search, the volume must be mounted at boot time (System Favorite) or the Windows Search services must be restart after the volume is mounted. This is needed because Windows Search can only index
|
||||
drives that are available when it starts.</div>
|
||||
<strong style="text-align:left">I haven't found any answer to my question in the FAQ – what should I do?</strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Please search the VeraCrypt documentation and website.</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
112
doc/html/Favorite Volumes.html
Normal file
@ -0,0 +1,112 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="VeraCrypt%20Volume.html">VeraCrypt Volume</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Favorite%20Volumes.html">Favorite Volumes</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h2 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:14px; margin-bottom:17px">
|
||||
Favorite Volumes</h2>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<p>Favorite volumes are useful, for example, in any the following cases:</p>
|
||||
<ul>
|
||||
<li>You have a volume that always needs to be <strong>mounted to a particular drive letter</strong>.
|
||||
</li><li>You have a volume that needs to be <strong>automatically mounted when its host device gets connected to the computer
|
||||
</strong>(for example, a container located on a USB flash drive or external USB hard drive).
|
||||
</li><li>You have a volume that needs to be <strong>automatically mounted when you log on
|
||||
</strong>to the operating system. </li><li>You have a volume that always needs to be <strong>mounted as read-only </strong>
|
||||
or removable medium. </li></ul>
|
||||
<h3>To configure a VeraCrypt volume as a favorite volume, follow these steps:</h3>
|
||||
<ol>
|
||||
<li>Mount the volume (to the drive letter to which you want it to be mounted every time).
|
||||
</li><li>Right-click the mounted volume in the drive list in the main VeraCrypt window and select ‘<em>Add to Favorites</em>’.
|
||||
</li><li>The Favorite Volumes Organizer window should appear now. In this window, you can set various options for the volume (see below).
|
||||
</li><li>Click <em>OK</em>. </li></ol>
|
||||
<strong>Favorite volumes can be mounted in several ways: </strong>To mount all favorite volumes, select
|
||||
<em>Favorites </em>> <em>Mount Favorite Volumes </em>or press the ‘<em>Mount Favorite Volumes</em>’ hot key (<em>Settings
|
||||
</em>> <em>Hot Keys</em>). To mount only one of the favorite volumes, select it from the list contained in the
|
||||
<em>Favorites </em>menu. When you do so, you are asked for its password (and/or keyfiles) (unless it is cached) and if it is correct, the volume is mounted. If it is already mounted, an Explorer window is opened for it.
|
||||
<h3>Selected or all favorite volumes can be mounted automatically whenever you log on to Windows</h3>
|
||||
<p>To set this up, follow these steps:</p>
|
||||
<ol>
|
||||
<li>Mount the volume you want to have mounted automatically when you log on (mount it to the drive letter to which you want it to be mounted every time).
|
||||
</li><li>Right-click the mounted volume in the drive list in the main VeraCrypt window and select ‘<em>Add to Favorites</em>’.
|
||||
</li><li>The Favorites Organizer window should appear now. In this window, enable the option ‘<em>Mount selected volume upon logon</em>’ and click
|
||||
<em>OK</em>. </li></ol>
|
||||
<p>Then, when you log on to Windows, you will be asked for the volume password (and/or keyfiles) and if it is correct, the volume will be mounted.<br>
|
||||
<br>
|
||||
Note: VeraCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (<em>Settings
|
||||
</em>> ‘<em>System Encryption</em>’) and the volumes use the same password as the system partition/drive.</p>
|
||||
<p>Selected or all favorite volumes can be mounted automatically whenever its host device gets connected to the computer. To set this up, follow these steps:</p>
|
||||
<ol>
|
||||
<li>Mount the volume (to the drive letter to which you want it to be mounted every time).
|
||||
</li><li>Right-click the mounted volume in the drive list in the main VeraCrypt window and select ‘<em>Add to Favorites</em>’.
|
||||
</li><li>The Favorites Organizer window should appear now. In this window, enable the option ‘<em>Mount selected volume when its host device gets connected</em>’ and click
|
||||
<em>OK</em>. </li></ol>
|
||||
<p>Then, when you insert e.g. a USB flash drive on which a VeraCrypt volume is located into the USB port, you will be asked for the volume password (and/or keyfiles) (unless it is cached) and if it is correct, the volume will be mounted.<br>
|
||||
<br>
|
||||
Note: VeraCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (<em>Settings
|
||||
</em>> ‘<em>System Encryption</em>’) and the volume uses the same password as the system partition/drive.</p>
|
||||
<p>A special label can be assigned to each favorite volume. This label is not the same as the filesystem label and it is shown within the VeraCrypt user interface instead of the volume path. To assign such a label, follow these steps:</p>
|
||||
<ol>
|
||||
<li>Select <em>Favorites </em>> ‘<em>Organize Favorite Volumes</em>’.
|
||||
</li><li>The Favorite Volumes Organizer window should appear now. In this window, select the volume whose label you want to edit.
|
||||
</li><li>Enter the label in the ‘<em>Label of selected favorite volume</em>’ input field and click OK.
|
||||
</li></ol>
|
||||
<p>Note that the Favorite Volumes Organizer window (<em>Favorites </em>> ‘<em>Organize Favorite Volumes</em>’) allows you to
|
||||
<strong>set various other options for each favorite volume</strong>. For example, any of them can be mounted as read-only or as removable medium. To set any of these options, follow these steps:</p>
|
||||
<ol>
|
||||
<li>Select <em>Favorites </em>> ‘<em>Organize Favorite Volumes</em>’.
|
||||
</li><li>The Favorite Volumes Organizer window should appear now. In this window, select the volume whose options you want to set.
|
||||
</li><li>Set the options and click OK. </li></ol>
|
||||
<p>The order in which system favorite volumes are displayed in the Favorites Organizer window (<em>Favorites
|
||||
</em>> ‘<em>Organize Favorite Volumes</em>’) is <strong>the order in which the volumes are mounted
|
||||
</strong>when you select <em>Favorites </em>> <em>Mount Favorite Volumes </em>
|
||||
or when you press the ‘<em>Mount Favorite Volumes</em>’ hotkey (<em>Settings
|
||||
</em>> <em>Hot Keys</em>). You can use the <em>Move Up </em>and <em>Move Down </em>
|
||||
buttons to change the order of the volumes.<br>
|
||||
<br>
|
||||
Note that a favorite volume can also be a <strong>partition that is within the key scope of system encryption mounted without pre-boot authentication
|
||||
</strong>(for example, a partition located on the encrypted system drive of another operating system that is not running). When you mount such a volume and add it to favorites, you will no longer have to select
|
||||
<em>System </em>> <em>Mount Without Pre-Boot Authentication </em>or to enable the mount option ‘<em>Mount partition using system encryption without pre- boot authentication</em>’. You can simply mount the favorite volume (as explained above)
|
||||
without setting any options, as the mode in which the volume is mounted is saved in the configuration file containing the list of your favorite volumes.</p>
|
||||
<p>Warning: When the drive letter assigned to a favorite volume (saved in the configuration file) is not free, the volume is not mounted and no error message is displayed.<br>
|
||||
<br>
|
||||
<strong>To remove a volume form the list of favorite volumes</strong>, select <em>
|
||||
Favorites </em>> <em>Organize Favorite Volumes</em>, select the volume, click <em>
|
||||
Remove</em>, and click OK.</p>
|
||||
<p> </p>
|
||||
<p><a href="System%20Favorite%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div>
|
||||
</div>
|
||||
</body></html>
|
69
doc/html/Hardware Acceleration.html
Normal file
@ -0,0 +1,69 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Hardware%20Acceleration.html">Hardware Acceleration</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Hardware Acceleration</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Some processors (CPUs) support hardware-accelerated <a href="AES.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
AES</a> encryption,* which is typically 4-8 times faster than encryption performed by the purely software implementation on the same processors.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
By default, VeraCrypt uses hardware-accelerated AES on computers that have a processor where the Intel AES-NI instructions are available. Specifically, VeraCrypt uses the AES-NI instructions that perform so-called AES rounds (i.e. the main portions of the AES
|
||||
algorithm).** VeraCrypt does not use any of the AES-NI instructions that perform key generation.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Note: By default, VeraCrypt uses hardware-accelerated AES also when an encrypted Windows system is booting or resuming from hibernation (provided that the processor supports the Intel AES-NI instructions).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
To find out whether VeraCrypt can use hardware-accelerated AES on your computer, select
|
||||
<em style="text-align:left">Settings</em> > <em style="text-align:left">Performance/</em><em>Driver Configuration</em> and check the field labeled '<em style="text-align:left">Processor (CPU) in this computer supports hardware acceleration for AES</em>'.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
To find out whether a processor you want to purchase supports the Intel AES-NI instructions (also called "AES New Instructions"), which VeraCrypt uses for hardware-accelerated AES, please check the documentation for the processor or contact the vendor/manufacturer.
|
||||
Alternatively, click <a href="http://ark.intel.com/search/advanced/?AESTech=true" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
here</a> to view an official list of Intel processors that support the AES-NI instructions. However, note that some Intel processors, which the Intel website lists as AES-NI-supporting, actually support the AES-NI instructions only with a Processor Configuration
|
||||
update (for example, i7-2630/2635QM, i7-2670/2675QM, i5-2430/2435M, i5-2410/2415M). In such cases, you should contact the manufacturer of the motherboard/computer for a BIOS update that includes the latest Processor Configuration update for the processor.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
If you want to disable hardware acceleration of AES (e.g. because you want VeraCrypt to use only a fully open-source implementation of AES), you can do so by selecting<em style="text-align:left"> Settings</em> >
|
||||
<em style="text-align:left">Performance and Driver Options </em>and disabling the option '<em style="text-align:left">Accelerate AES encryption/decryption by using the AES instructions of the processor</em>'. Note that when this setting is changed, the operating
|
||||
system needs to be restarted to ensure that all VeraCrypt components internally perform the requested change of mode. Also note that when you create a VeraCrypt Rescue Disk, the state of this option is written to the Rescue Disk and used whenever you boot
|
||||
from it (affecting the pre-boot and initial boot phase). To create a new VeraCrypt Rescue Disk, select
|
||||
<em style="text-align:left">System</em> > <em style="text-align:left">Create Rescue Disk</em>.</div>
|
||||
<p> </p>
|
||||
<hr align="left" size="1" width="189" style="text-align:left; height:0px; border-width:0px 1px 1px; border-style:solid; border-color:#000000">
|
||||
<p><span style="text-align:left; font-size:10px; line-height:12px">* In this chapter, the word 'encryption' also refers to decryption.</span><br style="text-align:left">
|
||||
<span style="text-align:left; font-size:10px; line-height:12px">** Those instructions are
|
||||
<em style="text-align:left">AESENC</em>, <em style="text-align:left">AESENCLAST</em>,
|
||||
<em style="text-align:left">AESDEC</em>, and <em style="text-align:left">AESDECLAST</em> and they perform the following AES transformations:
|
||||
<em style="text-align:left">ShiftRows</em>, <em style="text-align:left">SubBytes</em>,
|
||||
<em style="text-align:left">MixColumns</em>, <em style="text-align:left">InvShiftRows</em>,
|
||||
<em style="text-align:left">InvSubBytes</em>, <em style="text-align:left">InvMixColumns</em>, and
|
||||
<em style="text-align:left">AddRoundKey</em> (for more details about these transformations, see [3])</span><span style="text-align:left; font-size:10px; line-height:12px">.</span></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
58
doc/html/Hash Algorithms.html
Normal file
@ -0,0 +1,58 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Hash%20Algorithms.html">Hash Algorithms</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Hash Algorithms</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
In the Volume Creation Wizard, in the password change dialog window, and in the Keyfile Generator dialog window, you can select a hash algorithm. A user-selected hash algorithm is used by the VeraCrypt Random Number Generator as a pseudorandom "mixing" function,
|
||||
and by the header key derivation function (HMAC based on a hash function, as specified in PKCS #5 v2.0) as a pseudorandom function. When creating a new volume, the Random Number Generator generates the master key, secondary key (XTS mode), and salt. For more
|
||||
information, please see the section <a href="Random%20Number%20Generator.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Random Number Generator</a> and section <a href="Header%20Key%20Derivation.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Header Key Derivation, Salt, and Iteration Count</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
VeraCrypt currently supports the following hash algorithms:</div>
|
||||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
<a href="RIPEMD-160.html"><strong style="text-align:left.html">RIPEMD-160</strong></a>
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
<a href="SHA-256.html"><strong style="text-align:left.html">SHA-256</strong></a>
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
<a href="SHA-512.html"><strong style="text-align:left.html">SHA-512</strong></a>
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
<a href="Whirlpool.html"><strong style="text-align:left.html">Whirlpool</strong></a>
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left"><a href="Streebog.html">Streebog</a></strong>
|
||||
</li></ul>
|
||||
<p><a href="RIPEMD-160.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
86
doc/html/Header Key Derivation.html
Normal file
@ -0,0 +1,86 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Technical%20Details.html">Technical Details</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Header%20Key%20Derivation.html">Header Key Derivation, Salt, and Iteration Count</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Header Key Derivation, Salt, and Iteration Count</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Header key is used to encrypt and decrypt the encrypted area of the VeraCrypt volume header (for
|
||||
<a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
system encryption</a>, of the keydata area), which contains the master key and other data (see the sections
|
||||
<a href="Encryption%20Scheme.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Encryption Scheme</a> and <a href="VeraCrypt%20Volume%20Format%20Specification.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
VeraCrypt Volume Format Specification</a>). In volumes created by VeraCrypt (and for
|
||||
<a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
system encryption</a>), the area is encrypted in XTS mode (see the section <a href="Modes%20of%20Operation.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Modes of Operation</a>). The method that VeraCrypt uses to generate the header key and the secondary header key (XTS mode) is PBKDF2, specified in PKCS #5 v2.0; see
|
||||
<a href="References.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
[7]</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
512-bit salt is used, which means there are 2<sup style="text-align:left; font-size:85%">512</sup> keys for each password. This significantly decreases vulnerability to 'off-line' dictionary/'rainbow table' attacks (pre-computing all the keys for a dictionary
|
||||
of passwords is very difficult when a salt is used) [7]. The salt consists of random values generated by the
|
||||
<a href="Random%20Number%20Generator.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
VeraCrypt random number generator</a> during the volume creation process. The header key derivation function is based on HMAC-SHA-512, HMAC-SHA-256, HMAC-RIPEMD-160, or HMAC-Whirlpool (see [8, 9, 20, 22]) – the user selects which. The length of the derived
|
||||
key does not depend on the size of the output of the underlying hash function. For example, a header key for the AES-256 cipher is always 256 bits long even if HMAC-RIPEMD-160 is used (in XTS mode, an additional 256-bit secondary header key is used; hence,
|
||||
two 256-bit keys are used for AES-256 in total). For more information, refer to [7]. A large number of iterations of the key derivation function have to be performed to derive a header key, which increases the time necessary to perform an exhaustive search
|
||||
for passwords (i.e., brute force attack) [7].</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<p>Prior to version 1.12, VeraCrypt always used a fixed number of iterations depending on the volume type and the derivation algorithm used:</p>
|
||||
<ul>
|
||||
<li>For system partition encryption (boot encryption), <strong>200000</strong> iterations are used for the HMAC-SHA-256 derivation function and
|
||||
<strong>327661</strong> iterations are used for HMAC-RIPEMD-160. </li><li>For standard containers and other partitions, <strong>655331</strong> iterations are used for HMAC-RIPEMD-160 and
|
||||
<strong>500000</strong> iterations are used for HMAC-SHA-512, HMAC-SHA-256 and HMAC-Whirlpool.
|
||||
</li></ul>
|
||||
<p>Starting from version 1.12, the <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">
|
||||
PIM </a>field (<a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">Personal Iterations Multiplier</a>) enables users to have more control over the number of iterations used by the key derivation function.</p>
|
||||
<p>When a <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">
|
||||
PIM </a>value is not specified or if it is equal to zero, VeraCrypt uses the default values expressed above.</p>
|
||||
<p>When a <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">
|
||||
PIM </a>value is given by the user, the number of iterations of the key derivation function is calculated as follows:</p>
|
||||
<ul>
|
||||
<li>For system partition encryption (boot encryption): Iterations = <strong>PIM x 2048</strong>
|
||||
</li><li>For standard containers and other partitions: Iterations = <strong>15000 + (PIM x 1000)</strong>
|
||||
</li></ul>
|
||||
</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Header keys used by ciphers in a cascade are mutually independent, even though they are derived from a single password (to which keyfiles may have been applied). For example, for the AES-Twofish-Serpent cascade, the header key derivation function is instructed
|
||||
to derive a 768-bit encryption key from a given password (and, for XTS mode, in addition, a 768-bit
|
||||
<em style="text-align:left">secondary</em> header key from the given password). The generated 768-bit header key is then split into three 256-bit keys (for XTS mode, the
|
||||
<em style="text-align:left">secondary</em> header key is split into three 256-bit keys too, so the cascade actually uses six 256-bit keys in total), out of which the first key is used by Serpent, the second key is used by Twofish, and the third by AES (in addition,
|
||||
for XTS mode, the first secondary key is used by Serpent, the second secondary key is used by Twofish, and the third secondary key by AES). Hence, even when an adversary has one of the keys, he cannot use it to derive the other keys, as there is no feasible
|
||||
method to determine the password from which the key was derived (except for brute force attack mounted on a weak password).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<a href="Random%20Number%20Generator.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
67
doc/html/Hibernation File.html
Normal file
@ -0,0 +1,67 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Data%20Leaks.html">Data Leaks</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Hibernation%20File.html">Hibernation File</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<div>
|
||||
<h1>Hibernation File</h1>
|
||||
<p>Note: The issue described below does not affect you if the system partition or system drive is encrypted<span>*
|
||||
</span>(for more information, see the chapter <a href="System%20Encryption.html">
|
||||
<em>System Encryption</em></a>) and if the hibernation file is located on one the partitions within the key scope of system encryption (which it typically is, by default), for example, on the partition where Windows is installed. When the computer hibernates,
|
||||
data are encrypted on the fly before they are written to the hibernation file.</p>
|
||||
<p>When a computer hibernates (or enters a power-saving mode), the content of its system memory is written to a so-called hibernation file on the hard drive. You can configure VeraCrypt (<em>Settings</em> >
|
||||
<em>Preferences</em> > <em>Dismount all when: Entering power saving mode</em>) to automatically dismount all mounted VeraCrypt volumes, erase their master keys stored in RAM, and cached passwords (stored in RAM), if there are any, before a computer hibernates
|
||||
(or enters a power-saving mode). However, keep in mind, that if you do not use system encryption (see the chapter
|
||||
<a href="System%20Encryption.html"><em>System Encryption</em></a>), VeraCrypt still cannot reliably prevent the contents of sensitive files opened in RAM from being saved unencrypted to a hibernation file. Note that
|
||||
when you open a file stored on a VeraCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM (and it may remain unencrypted in RAM until the computer is turned off).<br>
|
||||
<br>
|
||||
Note that when Windows enters Sleep mode, it may be actually configured to enter so-called Hybrid Sleep mode, which involves hibernation. Also note that the operating system may be configured to hibernate or enter the Hybrid Sleep mode when you click or select
|
||||
"Shut down" (for more information, please see the documentation for your operating system).<br>
|
||||
<br>
|
||||
<strong>To prevent the issues described above</strong>, encrypt the system partition/drive (for information on how to do so, see the chapter
|
||||
<a href="System%20Encryption.html"><em>System Encryption</em></a>) and make sure that the hibernation file is located on one of the partitions within the key scope of system encryption (which it typically is, by default),
|
||||
for example, on the partition where Windows is installed. When the computer hibernates, data will be encrypted on the fly before they are written to the hibernation file.</p>
|
||||
<p>Note: You may also want to consider creating a hidden operating system (for more information, see the section
|
||||
<a href="Hidden%20Operating%20System.html">
|
||||
<em>Hidden Operating System</em></a>)<span>.</span></p>
|
||||
<p>Alternatively, if you cannot use system encryption, disable or prevent hibernation on your computer at least for each session during which you work with any sensitive data and during which you mount a VeraCrypt volume.</p>
|
||||
<p><span>* </span>Disclaimer: As Windows XP and Windows 2003 do not provide any API for encryption of hibernation files, VeraCrypt has to modify undocumented components of Windows XP/2003 in order to allow users to encrypt hibernation files. Therefore, VeraCrypt
|
||||
cannot guarantee that Windows XP/2003 hibernation files will always be encrypted. In response to our public complaint regarding the missing API, Microsoft began providing a public API for encryption of hibernation files on Windows Vista and later versions
|
||||
of Windows. VeraCrypt has used this API and therefore is able to safely encrypt hibernation files under Windows Vista and later versions of Windows. Therefore, if you use Windows XP/2003 and want the hibernation file to be safely encrypted, we strongly recommend
|
||||
that you upgrade to Windows Vista or later.</p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
49
doc/html/Hidden Operating System.html
Normal file
@ -0,0 +1,49 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="System%20Encryption.html">System Encryption</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Hidden%20Operating%20System.html">Hidden Operating System</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Hidden Operating System</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
It may happen that you are forced by somebody to decrypt the operating system. There are many situations where you cannot refuse to do so (for example, due to extortion). VeraCrypt allows you to create a hidden operating system whose existence should be impossible
|
||||
to prove (provided that certain guidelines are followed). Thus, you will not have to decrypt or reveal the password for the hidden operating system. For more information, see the section
|
||||
<a href="VeraCrypt%20Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Hidden Operating System</a> in the chapter <a href="Plausible%20Deniability.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Plausible Deniability</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
</div>
|
||||
<p><a href="Supported%20Systems%20for%20System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div>
|
||||
</body></html>
|
97
doc/html/Hidden Volume.html
Normal file
@ -0,0 +1,97 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Plausible%20Deniability.html">Plausible Deniability</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Hidden%20Volume.html">Hidden Volume</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Hidden Volume</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations
|
||||
without revealing the password to your volume.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<img src="Beginner's Tutorial_Image_024.gif" alt="The layout of a standard VeraCrypt volume before and after a hidden volume was created within it." width="606" height="412"></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<em style="text-align:left">The layout of a standard VeraCrypt volume before and after a hidden volume was created within it.</em></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
The principle is that a VeraCrypt volume is created within another VeraCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not*, because free
|
||||
space on <em style="text-align:left">any </em>VeraCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that VeraCrypt does not modify the file
|
||||
system (information about free space, etc.) within the outer volume in any way.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
The password for the hidden volume must be substantially different from the password for the outer volume. To the outer volume, (before creating the hidden volume within it) you should copy some sensitive-looking files that you actually do NOT want to hide.
|
||||
These files will be there for anyone who would force you to hand over the password. You will reveal only the password for the outer volume, not for the hidden one. Files that really are sensitive will be stored on the hidden volume.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
A hidden volume can be mounted the same way as a standard VeraCrypt volume: Click
|
||||
<em style="text-align:left">Select File</em> or <em style="text-align:left">Select Device
|
||||
</em>to select the outer/host volume (important: make sure the volume is <em style="text-align:left">
|
||||
not</em> mounted). Then click <em style="text-align:left">Mount</em>, and enter the password for the hidden volume. Whether the hidden or the outer volume will be mounted is determined by the entered password (i.e., when you enter the password for the outer
|
||||
volume, then the outer volume will be mounted; when you enter the password for the hidden volume, the hidden volume will be mounted).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
VeraCrypt first attempts to decrypt the standard volume header using the entered password. If it fails, it loads the area of the volume where a hidden volume header can be stored (i.e. bytes 65536–131071, which contain solely random data when there is
|
||||
no hidden volume within the volume) to RAM and attempts to decrypt it using the entered password. Note that hidden volume headers cannot be identified, as they appear to consist entirely of random data. If the header is successfully decrypted (for information
|
||||
on how VeraCrypt determines that it was successfully decrypted, see the section <a href="Encryption%20Scheme.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Encryption Scheme</a>), the information about the size of the hidden volume is retrieved from the decrypted header (which is still stored in RAM), and the hidden volume is mounted (its size also determines its offset).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
A hidden volume can be created within any type of VeraCrypt volume, i.e., within a file-hosted volume or partition/device-hosted volume (requires administrator privileges). To create a hidden VeraCrypt volume, click on
|
||||
<em style="text-align:left">Create Volume </em>in the main program window and select
|
||||
<em style="text-align:left">Create a hidden VeraCrypt volume</em>. The Wizard will provide help and all information necessary to successfully create a hidden VeraCrypt volume.</div>
|
||||
<div id="hidden_volume_size_issue" style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
When creating a hidden volume, it may be very difficult or even impossible for an inexperienced user to set the size of the hidden volume such that the hidden volume does not overwrite data on the outer volume. Therefore, the Volume Creation Wizard automatically
|
||||
scans the cluster bitmap of the outer volume (before the hidden volume is created within it) and determines the maximum possible size of the hidden volume.***</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
If there are any problems when creating a hidden volume, refer to the chapter <a href="Troubleshooting.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Troubleshooting</a> for possible solutions.<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Note that it is also possible to create and boot an operating system residing in a hidden volume (see the section
|
||||
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Hidden Operating System</a> in the chapter <a href="Plausible%20Deniability.html">
|
||||
Plausible Deniability</a>).</div>
|
||||
<hr align="left" size="1" width="189" style="text-align:left; height:0px; border-width:0px 1px 1px; border-style:solid; border-color:#000000">
|
||||
<p><span style="text-align:left; font-size:10px; line-height:12px">* Provided that all the instructions in the VeraCrypt Volume Creation Wizard have been followed and provided that the requirements and precautions listed in the subsection
|
||||
<a href="Security%20Requirements%20for%20Hidden%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Security Requirements and Precautions Pertaining to Hidden Volumes</a> are followed<em style="text-align:left">.</em></span><br style="text-align:left">
|
||||
<span style="text-align:left; font-size:10px; line-height:12px">** Provided that the options
|
||||
<em style="text-align:left">Quick Format</em> and <em style="text-align:left">Dynamic</em> are disabled and provided that the volume does not contain a filesystem that has been encrypted in place (VeraCrypt does not allow the user to create a hidden volume
|
||||
within such a volume). For information on the method used to fill free volume space with random data, see chapter
|
||||
<a href="Technical%20Details.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Technical Details</a>, section <a href="VeraCrypt%20Volume%20Format%20Specification.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
VeraCrypt Volume Format Specification</a><em style="text-align:left">.</em></span><br style="text-align:left">
|
||||
<span style="text-align:left; font-size:10px; line-height:12px">*** The wizard scans the cluster bitmap to determine the size of the uninterrupted area of free space (if there is any) whose end is aligned with the end of the outer volume. This area accommodates
|
||||
the hidden volume and therefore the size of this area limits the maximum possible size of the hidden volume. On Linux and Mac OS X, the wizard actually does not scan the cluster bitmap, but the driver detects any data written to the outer volume and uses their
|
||||
position as previously described.</span></p>
|
||||
<p> </p>
|
||||
<p><a href="Protection%20of%20Hidden%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
BIN
doc/html/Home_VeraCrypt_Default_Mount_Parameters.png
Normal file
After Width: | Height: | Size: 12 KiB |
BIN
doc/html/Home_VeraCrypt_menu_Default_Mount_Parameters.png
Normal file
After Width: | Height: | Size: 6.3 KiB |
BIN
doc/html/Home_facebook_veracrypt.png
Normal file
After Width: | Height: | Size: 868 B |
BIN
doc/html/Home_reddit.png
Normal file
After Width: | Height: | Size: 1.4 KiB |
BIN
doc/html/Home_utilities-file-archiver-3.png
Normal file
After Width: | Height: | Size: 2.1 KiB |
40
doc/html/Hot Keys.html
Normal file
@ -0,0 +1,40 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Hot%20Keys.html">Hot Keys</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Hot Keys</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
To set system-wide VeraCrypt hot keys, click Settings -> Hot Keys. Note that hot keys work only when VeraCrypt or the VeraCrypt Background Task is running.</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
112
doc/html/How to Back Up Securely.html
Normal file
@ -0,0 +1,112 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="How%20to%20Back%20Up%20Securely.html">How to Back Up Securely</a>
|
||||
</p></div>
|
||||
<div class="wikidoc">
|
||||
<div>
|
||||
<h2>How to Back Up Securely</h2>
|
||||
<p>Due to hardware or software errors/malfunctions, files stored on a VeraCrypt volume may become corrupted. Therefore, we strongly recommend that you backup all your important files regularly (this, of course, applies to any important data, not just to encrypted
|
||||
data stored on VeraCrypt volumes).</p>
|
||||
<h3>Non-System Volumes</h3>
|
||||
<p>To back up a non-system VeraCrypt volume securely, it is recommended to follow these steps:</p>
|
||||
<ol>
|
||||
<li>Create a new VeraCrypt volume using the VeraCrypt Volume Creation Wizard (do not enable the
|
||||
<em>Quick Format</em> option or the <em>Dynamic</em> option). It will be your <em>
|
||||
backup</em> volume so its size should match (or be greater than) the size of your
|
||||
<em>main</em> volume.<br>
|
||||
<br>
|
||||
If the <em>main</em> volume is a hidden VeraCrypt volume (see the section <a href="Hidden%20Volume.html">
|
||||
<em>Hidden Volume</em></a>), the <em>backup</em> volume must be a hidden VeraCrypt volume too. Before you create the hidden
|
||||
<em>backup</em> volume, you must create a new host (outer) volume for it without enabling the
|
||||
<em>Quick Format</em> option. In addition, especially if the <em>backup</em> volume is file-hosted, the hidden
|
||||
<em>backup</em> volume should occupy only a very small portion of the container and the outer volume should be almost completely filled with files (otherwise, the plausible deniability of the hidden volume might be adversely affected).
|
||||
</li><li>Mount the newly created <em>backup</em> volume. </li><li>Mount the <em>main</em> volume. </li><li>Copy all files from the mounted <em>main</em> volume directly to the mounted <em>
|
||||
backup</em> volume. </li></ol>
|
||||
<h4>IMPORTANT: If you store the backup volume in any location that an adversary can repeatedly access (for example, on a device kept in a bank’s safe deposit box), you should repeat all of the above steps (including the step 1) each time you want to back
|
||||
up the volume (see below).</h4>
|
||||
<p>If you follow the above steps, you will help prevent adversaries from finding out:</p>
|
||||
<ul>
|
||||
<li>Which sectors of the volumes are changing (because you always follow step 1). This is particularly important, for example, if you store the backup volume on a device kept in a bank’s safe deposit box (or in any other location that an adversary can
|
||||
repeatedly access) and the volume contains a hidden volume (for more information, see the subsection
|
||||
<a href="Security%20Requirements%20for%20Hidden%20Volumes.html">
|
||||
<em>Security Requirements and Precautions Pertaining to Hidden Volumes</em></a> in the chapter
|
||||
<a href="Plausible%20Deniability.html"><em>Plausible Deniability</em></a>).
|
||||
</li><li>That one of the volumes is a backup of the other. </li></ul>
|
||||
<h3>System Partitions</h3>
|
||||
<p>Note: In addition to backing up files, we recommend that you also back up your VeraCrypt Rescue Disk (select
|
||||
<em>System</em> > <em>Create Rescue Disk</em>). For more information, see the section Vera<em>Crypt Rescue Disk</em>.</p>
|
||||
<p>To back up an encrypted system partition securely and safely, it is recommended to follow these steps:</p>
|
||||
<ol>
|
||||
<li>If you have multiple operating systems installed on your computer, boot the one that does not require pre-boot authentication.<br>
|
||||
<br>
|
||||
If you do not have multiple operating systems installed on your computer, you can boot a WinPE or BartPE CD/DVD (‘live’ Windows entirely stored on and booted from a CD/DVD; for more information, search the section
|
||||
<a href="FAQ.html"><em>Frequently Asked Questions</em></a> for the keyword ‘BartPE’).<br>
|
||||
<br>
|
||||
If none of the above is possible, connect your system drive as a secondary drive to another computer and then boot the operating system installed on the computer.<br>
|
||||
<br>
|
||||
Note: For security reasons, if the operating system that you want to back up resides in a hidden VeraCrypt volume (see the section
|
||||
<a href="Hidden%20Operating%20System.html">
|
||||
<em>Hidden Operating System</em></a>), then the operating system that you boot in this step must be either another hidden operating system or a "live- CD" operating system (see above). For more information, see the subsection
|
||||
<a href="Security%20Requirements%20for%20Hidden%20Volumes.html">
|
||||
<em>Security Requirements and Precautions Pertaining to Hidden Volumes</em></a> in the chapter
|
||||
<a href="Plausible%20Deniability.html"><em>Plausible Deniability</em></a>.
|
||||
</li><li>Create a new non-system VeraCrypt volume using the VeraCrypt Volume Creation Wizard (do not enable the
|
||||
<em>Quick Format</em> option or the <em>Dynamic</em> option). It will be your <em>
|
||||
backup</em> volume so its size should match (or be greater than) the size of the system partition that you want to back up.<br>
|
||||
<br>
|
||||
If the operating system that you want to back up is installed in a hidden VeraCrypt volume (see the section
|
||||
<em>Hidden Operating System</em>), the <em>backup</em> volume must be a hidden VeraCrypt volume too. Before you create the hidden
|
||||
<em>backup</em> volume, you must create a new host (outer) volume for it without enabling the
|
||||
<em>Quick Format</em> option. In addition, especially if the <em>backup</em> volume is file-hosted, the hidden
|
||||
<em>backup</em> volume should occupy only a very small portion of the container and the outer volume should be almost completely filled with files (otherwise, the plausible deniability of the hidden volume might be adversely affected).
|
||||
</li><li>Mount the newly created <em>backup</em> volume. </li><li>Mount the system partition that you want to back up by following these steps:
|
||||
<ol type="a">
|
||||
<li>Click <em>Select Device</em> and then select the system partition that you want to back up (in case of a hidden operating system, select the partition containing the hidden volume in which the operating system is installed).
|
||||
</li><li>Click <em>OK</em>. </li><li>Select <em>System</em> > <em>Mount Without Pre-Boot Authentication</em>. </li><li>Enter your pre-boot authentication password and click <em>OK</em>. </li></ol>
|
||||
</li><li>Mount the <em>backup</em> volume and then use a third-party program or a Windows tool to create an image of the filesystem that resides on the system partition (which was mounted as a regular VeraCrypt volume in the previous step) and store the image directly
|
||||
on the mounted backup volume. </li></ol>
|
||||
<h4>IMPORTANT: If you store the backup volume in any location that an adversary can repeatedly access (for example, on a device kept in a bank’s safe deposit box), you should repeat all of the above steps (including the step 2) each time you want to back
|
||||
up the volume (see below).</h4>
|
||||
<p>If you follow the above steps, you will help prevent adversaries from finding out:</p>
|
||||
<ul>
|
||||
<li>Which sectors of the volumes are changing (because you always follow step 2). This is particularly important, for example, if you store the backup volume on a device kept in a bank’s safe deposit box (or in any other location that an adversary can
|
||||
repeatedly access) and the volume contains a hidden volume (for more information, see the subsection
|
||||
<a href="Security%20Requirements%20for%20Hidden%20Volumes.html">
|
||||
<em>Security Requirements and Precautions Pertaining to Hidden Volumes</em></a> in the chapter
|
||||
<a href="Plausible%20Deniability.html"><em>Plausible Deniability</em></a>).
|
||||
</li><li>That one of the volumes is a backup of the other. </li></ul>
|
||||
<h3>General Notes</h3>
|
||||
<p>If you store the backup volume in any location where an adversary can make a copy of the volume, consider encrypting the volume with a cascade of ciphers (for example, with AES-Twofish- Serpent). Otherwise, if the volume is encrypted only with a single encryption
|
||||
algorithm and the algorithm is later broken (for example, due to advances in cryptanalysis), the attacker might be able to decrypt his copies of the volume. The probability that three distinct encryption algorithms will be broken is significantly lower than
|
||||
the probability that only one of them will be broken.</p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
74
doc/html/Incompatibilities.html
Normal file
@ -0,0 +1,74 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Incompatibilities.html">Incompatibilities</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Incompatibilities</h1>
|
||||
<h4 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:12px; margin-bottom:1px">
|
||||
Activation of Adobe Photoshop® and Other Products Using FLEXnet Publisher® / SafeCast</h4>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<em style="text-align:left">Note: The issue described below does <strong style="text-align:left">
|
||||
not</strong> affect you if you use a non-cascade encryption algorithm (i.e., AES, Serpent, or Twofish).* The issue also does
|
||||
<strong style="text-align:left">not</strong> affect you if you do not use <a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
system encryption</a> (pre-boot authentication).</em></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Acresso FLEXnet Publisher activation software, formerly Macrovision SafeCast, (used for activation of third-party software, such as Adobe Photoshop) writes data to the first drive track. If this happens when your system partition/drive is encrypted by VeraCrypt,
|
||||
a portion of the VeraCrypt Boot Loader will be damaged and you will not be able to start Windows. In that case, please use your
|
||||
<a href="VeraCrypt%20Rescue%20Disk.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
VeraCrypt Rescue Disk</a> to regain access to your system. There are two ways to do so:</div>
|
||||
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
You may keep the third-party software activated but you will need to boot your system from the VeraCrypt Rescue Disk CD/DVD
|
||||
<em style="text-align:left">every time</em>. Just insert your Rescue Disk into your CD/DVD drive and then enter your password in the Rescue Disk screen.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
If you do not want to boot your system from the VeraCrypt Rescue Disk CD/DVD every time, you can restore the VeraCrypt Boot Loader on the system drive. To do so, in the Rescue Disk screen, select
|
||||
<em style="text-align:left">Repair Options</em> > <em style="text-align:left">
|
||||
Restore VeraCrypt Boot Loader</em>. However, note that this will deactivate the third-party software.
|
||||
</li></ol>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
For information on how to use your VeraCrypt Rescue Disk, please see the chapter <a href="VeraCrypt%20Rescue%20Disk.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
VeraCrypt Rescue Disk</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left">Possible permanent solution</strong>: decrypt the system partition/drive, and then re-encrypt it using a non-cascade encryption algorithm (i.e., AES, Serpent, or Twofish).*</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Please note that this not a bug in VeraCrypt (the issue is caused by inappropriate design of the third-party activation software).</div>
|
||||
<p> </p>
|
||||
<hr align="left" size="1" width="189" style="text-align:left; height:0px; border-width:0px 1px 1px; border-style:solid; border-color:#000000">
|
||||
<p><span style="text-align:left; font-size:10px; line-height:12px">* The reason is that the VeraCrypt Boot Loader is smaller than the one used for cascades of ciphers and, therefore, there is enough space in the first drive track for a backup of the VeraCrypt
|
||||
Boot Loader. Hence, whenever the VeraCrypt Boot Loader is damaged, its backup copy is run automatically instead.</span><br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
See also: <a href="Issues%20and%20Limitations.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">
|
||||
Known Issues & Limitations</a>, <a href="Troubleshooting.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Troubleshooting</a></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
56
doc/html/Introduction.html
Normal file
@ -0,0 +1,56 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Introduction.html">Introduction</a>
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Introduction</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
VeraCrypt is a software for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user
|
||||
intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta
|
||||
data, etc).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Files can be copied to and from a mounted VeraCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied
|
||||
from an encrypted VeraCrypt volume. Similarly, files that are being written or copied to the VeraCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does
|
||||
<span style="text-align:left; font-style:italic">not</span> mean that the <span style="text-align:left; font-style:italic">
|
||||
whole</span> file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for VeraCrypt. For an illustration of how this is accomplished, see the following paragraph.<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Let's suppose that there is an .avi video file stored on a VeraCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the VeraCrypt volume. When the user double clicks the icon
|
||||
of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the VeraCrypt-encrypted volume to RAM (memory)
|
||||
in order to play it. While the portion is being loaded, VeraCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading
|
||||
another small portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).</div>
|
||||
<p>Note that VeraCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume
|
||||
will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you
|
||||
have to mount the volume (and provide the correct password and/or keyfile). For a quick start guide, please see the chapter Beginner's Tutorial.</p>
|
||||
</div>
|
||||
</body></html>
|
100
doc/html/Issues and Limitations.html
Normal file
@ -0,0 +1,100 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Issues%20and%20Limitations.html">Known Issues and Limitations</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Known Issues & Limitations</h1>
|
||||
<h3>Known Issues</h3>
|
||||
<ul>
|
||||
<li>On Windows, it may happen that two drive letters are assigned to a mounted volume instead of a single one. This is caused by an issue with Windows Mount Manager cache and it can be solve by typing the command "<strong>mountvol.exe /r</strong>" in an elevated
|
||||
command prompt (run as an administrator) before mounting any volume. If the issue persists after rebooting, the following procedure can be used to solve it:
|
||||
<ul>
|
||||
<li>Check the registry key "HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices" using regedit. Scroll down and you'll find entries starting with "\DosDevices\" or "\Global??\" which indicate the drive letters that are taken by the system. Before mounting any volume,
|
||||
double click on each one and remove the ones contains the name "VeraCrypt" and "TrueCrypt".
|
||||
<br>
|
||||
Also, there are other entries whose name start with "#{" and "\??\Volume{": double click on each one of them and remove the ones whose data value contains the name "VeraCrypt" and "TrueCrypt".
|
||||
</li></ul>
|
||||
</li></ul>
|
||||
<h3 id="limitations">Limitations</h3>
|
||||
<ul>
|
||||
<li>[<em>Note: This limitation does not apply to users of Windows Vista and later versions of Windows.</em>] On Windows XP/2003, VeraCrypt does not support encrypting an entire system drive that contains extended (logical) partitions. You can encrypt an entire
|
||||
system drive provided that it contains only primary partitions. Extended (logical) partitions must not be created on any system drive that is partially or fully encrypted (only primary partitions may be created on it).
|
||||
<em>Note</em>: If you need to encrypt an entire drive containing extended partitions, you can encrypt the system partition and, in addition, create partition-hosted VeraCrypt volumes within any non- system partitions on the drive. Alternatively, you may want
|
||||
to consider upgrading to Windows Vista or a later version of Windows. </li><li>VeraCrypt currently does not support encrypting a system drive that has been converted to a dynamic disk.
|
||||
</li><li>To work around a Windows XP issue, the VeraCrypt boot loader is always automatically configured for the version of the operating system under which it is installed. When the version of the system changes (for example, the VeraCrypt boot loader is installed
|
||||
when Windows Vista is running but it is later used to boot Windows XP) you may encounter various known and unknown issues (for example, on some notebooks, Windows XP may fail to display the log-on screen). Note that this affects multi-boot configurations,
|
||||
VeraCrypt Rescue Disks, and decoy/hidden operating systems (therefore, if the hidden system is e.g. Windows XP, the decoy system should be Windows XP too).
|
||||
</li><li>The ability to mount a partition that is within the key scope of system encryption without pre- boot authentication (for example, a partition located on the encrypted system drive of another operating system that is not running), which can be done e.g.
|
||||
by selecting <em>System</em> > <em>Mount Without Pre-Boot Authentication,</em> is limited to primary partitions (extended/logical partitions cannot be mounted this way).
|
||||
</li><li>Due to a Windows 2000 issue, VeraCrypt does not support the Windows Mount Manager under Windows 2000. Therefore, some Windows 2000 built-in tools, such as Disk Defragmenter, do not work on VeraCrypt volumes. Furthermore, it is not possible to use the Mount
|
||||
Manager services under Windows 2000, e.g., assign a mount point to a VeraCrypt volume (i.e., attach a VeraCrypt volume to a folder).
|
||||
</li><li>VeraCrypt does not support pre-boot authentication for operating systems installed within VHD files, except when booted using appropriate virtual-machine software such as Microsoft Virtual PC.
|
||||
</li><li>The Windows Volume Shadow Copy Service is currently supported only for partitions within the key scope of system encryption (e.g. a system partition encrypted by VeraCrypt, or a non- system partition located on a system drive encrypted by VeraCrypt, mounted
|
||||
when the encrypted operating system is running). Note: For other types of volumes, the Volume Shadow Copy Service is not supported because the documentation for the necessary API is not available.
|
||||
</li><li>Windows boot settings cannot be changed from within a hidden operating system if the system does not boot from the partition on which it is installed. This is due to the fact that, for security reasons, the boot partition is mounted as read-only when the
|
||||
hidden system is running. To be able to change the boot settings, please start the decoy operating system.
|
||||
</li><li>Encrypted partitions cannot be resized except partitions on an entirely encrypted system drive that are resized while the encrypted operating system is running.
|
||||
</li><li id="SysEncUpgrade">When the system partition/drive is encrypted, the system cannot be upgraded (for example, from Windows XP to Windows Vista) or repaired from within the pre-boot environment (using a Windows setup CD/DVD or the Windows pre-boot component).
|
||||
In such cases, the system partition/drive must be decrypted first. Note: A running operating system can be
|
||||
<em>updated</em> (security patches, service packs, etc.) without any problems even when the system partition/drive is encrypted.
|
||||
</li><li>System encryption is supported only on drives that are connected locally via an ATA/SCSI interface (note that the term ATA also refers to SATA and eSATA).
|
||||
</li><li>When system encryption is used (this also applies to hidden operating systems), VeraCrypt does not support multi-boot configuration changes (for example, changes to the number of operating systems and their locations). Specifically, the configuration must
|
||||
remain the same as it was when the VeraCrypt Volume Creation Wizard started to prepare the process of encryption of the system partition/drive (or creation of a hidden operating system).<br>
|
||||
<br>
|
||||
Note: The only exception is the multi-boot configuration where a running VeraCrypt-encrypted operating system is always located on drive #0, and it is the only operating system located on the drive (or there is one VeraCrypt-encrypted decoy and one VeraCrypt-encrypted
|
||||
hidden operating system and no other operating system on the drive), and the drive is connected or disconnected before the computer is turned on (for example, using the power switch on an external eSATA drive enclosure). There may be any additional operating
|
||||
systems (encrypted or unencrypted) installed on other drives connected to the computer (when drive #0 is disconnected, drive #1 becomes drive #0, etc.)
|
||||
</li><li>When the notebook battery power is low, Windows may omit sending the appropriate messages to running applications when the computer is entering power saving mode. Therefore, VeraCrypt may fail to auto-dismount volumes in such cases.
|
||||
</li><li>Preserving of any timestamp of any file (e.g. a container or keyfile) is not guaranteed to be reliably and securely performed (for example, due to filesystem journals, timestamps of file attributes, or the operating system failing to perform it for various
|
||||
documented and undocumented reasons). Note: When you write to a file-hosted hidden volume, the timestamp of the container may change. This can be plausibly explained as having been caused by changing the (outer) volume password. Also note that VeraCrypt never
|
||||
preserves timestamps of system favorite volumes (regardless of the settings). </li><li>Special software (e.g., a low-level disk editor) that writes data to a disk drive in a way that circumvents drivers in the driver stack of the class ‘DiskDrive’ (GUID of the class is 4D36E967- E325-11CE-BFC1-08002BE10318) can write unencrypted
|
||||
data to a non-system drive hosting a mounted VeraCrypt volume (‘Partition0’) and to encrypted partitions/drives that are within the key scope of active system encryption (VeraCrypt does not encrypt such data written that way). Similarly, software
|
||||
that writes data to a disk drive circumventing drivers in the driver stack of the class ‘Storage Volume’ (GUID of the class is 71A27CDD-812A-11D0-BEC7-08002BE2092F) can write unencrypted data to VeraCrypt partition-hosted volumes (even if they
|
||||
are mounted). </li><li>For security reasons, when a hidden operating system is running, VeraCrypt ensures that all local unencrypted filesystems and non-hidden VeraCrypt volumes are read-only. However, this does not apply to filesystems on CD/DVD-like media and on custom, atypical,
|
||||
or non-standard devices/media (for example, any devices/media whose class is other than the Windows device class ‘Storage Volume’ or that do not meet the requirements of this class (GUID of the class is 71A27CDD-812A-11D0-BEC7-08002BE2092F)).
|
||||
</li><li>Device-hosted VeraCrypt volumes located on floppy disks are not supported. Note: You can still create file-hosted VeraCrypt volumes on floppy disks.
|
||||
</li><li>Windows Server editions don't allow the use of mounted VeraCrypt volumes as a path for server backup. This can solved by activating sharing on the VeraCrypt volume through Explorer interface (of course, you have to put the correct permission to avoid unauthorized
|
||||
access) and then choosing the option "Remote shared folder" (it is not remote of course but Windows needs a network path). There, you can type the path of the shared drive (for example \\ServerName\sharename) and the backup will be configured correctly.
|
||||
</li><li>Due to Microsoft design flaws in NTFS sparse files handling, you may encounter system errors when writing data to large Dynamic volumes (more than few hundreds GB). To avoid this, the recommended size for a Dynamic volume container file for maximum compatibility
|
||||
is 300 GB. The following link gives more details concerning this limitation: <a href="http://www.flexhex.com/docs/articles/sparse-files.phtml#msdn" target="_blank">
|
||||
http://www.flexhex.com/docs/articles/sparse-files.phtml#msdn</a> </li><li>Windows 8 introduced a new feature called "<strong>Hybrid boot and shutdown</strong>" to give users the impression that booting is quick. This feature is enabled by default and it has side effects on VeraCrypt volumes usage. It is advised to disable this
|
||||
feature (e.g. this <a href="https://www.maketecheasier.com/disable-hybrid-boot-and-shutdown-in-windows-8/" target="_blank">
|
||||
link </a>explains how). Some examples of issues:
|
||||
<ul>
|
||||
<li>after a shutdown and a restart, mounted volume will continue to be mounted without typing the password: this due to the fact the new Windows 8 shutdown is not a real shutdown but a disguised hibernate/sleep.
|
||||
</li><li>when using system encryption and when there are System Favorites configured to be mounted at boot time: after shutdown and restart, these system favorites will not be mounted.
|
||||
</li></ul>
|
||||
</li><li>Windows system Repair/Recovery Disk can't be created when a VeraCrypt volume is mounted as a fixed disk (which is the default). To solve this, either dismount all volumes or mount volumes are removable media.
|
||||
</li><li>Further limitations are listed in the section <a href="Security%20Model.html">
|
||||
<em>Security Model</em></a>. </li></ul>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
46
doc/html/Journaling File Systems.html
Normal file
@ -0,0 +1,46 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Journaling%20File%20Systems.html">Journaling File Systems</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Journaling File Systems</h1>
|
||||
<p>When a file-hosted VeraCrypt container is stored in a journaling file system (such as NTFS or Ext3), a copy of the VeraCrypt container (or of its fragment) may remain in the free space on the host volume. This may have various security implications. For
|
||||
example, if you change the volume password/keyfile(s) and an adversary finds the old copy or fragment (the old header) of the VeraCrypt volume, he might use it to mount the volume using an old compromised password (and/or using compromised keyfiles using an
|
||||
old compromised password (and/or using compromised keyfiles that were necessary to mount the volume before the volume header was re- encrypted). Some journaling file systems also internally record file access times and other potentially sensitive information.
|
||||
If you need plausible deniability (see section <a href="Plausible%20Deniability.html">
|
||||
<em>Plausible Deniability</em></a>), you must not store file-hosted VeraCrypt containers in journaling file systems. To prevent possible security issues related to journaling file systems, do one the following:</p>
|
||||
<ul>
|
||||
<li>Use a partition/device-hosted VeraCrypt volume instead of file-hosted. </li><li>Store the container in a non-journaling file system (for example, FAT32). </li></ul>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
215
doc/html/Keyfiles in VeraCrypt.html
Normal file
@ -0,0 +1,215 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Keyfiles%20in%20VeraCrypt.html">Keyfiles</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Keyfiles</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
Keyfile is a file whose content is combined with a password (for information on the method used to combine a keyfile with password, see the section
|
||||
<a href="Keyfiles.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Keyfiles</a> in the chapter <a href="Technical%20Details.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Technical Details</a>). Until the correct keyfile is provided, no volume that uses the keyfile can be mounted.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
You do not have to use keyfiles. However, using keyfiles has some advantages:</div>
|
||||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
May improve protection against brute force attacks (significant particularly if the volume password is not very strong).
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Allows the use of security tokens and smart cards (see below). </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Allows multiple users to mount a single volume using different user passwords or PINs. Just give each user a security token or smart card containing the same VeraCrypt keyfile and let them choose their personal password or PIN that will protect their security
|
||||
token or smart card. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Allows managing multi-user <em style="text-align:left">shared</em> access (all keyfile holders must present their keyfiles before a volume can be mounted).
|
||||
</li></ul>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Any kind of file (for example, .txt, .exe, mp3**, .avi) can be used as a VeraCrypt keyfile (however, we recommend that you prefer compressed files, such as .mp3, .jpg, .zip, etc).
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Note that VeraCrypt never modifies the keyfile contents. You can select more than one keyfile; the order does not matter. You can also let VeraCrypt generate a file with random content and use it as a keyfile. To do so, select
|
||||
<em style="text-align:left">Tools > Keyfile Generator</em>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Note: Keyfiles are currently not supported for system encryption.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
WARNING: If you lose a keyfile or if any bit of its first 1024 kilobytes changes, it will be impossible to mount volumes that use the keyfile!</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<em style="text-align:left"><strong style="text-align:left">WARNING: If password caching is enabled, the password cache also contains the processed contents of keyfiles used to successfully mount a volume. Then it is possible to remount the volume even if the
|
||||
keyfile is not available/accessible.</strong> To prevent this, click '</em>Wipe Cache<em style="text-align:left">' or disable password caching (for more information, please see the subsection
|
||||
</em>'Settings -> Preferences'<em style="text-align:left">, item </em>'Cache passwords in driver memory'<em style="text-align:left"> in the section
|
||||
</em><a href="Program%20Menu.html" style="text-align:left; color:#0080c0; text-decoration:none.html">Program Menu</a>).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
See also the section <a href="Choosing%20Passwords%20and%20Keyfiles.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Choosing Passwords and Keyfiles</a> in the chapter <a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Security Requirements and Precautions</a>.</div>
|
||||
<p> </p>
|
||||
<h3 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:13px; margin-bottom:4px">
|
||||
Keyfiles Dialog Window</h3>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
If you want to use keyfiles (i.e. "apply" them) when creating or mounting volumes, or changing passwords, look for the '<em style="text-align:left">Use keyfiles</em>' option and the
|
||||
<em style="text-align:left">Keyfiles</em> button below a password input field.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<img src="Keyfiles in VeraCrypt_Image_040.gif" alt="VeraCrypt Keyfiles dialog" width="450" height="164"></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
These control elements appear in various dialog windows and always have the same functions. Check the
|
||||
<em style="text-align:left">Use keyfiles </em>option and click <em style="text-align:left">
|
||||
Keyfiles. </em>The keyfile dialog window should appear where you can specify keyfiles (to do so, click
|
||||
<em style="text-align:left">Add File</em>s or <em style="text-align:left">Add Token Files</em>)<em style="text-align:left"> or</em> keyfile search paths (click
|
||||
<em style="text-align:left">Add Path</em>).</div>
|
||||
<p> </p>
|
||||
<h3 id="SmartCard" style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:13px; margin-bottom:4px">
|
||||
Security Tokens and Smart Cards</h3>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
VeraCrypt can directly use keyfiles stored on a security token or smart card that complies with the PKCS #11 (2.0 or later) standard [23] and that allows the user to store a file (data object) on the token/card. To use such files as VeraCrypt keyfiles,
|
||||
click <em style="text-align:left">Add Token Files</em> (in the keyfile dialog window).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Access to a keyfile stored on a security token or smart card is typically protected by PIN codes, which can be entered either using a hardware PIN pad or via the VeraCrypt GUI. It can also be protected by other means, such as fingerprint readers.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
In order to allow VeraCrypt to access a security token or smart card, you need to install a PKCS #11 (2.0 or later) software library for the token or smart card first. Such a library may be supplied with the device or it may be available for download from the
|
||||
website of the vendor or other third parties.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
If your security token or smart card does not contain any file (data object) that you could use as a VeraCrypt keyfile, you can use VeraCrypt to import any file to the token or smart card (if it is supported by the device). To do so, follow these steps:</div>
|
||||
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
In the keyfile dialog window, click <em style="text-align:left">Add Token Files</em>.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
If the token or smart card is protected by a PIN, password, or other means (such as a fingerprint reader), authenticate yourself (for example, by entering the PIN using a hardware PIN pad).
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
The 'Security Token Keyfile' dialog window should appear. In it, click <em style="text-align:left">
|
||||
Import Keyfile to Token</em> and then select the file you want to import to the token or smart card.
|
||||
</li></ol>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Note that you can import for example 512-bit keyfiles with random content generated by VeraCrypt (see
|
||||
<em style="text-align:left">Tools > Keyfile Generator</em> below).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
To close all opened security token sessions, either select <em style="text-align:left">
|
||||
Tools</em> > <em style="text-align:left">Close All Security Token Sessions</em> or define and use a hotkey combination (<em style="text-align:left">Settings</em> >
|
||||
<em style="text-align:left">Hot Keys > Close All Security Token Sessions</em>).</div>
|
||||
<p> </p>
|
||||
<h3 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:13px; margin-bottom:4px">
|
||||
Keyfile Search Path</h3>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
By adding a folder in the keyfile dialog window (click <em style="text-align:left">
|
||||
Add Path</em>), you specify a <em style="text-align:left">keyfile search path</em>. All files found in the keyfile search path* will be used as keyfiles except files that have the Hidden file attribute set.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left"><em style="text-align:left">Important: Note that folders (and files they contain) and hidden files found in a keyfile search path are ignored.</em></strong></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Keyfile search paths are especially useful if you, for example, store keyfiles on a USB memory stick that you carry with you. You can set the drive letter of the USB memory stick as a default keyfile search path. To do so, select
|
||||
<em style="text-align:left">Settings </em>-> <em style="text-align:left">Default Keyfiles</em>. Then click
|
||||
<br style="text-align:left">
|
||||
<em style="text-align:left">Add Path</em>, browse to the drive letter assigned to the USB memory stick, and click
|
||||
<em style="text-align:left">OK</em>. Now each time you mount a volume (and if the option
|
||||
<em style="text-align:left">Use keyfiles</em> is checked in the password dialog window), VeraCrypt will scan the path and use all files that it finds on the USB memory stick as keyfiles.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left"><em style="text-align:left">WARNING: When you add a folder (as opposed to a file) to the list of keyfiles, only the path is remembered, not the filenames! This means e.g. that if you create a new file in the folder or if you
|
||||
copy an additional file to the folder, then all volumes that used keyfiles from the folder will be impossible to mount (until you remove the newly added file from the folder).
|
||||
</em></strong></div>
|
||||
<p> </p>
|
||||
<h3 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:13px; margin-bottom:4px">
|
||||
Empty Password & Keyfile</h3>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
When a keyfile is used, the password may be empty, so the keyfile may become the only item necessary to mount the volume (which we do not recommend). If default keyfiles are set and enabled when mounting a volume, then before prompting for a password, VeraCrypt
|
||||
first automatically attempts to mount using an empty password plus default keyfiles (however, this does not apply to the '<em style="text-align:left">Auto-Mount Devices</em>' function). If you need to set Mount Options (e.g., mount as read-only, protect hidden
|
||||
volume etc.) for a volume being mounted this way, hold down the <em style="text-align:left">
|
||||
Control </em>(<em style="text-align:left">Ctrl</em>) key while clicking <em style="text-align:left">
|
||||
Mount </em>(or select <em style="text-align:left">Mount with Options </em>from the
|
||||
<em style="text-align:left">Volumes </em>menu). This will open the <em style="text-align:left">
|
||||
Mount Options </em>dialog.</div>
|
||||
<p> </p>
|
||||
<h3 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:13px; margin-bottom:4px">
|
||||
Quick Selection</h3>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Keyfiles and keyfile search paths can be quickly selected in the following ways:</div>
|
||||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Right-click the <em style="text-align:left">Keyfiles</em> button in the password entry dialog window and select one of the menu items.
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Drag the corresponding file/folder icons to the keyfile dialog window or to the password entry dialog.
|
||||
</li></ul>
|
||||
<p> </p>
|
||||
<h3 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:13px; margin-bottom:4px">
|
||||
Volumes -> Add/Remove Keyfiles to/from Volume</h3>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
This function allows you to re-encrypt a volume header with a header encryption key derived from any number of keyfiles (with or without a password), or no keyfiles at all. Thus, a volume which is possible to mount using only a password can be converted to
|
||||
a volume that require keyfiles (in addition to the password) in order to be possible to mount. Note that the volume header contains the master encryption key with which the volume is encrypted. Therefore, the data stored on the volume will
|
||||
<em style="text-align:left">not</em> be lost after you use this function.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
This function can also be used to change/set volume keyfiles (i.e., to remove some or all keyfiles, and to apply new ones).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Remark: This function is internally equal to the Password Change function.<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
When VeraCrypt re-encrypts a volume header, the original volume header is first overwritten 256 times with random data to prevent adversaries from using techniques such as magnetic force microscopy or magnetic force scanning tunneling microscopy [17] to recover
|
||||
the overwritten header (however, see also the chapter <a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Security Requirements and Precautions</a>).</div>
|
||||
<p> </p>
|
||||
<h3 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:13px; margin-bottom:4px">
|
||||
Volumes -> Remove All Keyfiles from Volume</h3>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
This function allows you to re-encrypt a volume header with a header encryption key derived from a password and no keyfiles (so that it can be mounted using only a password, without any keyfiles). Note that the volume header contains the master encryption key
|
||||
with which the volume is encrypted. Therefore, the data stored on the volume will
|
||||
<em style="text-align:left">not</em> be lost after you use this function.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Remark: This function is internally equal to the Password Change function.<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
When VeraCrypt re-encrypts a volume header, the original volume header is first overwritten 256 times with random data to prevent adversaries from using techniques such as magnetic force microscopy or magnetic force scanning tunneling microscopy [17] to recover
|
||||
the overwritten header (however, see also the chapter <a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Security Requirements and Precautions</a>).</div>
|
||||
<p> </p>
|
||||
<h3 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:13px; margin-bottom:4px">
|
||||
Tools > Keyfile Generator</h3>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
You can use this function to generate a file or more with random content, which you can use as a keyfile(s) (recommended). This function uses the VeraCrypt Random Number Generator. Note that, by default, only one key file is generated and the resulting file
|
||||
size is 64 bytes (i.e., 512 bits), which is also the maximum possible VeraCrypt password length. It is also possible to generate multiple files and specify their size (either a fixed value for all of them or let VeraCrypt choose file sizes randomly). In all
|
||||
cases, the file size must be comprised between 64 bytes and 1048576 bytes (which is equal to 1MB, the maximum number of a key file bytes processed by VeraCrypt).</div>
|
||||
<h3 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:13px; margin-bottom:4px">
|
||||
Settings -> Default Keyfiles</h3>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Use this function to set default keyfiles and/or default keyfile search paths. This function is particularly useful if you, for example, store keyfiles on a USB memory stick that you carry with you. You can add its drive letter to the default keyfile configuration.
|
||||
To do so, click <em style="text-align:left">Add Path</em>, browse to the drive letter assigned to the USB memory stick, and click
|
||||
<em style="text-align:left">OK</em>. Now each time you mount a volume (and if <em style="text-align:left">
|
||||
Use keyfiles</em> is checked in the password dialog), VeraCrypt will scan the path and use all files that it finds there as keyfiles.<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
<strong style="text-align:left"><em style="text-align:left">WARNING: When you add a folder (as opposed to a file) to your default keyfile list, only the path is remembered, not the filenames! This means e.g. that if you create a new file in the folder or if
|
||||
you copy an additional file to the folder, then all volumes that used keyfiles from the folder will be impossible to mount (until you remove the newly added file from the folder).
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
</em></strong><span style="text-align:left; font-style:italic">IMPORTANT: Note that when you set default keyfiles and/or default keyfile search paths, the filenames and paths are saved unencrypted in the file
|
||||
</span>Default Keyfiles.xml<span style="text-align:left; font-style:italic">. For more information, please see the chapter
|
||||
</span><a href="VeraCrypt%20System%20Files.html" style="text-align:left; color:#0080c0; text-decoration:none">VeraCrypt System Files & Application Data</a><span style="text-align:left; font-style:italic.html">.
|
||||
</span></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<em style="text-align:left"><br style="text-align:left">
|
||||
</em></div>
|
||||
<hr align="left" size="1" width="189" style="text-align:left; height:0px; border-width:0px 1px 1px; border-style:solid; border-color:#000000">
|
||||
<p><span style="text-align:left; font-size:10px; line-height:12px">* Found at the time when you are mounting the volume, changing its password, or performing any other operation that involves re-encryption of the volume header.<br style="text-align:left">
|
||||
** However, if you use an MP3 file as a keyfile, you must ensure that no program modifies the ID3 tags within the MP3 file (e.g. song title, name of artist, etc.). Otherwise, it will be impossible to mount volumes that use the keyfile.<br style="text-align:left">
|
||||
</span></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
BIN
doc/html/Keyfiles in VeraCrypt_Image_040.gif
Normal file
After Width: | Height: | Size: 26 KiB |
81
doc/html/Keyfiles.html
Normal file
@ -0,0 +1,81 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Technical%20Details.html">Technical Details</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Keyfiles.html">Keyfiles</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Keyfiles</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<p>VeraCrypt keyfile is a file whose content is combined with a password. The user can use any kind of file as a VeraCrypt keyfile. The user can also generate a keyfile using the built-in keyfile generator, which utilizes the VeraCrypt RNG to generate a file
|
||||
with random content (for more information, see the section <a href="Random%20Number%20Generator.html">
|
||||
<em>Random Number Generator</em></a>).</p>
|
||||
<p>The maximum size of a keyfile is not limited; however, only its first 1,048,576 bytes (1 MB) are processed (all remaining bytes are ignored due to performance issues connected with processing extremely large files). The user can supply one or more keyfiles
|
||||
(the number of keyfiles is not limited).</p>
|
||||
<p>Keyfiles can be stored on PKCS-11-compliant [23] security tokens and smart cards protected by multiple PIN codes (which can be entered either using a hardware PIN pad or via the VeraCrypt GUI).</p>
|
||||
<p>Keyfiles are processed and applied to a password using the following method:</p>
|
||||
<ol>
|
||||
<li>Let <em>P</em> be a VeraCrypt volume password supplied by user (may be empty)
|
||||
</li><li>Let <em>KP</em> be the keyfile pool </li><li>Let <em>kpl</em> be the size of the keyfile pool <em>KP</em>, in bytes (64, i.e., 512 bits);
|
||||
<p>kpl must be a multiple of the output size of a hash function H</p>
|
||||
</li><li>Let <em>pl</em> be the length of the password <em>P</em>, in bytes (in the current version: 0 ≤
|
||||
<em>pl</em> ≤ 64) </li><li>if <em>kpl > pl</em>, append (<em>kpl – pl</em>) zero bytes to the password
|
||||
<em>P</em> (thus <em>pl = kpl</em>) </li><li>Fill the keyfile pool <em>KP</em> with <em>kpl</em> zero bytes. </li><li>For each keyfile perform the following steps:
|
||||
<ol type="a">
|
||||
<li>Set the position of the keyfile pool cursor to the beginning of the pool </li><li>Initialize the hash function <em>H</em> </li><li>Load all bytes of the keyfile one by one, and for each loaded byte perform the following steps:
|
||||
<ol type="i">
|
||||
<li>Hash the loaded byte using the hash function <em>H</em> without initializing the hash, to obtain an intermediate hash (state)
|
||||
<em>M.</em> Do not finalize the hash (the state is retained for next round). </li><li>Divide the state <em>M</em> into individual bytes.<br>
|
||||
For example, if the hash output size is 4 bytes, (<em>T</em><sub>0</sub> || <em>T</em><sub>1</sub> ||
|
||||
<em>T</em><sub>2</sub> || <em>T</em><sub>3</sub>) = <em>M</em> </li><li>Write these bytes (obtained in step 7.c.ii) individually to the keyfile pool with the modulo 2<sup>8</sup> addition operation (not by replacing the old values in the pool) at the position of the pool cursor. After a byte is written, the pool cursor position
|
||||
is advanced by one byte. When the cursor reaches the end of the pool, its position is set to the beginning of the pool.
|
||||
</li></ol>
|
||||
</li></ol>
|
||||
</li><li>Apply the content of the keyfile pool to the password <em>P</em> using the following method:
|
||||
<ol type="a">
|
||||
<li>Divide the password <em>P</em> into individual bytes <em>B</em><sub>0</sub>...<em>B</em><sub>pl-1</sub>.<br>
|
||||
Note that if the password was shorter than the keyfile pool, then the password was padded with zero bytes to the length of the pool in Step 5 (hence, at this point the length of the password is always greater than or equal to the length of the keyfile pool).
|
||||
</li><li>Divide the keyfile pool <em>KP</em> into individual bytes <em>G</em><sub>0</sub>...<em>G</em><sub>kpl-1</sub>
|
||||
</li><li>For 0 ≤ i < kpl perform: Bi = Bi ⊕ Gi </li><li><em>P</em> = <em>B</em><sub>0</sub> || <em>B</em><sub>1</sub> || ... || <em>B</em><sub>pl-2</sub> ||
|
||||
<em>B</em><sub>pl-1</sub> </li></ol>
|
||||
</li><li>The password <em>P</em> (after the keyfile pool content has been applied to it) is now passed to the header key derivation function PBKDF2 (PKCS #5 v2), which processes it (along with salt and other data) using a cryptographically secure hash algorithm
|
||||
selected by the user (e.g., SHA-512). See the section <a href="Header%20Key%20Derivation.html">
|
||||
<em>Header Key Derivation, Salt, and Iteration Count</em></a> for more information.
|
||||
</li></ol>
|
||||
<p>The role of the hash function <em>H</em> is merely to perform diffusion [2]. CRC-32 is used as the hash function
|
||||
<em>H</em>. Note that the output of CRC-32 is subsequently processed using a cryptographically secure hash algorithm: The keyfile pool content (in addition to being hashed using CRC-32) is applied to the password, which is then passed to the header key derivation
|
||||
function PBKDF2 (PKCS #5 v2), which processes it (along with salt and other data) using a cryptographically secure hash algorithm selected by the user (e.g., SHA-512). The resultant values are used to form the header key and the secondary header key (XTS mode).</p>
|
||||
<p> </p>
|
||||
<p><a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
44
doc/html/Kuznyechik.html
Normal file
@ -0,0 +1,44 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Encryption%20Algorithms.html">Encryption Algorithms</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Kuznyechik.html">Kuznyechik</a>
|
||||
</p></div>
|
||||
<div class="wikidoc">
|
||||
<h1>Kuznyechik</h1>
|
||||
<p>Kuznyechik is a 128-bit block cipher first published in 2015 and defined in the National Standard of the Russian Federation <a href="http://tc26.ru/en/standard/gost/GOST_R_34_12_2015_ENG.pdf">GOST R 34.12-2015</a> and also in
|
||||
<a href="https://tools.ietf.org/html/rfc7801">RFC 7801</a>. It supersedes the old GOST-89 block cipher although it doesn't obsolete it.</p>
|
||||
<p>VeraCrypt uses Kuznyechik with 10 rounds and a 256-bit key operating in <a href="Modes%20of%20Operation.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
XTS mode</a> (see the section <a href="Modes%20of%20Operation.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Modes of Operation</a>).</p>
|
||||
<p><a href="Serpent.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
54
doc/html/Language Packs.html
Normal file
@ -0,0 +1,54 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Language%20Packs.html">Language Packs</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Language Packs</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
Language packs contain third-party translations of the VeraCrypt user interface texts. Note that language packs are currently supported only by the Windows version of VeraCrypt.</div>
|
||||
<h3>Installation</h3>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Since version 1.0e, all language packs are included in the VeraCrypt Windows installer and they can be found in VeraCrypt installation directory. To select a new language, run VeraCrypt, select
|
||||
<em style="text-align:left">Settings </em>-> <em style="text-align:left">Language</em>, then select your language and click
|
||||
<em style="text-align:left">OK</em>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
To revert to English, select <em style="text-align:left">Settings</em> -> <em style="text-align:left">
|
||||
Language</em>. Then select <em style="text-align:left">English</em> and click <em style="text-align:left">
|
||||
OK</em>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
You can still download an archive containing all language packs for the latest version (1.19) from
|
||||
<a href="https://launchpad.net/veracrypt/trunk/1.19/+download/VeraCrypt_1.19_Language_Files.zip">
|
||||
the following link</a>.</div>
|
||||
</div>
|
||||
</body></html>
|
65
doc/html/Legal Information.html
Normal file
@ -0,0 +1,65 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Legal%20Information.html">Legal Information</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<div>
|
||||
<h1>Legal Information</h1>
|
||||
<h3>License</h3>
|
||||
<p>The text of the license under which VeraCrypt is distributed is contained in the file
|
||||
<em>License.txt</em> that is included in the VeraCrypt binary and source code distribution packages.</p>
|
||||
<p>More information on the license <a href="VeraCrypt%20License.html">
|
||||
can be found here</a>.</p>
|
||||
<h3>Copyright Information</h3>
|
||||
<p>This software as a whole:<br>
|
||||
<br>
|
||||
Copyright © 2013-2016 IDRIX. All rights reserved.<br>
|
||||
<br>
|
||||
Portions of this software:</p>
|
||||
<p>Copyright © 2013-2016 IDRIX. All rights reserved.<br>
|
||||
<br>
|
||||
Copyright © 2003-2012 TrueCrypt Developers Association. All rights reserved.</p>
|
||||
<p>Copyright © 1998-2000 Paul Le Roux. All rights reserved.<br>
|
||||
<br>
|
||||
Copyright © 1998-2008 Brian Gladman, Worcester, UK. All rights reserved.</p>
|
||||
<p>Copyright © 1995-2017 Jean-loup Gailly and Mark Adler.</p>
|
||||
<p>Copyright © 2016 Disk Cryptography Services for EFI (DCS), Alex Kolotnikov</p>
|
||||
<p>Copyright © 1999-2014 Dieter Baron and Thomas Klausner.</p>
|
||||
<p>Copyright © 2013, Alexey Degtyarev. All rights reserved.</p>
|
||||
<p>Copyright © 1999-2013,2014,2015,2016 Jack Lloyd. All rights reserved.<br>
|
||||
<br>
|
||||
For more information, please see the legal notices attached to parts of the source code.</p>
|
||||
<h3>Trademark Information</h3>
|
||||
<p>Any trademarks mentioned in this document are the sole property of their respective owners.</p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
110
doc/html/Main Program Window.html
Normal file
@ -0,0 +1,110 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Main%20Program%20Window.html">Main Program Window</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Main Program Window</h1>
|
||||
<h3>Select File</h3>
|
||||
<p>Allows you to select a file-hosted VeraCrypt volume. After you select it, you can perform various operations on it (e.g., mount it by clicking ‘Mount’). It is also possible to select a volume by dragging its icon to the ‘VeraCrypt.exe’
|
||||
icon (VeraCrypt will be automatically launched then) or to the main program window.</p>
|
||||
<h3>Select Device</h3>
|
||||
<p>Allows you to select a VeraCrypt partition or a storage device (such as a USB memory stick). After it is selected, you can perform various operations with it (e.g., mount it by clicking ‘Mount’).<br>
|
||||
<br>
|
||||
Note: There is a more comfortable way of mounting VeraCrypt partitions/devices – see the section
|
||||
<em>Auto-Mount Devices</em> for more information.</p>
|
||||
<h3>Mount</h3>
|
||||
<p>After you click ‘Mount’, VeraCrypt will try to mount the selected volume using cached passwords (if there are any) and if none of them works, it prompts you for a password. If you enter the correct password (and/or provide correct keyfiles),
|
||||
the volume will be mounted.</p>
|
||||
<p>Important: Note that when you exit the VeraCrypt application, the VeraCrypt driver continues working and no VeraCrypt volume is dismounted.</p>
|
||||
<h3 id="AutoMountDevices">Auto-Mount Devices</h3>
|
||||
<p>This function allows you to mount VeraCrypt partitions/devices without having to select them manually (by clicking ‘Select Device’). VeraCrypt scans headers of all available partitions/devices on your system (except DVD drives and similar devices)
|
||||
one by one and tries to mount each of them as a VeraCrypt volume. Note that a VeraCrypt partition/device cannot be identified, nor the cipher it has been encrypted with. Therefore, the program cannot directly “find” VeraCrypt partitions. Instead,
|
||||
it has to try mounting each (even unencrypted) partition/device using all encryption algorithms and all cached passwords (if there are any). Therefore, be prepared that this process may take a long time on slow computers.<br>
|
||||
<br>
|
||||
If the password you enter is wrong, mounting is attempted using cached passwords (if there are any). If you enter an empty password and if
|
||||
<em>Use keyfiles</em> is unchecked, only the cached passwords will be used when attempting to auto-mount partitions/devices. If you do not need to set mount options, you can bypass the password prompt by holding down the
|
||||
<em>Shift</em> key when clicking <em>Auto- Mount Devices</em> (only cached passwords will be used, if there are any).<br>
|
||||
<br>
|
||||
Drive letters will be assigned starting from the one that is selected in the drive list in the main window.</p>
|
||||
<h3>Dismount</h3>
|
||||
<p>This function allows you to dismount the VeraCrypt volume selected in the drive list in the main window. To dismount a VeraCrypt volume means to close it and make it impossible to read/write from/to the volume.</p>
|
||||
<h3>Dismount All</h3>
|
||||
<p>Note: The information in this section applies to all menu items and buttons with the same or similar caption (for example, it also applies to the system tray menu item
|
||||
<em>Dismount All</em>).<br>
|
||||
<br>
|
||||
This function allows you to dismount multiple VeraCrypt volumes. To dismount a VeraCrypt volume means to close it and make it impossible to read/write from/to the volume. This function dismounts all mounted VeraCrypt volumes except the following:</p>
|
||||
<ul>
|
||||
<li>Partitions/drives within the key scope of active system encryption (e.g., a system partition encrypted by VeraCrypt, or a non-system partition located on a system drive encrypted by VeraCrypt, mounted when the encrypted operating system is running).
|
||||
</li><li>VeraCrypt volumes that are not fully accessible to the user account (e.g. a volume mounted from within another user account).
|
||||
</li><li>VeraCrypt volumes that are not displayed in the VeraCrypt application window. For example, system favorite volumes attempted to be dismounted by an instance of VeraCrypt without administrator privileges when the option '<em>Allow only administrators to
|
||||
view and dismount system favorite volumes in VeraCrypt</em>' is enabled. </li></ul>
|
||||
<h3>Wipe Cache</h3>
|
||||
<p>Clears all passwords (which may also contain processed keyfile contents) cached in driver memory. When there are no passwords in the cache, this button is disabled. For information on password cache, see the section
|
||||
<a href="Mounting%20VeraCrypt%20Volumes.html">
|
||||
<em>Cache Password in Driver Memory</em></a>.</p>
|
||||
<h3>Never Save History</h3>
|
||||
<p>If this option disabled, the file names and/or paths of the last twenty files/devices that were attempted to be mounted as VeraCrypt volumes will be saved in the History file (whose content can be displayed by clicking on the Volume combo-box in the main
|
||||
window).<br>
|
||||
<br>
|
||||
When this option is enabled, VeraCrypt clears the registry entries created by the Windows file selector for VeraCrypt, and sets the “current directory” to the user’s home directory (in portable mode, to the directory from which VeraCrypt was
|
||||
launched) whenever a container or keyfile is selected via the Windows file selector. Therefore, the Windows file selector will not remember the path of the last mounted container (or the last selected keyfile). However, note that the operations described in
|
||||
this paragraph are <em>not</em> guaranteed to be performed reliably and securely (see e.g.
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">
|
||||
<em>Security Requirements and Precautions</em></a>) so we strongly recommend that you encrypt the system partition/drive instead of relying on them (see
|
||||
<a href="System%20Encryption.html"><em>System Encryption</em></a>).<br>
|
||||
<br>
|
||||
Furthermore, if this option is enabled, the volume path input field in the main VeraCrypt window is cleared whenever you hide VeraCrypt.<br>
|
||||
<br>
|
||||
Note: You can clear the volume history by selecting <em>Tools</em> -> <em>Clear Volume History</em>.</p>
|
||||
<h3>Exit</h3>
|
||||
<p>Terminates the VeraCrypt application. The driver continues working and no VeraCrypt volumes are dismounted. When running in ‘portable’ mode, the VeraCrypt driver is unloaded when it is no longer needed (e.g., when all instances of the main application
|
||||
and/or of the Volume Creation Wizard are closed and no VeraCrypt volumes are mounted). However, if you force dismount on a</p>
|
||||
<p>VeraCrypt volume when VeraCrypt runs in portable mode, or mount a writable NTFS-formatted volume on Windows Vista or later, the VeraCrypt driver may
|
||||
<em>not</em> be unloaded when you exit VeraCrypt (it will be unloaded only when you shut down or restart the system). This prevents various problems caused by a bug in Windows (for instance, it would be impossible to start VeraCrypt again as long as there are
|
||||
applications using the dismounted volume).</p>
|
||||
<h3>Volume Tools</h3>
|
||||
<h4>Change Volume Password</h4>
|
||||
<p>See the section <a href="Program%20Menu.html">
|
||||
<em>Volumes -> Change Volume Password</em></a>.</p>
|
||||
<h4>Set Header Key Derivation Algorithm</h4>
|
||||
<p>See the section <a href="Program%20Menu.html">
|
||||
<em>Volumes -> Set Header Key Derivation Algorithm</em></a>.</p>
|
||||
<h4>Backup Volume Header</h4>
|
||||
<p>See the section <a href="Program%20Menu.html#tools-backup-volume-header">
|
||||
<em>Tools -> Backup Volume Header</em></a>.</p>
|
||||
<h4>Restore Volume Header</h4>
|
||||
<p>See the section <a href="Program%20Menu.html#tools-restore-volume-header">
|
||||
<em>Tools -> Restore Volume Header</em></a>.</p>
|
||||
<p> </p>
|
||||
<p><a href="Program%20Menu.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
61
doc/html/Malware.html
Normal file
@ -0,0 +1,61 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Malware.html">Malware</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Malware</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
The term 'malware' refers collectively to all types of malicious software, such as computer viruses, Trojan horses, spyware, or generally any piece of software (including VeraCrypt or an operating system component) that has been altered, prepared, or can be
|
||||
controlled, by an attacker. Some kinds of malware are designed e.g. to log keystrokes, including typed passwords (such captured passwords are then either sent to the attacker over the Internet or saved to an unencrypted local drive from which the attacker
|
||||
might be able to read it later, when he or she gains physical access to the computer). If you use VeraCrypt on a computer infected with any kind of malware, VeraCrypt may become unable to secure data on the computer.* Therefore, you must
|
||||
<em style="text-align:left">not</em> use VeraCrypt on such a computer.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
It is important to note that VeraCrypt is encryption software, <em style="text-align:left">
|
||||
not</em> anti-malware software. It is your responsibility to prevent malware from running on the computer. If you do not, VeraCrypt may become unable to secure data on the computer.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
There are many rules that you should follow to help prevent malware from running on your computer. Among the most important rules are the following: Keep your operating system, Internet browser, and other critical software, up-to-date. In Windows XP or later,
|
||||
turn on DEP for all programs.** Do not open suspicious email attachments, especially executable files, even if they appear to have been sent by your relatives or friends (their computers might be infected with malware sending malicious emails from their computers/accounts
|
||||
without their knowledge). Do not follow suspicious links contained in emails or on websites (even if the email/website appears to be harmless or trustworthy). Do not visit any suspicious websites. Do not download or install any suspicious software. Consider
|
||||
using good, trustworthy, anti-malware software.</div>
|
||||
<p><br style="text-align:left">
|
||||
</p>
|
||||
<hr align="left" size="1" width="189" style="text-align:left; height:0px; border-width:0px 1px 1px; border-style:solid; border-color:#000000">
|
||||
<p><span style="text-align:left; font-size:10px; line-height:12px">* In this section (<em style="text-align:left">Malware</em>), the phrase "data on the computer" means data on internal and external storage devices/media (including removable devices and network
|
||||
drives) connected to the computer.</span><br style="text-align:left">
|
||||
<span style="text-align:left; font-size:10px; line-height:12px">** DEP stands for Data Execution Prevention. For more information about DEP, please visit
|
||||
<a href="https://support.microsoft.com/kb/875352" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
https://support.microsoft.com/kb/875352</a> and <a href="http://technet.microsoft.com/en-us/library/cc700810.aspx" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
http://technet.microsoft.com/en-us/library/cc700810.aspx</a>.</span></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
65
doc/html/Memory Dump Files.html
Normal file
@ -0,0 +1,65 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Data%20Leaks.html">Data Leaks</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Memory%20Dump%20Files.html">Memory Dump Files</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Memory Dump Files</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<em style="text-align:left">Note: The issue described below does <strong style="text-align:left">
|
||||
not</strong> affect you if the system partition or system drive is encrypted (for more information, see the chapter
|
||||
<a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
System Encryption</a>) and if the system is configured to write memory dump files to the system drive (which it typically is, by default).</em></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Most operating systems, including Windows, can be configured to write debugging information and contents of the system memory to so-called memory dump files (also called crash dump files) when an error occurs (system crash, "blue screen," bug check). Therefore,
|
||||
memory dump files may contain sensitive data. VeraCrypt <em style="text-align:left">
|
||||
cannot</em> prevent cached passwords, encryption keys, and the contents of sensitive files opened in RAM from being saved
|
||||
<em style="text-align:left">unencrypted</em> to memory dump files. Note that when you open a file stored on a VeraCrypt volume, for example, in a text editor, then the content of the file is stored
|
||||
<em style="text-align:left">unencrypted</em> in RAM (and it may remain <em style="text-align:left">
|
||||
unencrypted </em>in RAM until the computer is turned off). Also note that when a VeraCrypt volume is mounted, its master key is stored
|
||||
<em style="text-align:left">unencrypted</em> in RAM. Therefore, you must disable memory dump file generation on your computer at least for each session during which you work with any sensitive data and during which you mount a VeraCrypt volume. To do so in
|
||||
Windows XP or later, right-click the '<em style="text-align:left">Computer</em>' (or '<em style="text-align:left">My Computer</em>') icon on the desktop or in the
|
||||
<em style="text-align:left">Start Menu</em>, and then select <em style="text-align:left">
|
||||
Properties</em> > (on Windows Vista or later: > <em style="text-align:left">
|
||||
Advanced System Settings</em> >) <em style="text-align:left">Advanced </em>tab > section
|
||||
<em style="text-align:left">Startup and Recovery </em>> <em style="text-align:left">
|
||||
Settings > </em>section <em style="text-align:left">Write debugging information
|
||||
</em>> select <em style="text-align:left">(none)</em> > <em style="text-align:left">
|
||||
OK</em>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<em style="text-align:left">Note for users of Windows XP/2003</em>: As Windows XP and Windows 2003 do not provide any API for encryption of memory dump files, if the system partition/drive is encrypted by VeraCrypt and your Windows XP system is configured to
|
||||
write memory dump files to the system drive, the VeraCrypt driver automatically prevents Windows from writing any data to memory dump files<em style="text-align:left">.</em></div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
48
doc/html/Miscellaneous.html
Normal file
@ -0,0 +1,48 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Miscellaneous.html">Miscellaneous</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Miscellaneous</h1>
|
||||
<ul>
|
||||
<li><a href="Using%20VeraCrypt%20Without%20Administrator%20Privileges.html">Use Without Admin Rights</a>
|
||||
</li><li><a href="Sharing%20over%20Network.html">Sharing over Network</a>
|
||||
</li><li><a href="VeraCrypt%20Background%20Task.html">Background Task</a>
|
||||
</li><li><a href="Removable%20Medium%20Volume.html">Removable Medium Volumes</a>
|
||||
</li><li><a href="VeraCrypt%20System%20Files.html">VeraCrypt System Files</a>
|
||||
</li><li><a href="Removing%20Encryption.html">Removing Encryption</a>
|
||||
</li><li><a href="Uninstalling%20VeraCrypt.html">Uninstalling VeraCrypt</a>
|
||||
</li><li><a href="Digital%20Signatures.html">Digital Signatures</a>
|
||||
</li></ul>
|
||||
</div>
|
||||
</body></html>
|
130
doc/html/Modes of Operation.html
Normal file
@ -0,0 +1,130 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Technical%20Details.html">Technical Details</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Modes%20of%20Operation.html">Modes of Operation</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Modes of Operation</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
The mode of operation used by VeraCrypt for encrypted partitions, drives, and virtual volumes is XTS.
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
XTS mode is in fact XEX mode <a href="http://www.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf">
|
||||
[12]</a>, which was designed by Phillip Rogaway in 2003, with a minor modification (XEX mode uses a single key for two different purposes, whereas XTS mode uses two independent keys).<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
In 2010, XTS mode was approved by NIST for protecting the confidentiality of data on storage devices [24]. In 2007, it was also approved by the IEEE for cryptographic protection of data on block-oriented storage devices (IEEE 1619).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
</div>
|
||||
<h2 style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left">Description of XTS mode</strong>:</h2>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<em style="text-align:left">C<sub style="text-align:left; font-size:85%">i</sub></em> =
|
||||
<em style="text-align:left">E</em><sub style="text-align:left; font-size:85%"><em style="text-align:left">K</em>1</sub>(<em style="text-align:left">P<sub style="text-align:left; font-size:85%">i</sub></em> ^ (<em style="text-align:left">E</em><sub style="text-align:left; font-size:85%"><em style="text-align:left">K</em>2</sub>(<em style="text-align:left">n</em>)
|
||||
<img src="gf2_mul.gif" alt="" width="10" height="10">
|
||||
<em style="text-align:left">a<sup style="text-align:left; font-size:85%">i</sup></em>)) ^ (<em style="text-align:left">E</em><sub style="text-align:left; font-size:85%"><em style="text-align:left">K</em>2</sub>(<em style="text-align:left">n</em>)
|
||||
<img src="gf2_mul.gif" alt="" width="10" height="10"><em style="text-align:left"> a<sup style="text-align:left; font-size:85%">i</sup></em>)</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Where:</div>
|
||||
<table style="border-collapse:separate; border-spacing:0px; width:608px; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; border:0px outset #999">
|
||||
<tbody style="text-align:left">
|
||||
<tr style="text-align:left">
|
||||
<td style="vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<sup style="text-align:left; font-size:85%"> <img src="gf2_mul.gif" alt="" width="10" height="10"></sup></td>
|
||||
<td style="vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
denotes multiplication of two polynomials over the binary field GF(2) modulo <em style="text-align:left">
|
||||
x</em><sup style="text-align:left; font-size:85%">128</sup>+<em style="text-align:left">x</em><sup style="text-align:left; font-size:85%">7</sup>+<em style="text-align:left">x</em><sup style="text-align:left; font-size:85%">2</sup>+<em style="text-align:left">x</em>+1</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="width:30px; vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<br style="text-align:left">
|
||||
<em style="text-align:left">K</em>1</td>
|
||||
<td style="width:578px; vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<br style="text-align:left">
|
||||
is the encryption key (256-bit for each supported cipher; i.e, AES, Serpent, and Twofish)</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<br style="text-align:left">
|
||||
<em style="text-align:left">K</em>2</td>
|
||||
<td style="vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<br style="text-align:left">
|
||||
is the secondary key (256-bit for each supported cipher; i.e, AES, Serpent, and Twofish)</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<br style="text-align:left">
|
||||
<em style="text-align:left">i</em></td>
|
||||
<td style="vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<br style="text-align:left">
|
||||
is the cipher block index within a data unit; for the first cipher block within a data unit,
|
||||
<em style="text-align:left">i</em> = 0</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<br style="text-align:left">
|
||||
<em style="text-align:left">n</em></td>
|
||||
<td style="vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<br style="text-align:left">
|
||||
is the data unit index within the scope of <em style="text-align:left">K</em>1; for the first data unit,
|
||||
<em style="text-align:left">n</em> = 0</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td style="vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<br style="text-align:left">
|
||||
<em style="text-align:left">a</em></td>
|
||||
<td style="vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<br style="text-align:left">
|
||||
is a primitive element of Galois Field (2<sup style="text-align:left; font-size:85%">128</sup>) that corresponds to polynomial
|
||||
<em style="text-align:left">x</em> (i.e., 2)</td>
|
||||
</tr>
|
||||
<tr style="text-align:left">
|
||||
<td colspan="2" style="vertical-align:top; color:#000000; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; padding:0px">
|
||||
<br style="text-align:left">
|
||||
<span style="text-align:left; font-size:10px; line-height:12px">Note: The remaining symbols are defined in the section
|
||||
<a href="Notation.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Notation</a>. </span></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
The size of each data unit is always 512 bytes (regardless of the sector size).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
For further information pertaining to XTS mode, see e.g. <a href="http://www.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
[12]</a> and <a href="http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf" style="text-align:left; color:#0080c0; text-decoration:none">
|
||||
[24]</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<a href="Header%20Key%20Derivation.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
72
doc/html/Mounting VeraCrypt Volumes.html
Normal file
@ -0,0 +1,72 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Main%20Program%20Window.html">Main Program Window</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Mounting%20VeraCrypt%20Volumes.html">Mounting Volumes</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Mounting VeraCrypt Volumes</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<p>If you have not done so yet, please read the sections ‘<em>Mount</em>‘ and ‘<em>Auto-Mount Devices</em>‘ in the chapter
|
||||
<a href="Main%20Program%20Window.html"><em>Main Program Window</em></a>.</p>
|
||||
<h3>Cache Password in Driver Memory</h3>
|
||||
<p>This option can be set in the password entry dialog so that it will apply only to that particular mount attempt. It can also be set as default in the Preferences. For more information, please see the section
|
||||
<a href="Program%20Menu.html"><em>Settings -> Preferences</em>, subsection
|
||||
<em>Cache passwords in driver memory</em></a>.</p>
|
||||
<h3>Mount Options</h3>
|
||||
<p>Mount options affect the parameters of the volume being mounted. The <em>Mount Options</em> dialog can be opened by clicking on the
|
||||
<em>Mount Options</em> button in the password entry dialog. When a correct password is cached, volumes are automatically mounted after you click
|
||||
<em>Mount</em>. If you need to change mount options for a volume being mounted using a cached password, hold down the
|
||||
<em>Control</em> (<em>Ctrl</em>) key while clicking <em>Mount</em> or a favorite volume in the
|
||||
<em>Favorites</em> menu<em>,</em> or select <em>Mount with Options</em> from the <em>
|
||||
Volumes</em> menu.<br>
|
||||
<br>
|
||||
Default mount options can be configured in the main program preferences (<em>Settings -> Preferences).</em></p>
|
||||
<h4>Mount volume as read-only</h4>
|
||||
<p>When checked, it will not be possible to write any data to the mounted volume.</p>
|
||||
<h4>Mount volume as removable medium</h4>
|
||||
<p>See section <a href="Removable%20Medium%20Volume.html">
|
||||
<em>Volume Mounted as Removable Medium</em></a>.</p>
|
||||
<h4>Use backup header embedded in volume if available</h4>
|
||||
<p>All volumes created by VeraCrypt contain an embedded backup header (located at the end of the volume). If you check this option, VeraCrypt will attempt to mount the volume using the embedded backup header. Note that if the volume header is damaged, you do
|
||||
not have to use this option. Instead, you can repair the header by selecting <em>
|
||||
Tools</em> > <em>Restore Volume Header</em>.</p>
|
||||
<h4>Mount partition using system encryption without pre-boot authentication</h4>
|
||||
<p>Check this option, if you need to mount a partition that is within the key scope of system encryption without pre-boot authentication. For example, if you need to mount a partition located on the encrypted system drive of another operating system that is
|
||||
not running. This can be useful e.g. when you need to back up or repair an operating system encrypted by VeraCrypt (from within another operating system). Note that this option can be enabled also when using the ‘<em>Auto-Mount Devices</em>’ or
|
||||
‘<em>Auto-Mount All Device-Hosted Volumes</em>’ functions.</p>
|
||||
<h4>Hidden Volume Protection</h4>
|
||||
<p>Please see the section <a href="Protection%20of%20Hidden%20Volumes.html">
|
||||
<em>Protection of Hidden Volumes Against Damage</em></a>.</p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
55
doc/html/Multi-User Environment.html
Normal file
@ -0,0 +1,55 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Multi-User%20Environment.html">Multi-User Environment</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<div>
|
||||
<h1>Multi-User Environment</h1>
|
||||
<p>Keep in mind, that the content of a mounted VeraCrypt volume is visible (accessible) to all logged on users. NTFS file/folder permissions can be set to prevent this, unless the volume is mounted as removable medium (see section
|
||||
<a href="Removable%20Medium%20Volume.html">
|
||||
<em>Volume Mounted as Removable Medium</em></a>) under a desktop edition of Windows Vista or later (sectors of a volume mounted as removable medium may be accessible at the volume level to users without administrator privileges, regardless of whether it is
|
||||
accessible to them at the file-system level).<br>
|
||||
<br>
|
||||
Moreover, on Windows, the password cache is shared by all logged on users (for more information, please see the section
|
||||
<em>Settings -> Preferences</em>, subsection <em>Cache passwords in driver memory</em>).<br>
|
||||
<br>
|
||||
Also note that switching users in Windows XP or later (<em>Fast User Switching</em> functionality) does
|
||||
<em>not</em> dismount a successfully mounted VeraCrypt volume (unlike system restart, which dismounts all mounted VeraCrypt volumes).<br>
|
||||
<br>
|
||||
On Windows 2000, the container file permissions are ignored when a file-hosted VeraCrypt volume is to be mounted. On all supported versions of Windows, users without administrator privileges can mount any partition/device-hosted VeraCrypt volume (provided that
|
||||
they supply the correct password and/or keyfiles). A user without administrator privileges can dismount only volumes that he or she mounted. However, this does not apply to system favorite volumes unless you enable the option (disabled by default)
|
||||
<em>Settings</em> > ‘<em>System Favorite Volumes</em>’ > ‘<em>Allow only administrators to view and dismount system favorite volumes in VeraCrypt</em>’.</p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
88
doc/html/Notation.html
Normal file
@ -0,0 +1,88 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Technical%20Details.html">Technical Details</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Notation.html">Notation</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Notation</h1>
|
||||
<p> </p>
|
||||
<table cellspacing="0">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><em>C</em></td>
|
||||
<td>Ciphertext block</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>DK()</em></td>
|
||||
<td>Decryption algorithm using encryption/decryption key <em>K</em></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>EK()</em></td>
|
||||
<td>Encryption algorithm using encryption/decryption key <em>K</em></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>H()</em></td>
|
||||
<td>Hash function</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>i</em></td>
|
||||
<td>Block index for n-bit blocks; n is context-dependent</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>K</em></td>
|
||||
<td>Cryptographic key</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>^</em></td>
|
||||
<td>Bitwise exclusive-OR operation (XOR)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>⊕</em></td>
|
||||
<td>Modulo 2n addition, where n is the bit size of the left-most operand and of the resultant value (e.g., if the left operand is a 1-bit value, and the right operand is a 2-bit value, then: 1 ⊕ 0 = 1; 1 ⊕ 1 = 0; 1 ⊕ 2 = 1; 1 ⊕ 3 = 0;
|
||||
0 ⊕ 0 = 0; 0 ⊕ 1 = 1; 0 ⊕ 2 = 0; 0 ⊕ 3 = 1)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>⊗</em></td>
|
||||
<td>Modular multiplication of two polynomials over the binary field GF(2) modulo x128+x7+x2+x+1 (GF stands for Galois Field)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><em>||</em></td>
|
||||
<td>Concatenation</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<p> </p>
|
||||
<p><a href="Encryption%20Scheme.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div>
|
||||
</body></html>
|
75
doc/html/Paging File.html
Normal file
@ -0,0 +1,75 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Data%20Leaks.html">Data Leaks</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Paging%20File.html">Paging File</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Paging File</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<em style="text-align:left">Note: The issue described below does <strong style="text-align:left">
|
||||
not</strong> affect you if the system partition or system drive is encrypted (for more information, see the chapter
|
||||
<a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
System Encryption</a>) and if all paging files are located on one or more of the partitions within the key scope of
|
||||
<a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
system encryption</a>, for example, on the partition where Windows is installed (for more information, see the fourth paragraph in this subsection</em><em style="text-align:left">).</em></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Paging files, also called swap files, are used by Windows to hold parts of programs and data files that do not fit in memory. This means that sensitive data, which you believe are only stored in RAM, can actually be written
|
||||
<em style="text-align:left">unencrypted</em> to a hard drive by Windows without you knowing.
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Note that VeraCrypt <em style="text-align:left">cannot</em> prevent the contents of sensitive files that are opened in RAM from being saved
|
||||
<em style="text-align:left">unencrypted</em> to a paging file (note that when you open a file stored on a VeraCrypt volume, for example, in a text editor, then the content of the file is stored
|
||||
<em style="text-align:left">unencrypted</em> in RAM).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<strong style="text-align:left">To prevent the issues described above</strong>, encrypt the system partition/drive (for information on how to do so, see the chapter
|
||||
<a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
System Encryption</a>) and make sure that all paging files are located on one or more of the partitions within the key scope of system encryption (for example, on the partition where Windows is installed). Note that the last condition is typically met on Windows
|
||||
XP by default. However, Windows Vista and later versions of Windows are configured by default to create paging files on any suitable volume. Therefore, before, you start using VeraCrypt, you must follow these steps: Right-click the '<em style="text-align:left">Computer</em>'
|
||||
(or '<em style="text-align:left">My Computer</em>') icon on the desktop or in the
|
||||
<em style="text-align:left">Start Menu</em>, and then select <em style="text-align:left">
|
||||
Properties</em> > (<span style="text-align:left">on Windows Vista or later</span>: >
|
||||
<em style="text-align:left">Advanced System Settings</em> >) <em style="text-align:left">
|
||||
Advanced </em>tab > section <em style="text-align:left">Performance </em>> <em style="text-align:left">
|
||||
Settings > Advanced </em>tab > section <em style="text-align:left">Virtual memory
|
||||
</em>><em style="text-align:left"> Change</em>. On Windows Vista or later, disable '<em style="text-align:left">Automatically manage paging file size for all drives</em>'. Then make sure that the list of volumes available for paging file creation contains
|
||||
only volumes within the intended key scope of system encryption (for example, the volume where Windows is installed). To disable paging file creation on a particular volume, select it, then select '<em style="text-align:left">No paging file</em>' and click
|
||||
<em style="text-align:left">Set</em>. When done, click <em style="text-align:left">
|
||||
OK</em> and restart the computer. <br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
<em style="text-align:left">Note: You may also want to consider creating a hidden operating system (for more information, see the section
|
||||
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Hidden Operating System</a>)</em>.</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
50
doc/html/Parallelization.html
Normal file
@ -0,0 +1,50 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Parallelization.html">Parallelization</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Parallelization</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
When your computer has a multi-core processor (or multiple processors), VeraCrypt uses all of the cores (or processors) in parallel for encryption and decryption. For example, when VeraCrypt is to decrypt a chunk of data, it first splits the chunk into several
|
||||
smaller pieces. The number of the pieces is equal to the number of the cores (or processors). Then, all of the pieces are decrypted in parallel (piece 1 is decrypted by thread 1, piece 2 is decrypted by thread 2, etc). The same method is used for encryption.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
So if your computer has, for example, a quad-core processor, then encryption and decryption are four times faster than on a single-core processor with equivalent specifications (likewise, they are twice faster on dual-core processors, etc).</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Increase in encryption/decryption speed is directly proportional to the number of cores and/or processors.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Note: Processors with the Hyper-Threading technology provide multiple logical cores per one physical core (or multiple logical processors per one physical processor). When Hyper Threading is enabled in the computer firmware (e.g. BIOS) settings, VeraCrypt creates
|
||||
one thread for each logical core/processor. For example, on a 6-core processor that provides two logical cores per one physical core, VeraCrypt uses 12 threads.</div>
|
||||
<p><br style="text-align:left">
|
||||
When your computer has a multi-core processor/CPU (or multiple processors/CPUs), <a href="Header%20Key%20Derivation.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
header key derivation</a> is parallelized too. As a result, mounting of a volume is several times faster on a multi-core processor (or multi-processor computer) than on a single-core processor (or a single-processor computer) with equivalent specifications.</p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
118
doc/html/Personal Iterations Multiplier (PIM).html
Normal file
@ -0,0 +1,118 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Technical%20Details.html">Technical Details</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Personal%20Iterations%20Multiplier%20(PIM).html">PIM</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>PIM</h1>
|
||||
<div>
|
||||
<p>PIM stands for "Personal Iterations Multiplier". It is a parameter that was introduced in VeraCrypt 1.12 and whose value controls the number of iterations used by the header key derivation function. This value can be specified through the password dialog
|
||||
or in the command line.</p>
|
||||
<p>If no PIM value is specified, VeraCrypt will use the default number of iterations used in versions prior to 1.12 (see
|
||||
<a href="Header%20Key%20Derivation.html">
|
||||
Header Key Derivation</a>).</p>
|
||||
<p>When a PIM value is specified, the number of iterations is calculated as follows:</p>
|
||||
<ul>
|
||||
<li>For system encryption: Iterations = <strong>PIM x 2048</strong> </li><li>For non-system encryption and file containers: Iterations = <strong>15000 + (PIM x 1000)</strong>
|
||||
</li></ul>
|
||||
<p>Prior to version 1.12, the security of a VeraCrypt volume was only based on the password strength because VeraCrypt was using a fixed number of iterations.<br>
|
||||
With the introduction of PIM, VeraCrypt has a 2-dimensional security space for volumes based on the couple (Password, PIM). This provides more flexibility for adjusting the desired security level while also controlling the performance of the mount/boot operation.</p>
|
||||
<h3>PIM Usage</h3>
|
||||
It is not mandatory to specify a PIM.</div>
|
||||
<div><br>
|
||||
When creating a volume or when changing the password, the user has the possibility to specify a PIM value by checking the "Use PIM" checkbox which in turn will make a PIM field available in the GUI so a PIM value can be entered.</div>
|
||||
<div> </div>
|
||||
<div>The PIM is treated like a secret value that must be entered by the user each time alongside the password. If the incorrect PIM value is specified, the mount/boot operation will fail.</div>
|
||||
<div> </div>
|
||||
<div>Using high PIM values leads to better security thanks to the increased number of iterations but it comes with slower mounting/booting times.</div>
|
||||
<div>With small PIM values, mounting/booting is quicker but this could decrease security if a weak password is used.</div>
|
||||
<div> </div>
|
||||
<div>During the creation of a volume or the encryption of the system, VeraCrypt forces the PIM value to be greater than or equal to a certain minimal value when the password is less than 20 characters. This check is done in order to ensure that, for short passwords,
|
||||
the security level is at least equal to the default level provided by an empty PIM.</div>
|
||||
<div> </div>
|
||||
<div>The PIM minimal value for short passwords is <strong>98</strong> for system encryption and
|
||||
<strong>485</strong> for non-system encryption and files containers. For password with 20 characters and more, the PIM minimal value is
|
||||
<strong>1</strong>. In all cases, leaving the PIM empty or setting its value to 0 will make VeraCrypt use the default high number of iterations as explained in section
|
||||
<a href="Header%20Key%20Derivation.html">
|
||||
Header Key Derivation</a>.</div>
|
||||
<div><br>
|
||||
Motivations behind using a custom PIM value can be:<br>
|
||||
<ul>
|
||||
<li>Add an extra secret parameter (PIM) that an attacker will have to guess </li><li>Increase security level by using large PIM values to thwart future development of brute force attacks.
|
||||
</li><li>Speeding up booting or mounting through the use of a small PIM value (less than 98 for system encryption and less than 485 for the other cases)
|
||||
</li></ul>
|
||||
<p>The screenshots below show the step to mount a volume using a PIM equal to 231:</p>
|
||||
<table style="margin-left:auto; margin-right:auto">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><img src="Personal Iterations Multiplier (PIM)_VeraCrypt_UsePIM_Step1.png" alt="" width="499" height="205"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="Personal Iterations Multiplier (PIM)_VeraCrypt_UsePIM_Step1.png" alt="" width="499" height="205"></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<p> </p>
|
||||
<h3>Changing/clearing the PIM</h3>
|
||||
<p>The PIM of a volume or for system encryption can be changed or cleared using the change password functionality. The screenshots below shows an example of changing the PIM from the empty default value to a value equal to 3 (this is possible since the password
|
||||
has more than 20 characters). In order to do so, the user must first tick "Use PIM" checkbox in the "New" section to reveal the PIM field.</p>
|
||||
<table width="519" style="height:896px; width:519px; margin-left:auto; margin-right:auto">
|
||||
<caption><strong>Normal volume case</strong></caption>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="text-align:center"><img src="Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_Step1.png" alt="" width="511" height="436"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p><img src="Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_Step2.png" alt="" width="511" height="436"></p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h5> </h5>
|
||||
<table style="margin-left:auto; margin-right:auto">
|
||||
<caption><strong>System encryption case</strong></caption>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><img src="Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_System_Step1.png" alt="" width="501" height="426"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_System_Step2.png" alt="" width="501" height="426"></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<p> </p>
|
||||
<p><a href="VeraCrypt%20Volume%20Format%20Specification.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
After Width: | Height: | Size: 39 KiB |
After Width: | Height: | Size: 40 KiB |
After Width: | Height: | Size: 24 KiB |
After Width: | Height: | Size: 25 KiB |
After Width: | Height: | Size: 24 KiB |
After Width: | Height: | Size: 26 KiB |
56
doc/html/Physical Security.html
Normal file
@ -0,0 +1,56 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Physical%20Security.html">Physical Security</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Physical Security</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
If an attacker can physically access the computer hardware <strong style="text-align:left">
|
||||
and</strong> you use it after the attacker has physically accessed it, then VeraCrypt may become unable to secure data on the computer.* This is because the attacker may modify the hardware or attach a malicious hardware component to it (such as a hardware
|
||||
keystroke logger) that will capture the password or encryption key (e.g. when you mount a VeraCrypt volume) or otherwise compromise the security of the computer. Therefore, you must not use VeraCrypt on a computer that an attacker has physically accessed.
|
||||
Furthermore, you must ensure that VeraCrypt (including its device driver) is not running when the attacker physically accesses the computer. Additional information pertaining to hardware attacks where the attacker has direct physical access is contained in
|
||||
the section <a href="Unencrypted%20Data%20in%20RAM.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Unencrypted Data in RAM</a>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Furthermore, even if the attacker cannot physically access the computer hardware <em style="text-align:left">
|
||||
directly</em>, he or she may be able to breach the physical security of the computer by remotely intercepting and analyzing emanations from the computer hardware (including the monitor and cables). For example, intercepted emanations from the cable connecting
|
||||
the keyboard with the computer can reveal passwords you type. It is beyond the scope of this document to list all of the kinds of such attacks (sometimes called TEMPEST attacks) and all known ways to prevent them (such as shielding or radio jamming). It is
|
||||
your responsibility to prevent such attacks. If you do not, VeraCrypt may become unable to secure data on the computer.</div>
|
||||
<p><br style="text-align:left">
|
||||
</p>
|
||||
<hr align="left" size="1" width="189" style="text-align:left; height:0px; border-width:0px 1px 1px; border-style:solid; border-color:#000000">
|
||||
<p><span style="text-align:left; font-size:10px; line-height:12px">* In this section (<em style="text-align:left">Physical Security</em>), the phrase "data on the computer" means data on internal and external storage devices/media (including removable devices
|
||||
and network drives) connected to the computer.</span></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
51
doc/html/Pipelining.html
Normal file
@ -0,0 +1,51 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Pipelining.html">Pipelining</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Pipelining</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
When encrypting or decrypting data, VeraCrypt uses so-called pipelining (asynchronous processing). While an application is loading a portion of a file from a VeraCrypt-encrypted volume/drive, VeraCrypt is automatically decrypting it (in RAM). Thanks to pipelining,
|
||||
the application does not have wait for any portion of the file to be decrypted and it can start loading other portions of the file right away. The same applies to encryption when writing data to an encrypted volume/drive.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Pipelining allows data to be read from and written to an encrypted drive as fast as if the drive was not encrypted (the same applies to file-hosted and partition-hosted VeraCrypt
|
||||
<a href="VeraCrypt%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
volumes</a>).*</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
Note: Pipelining is implemented only in the Windows versions of VeraCrypt.</div>
|
||||
<p> </p>
|
||||
<hr align="left" size="1" width="189" style="text-align:left; height:0px; border-width:0px 1px 1px; border-style:solid; border-color:#000000">
|
||||
<p><span style="text-align:left; font-size:10px; line-height:12px">* Some solid-state drives compress data internally, which appears to increase the actual read/write speed when the data is compressible (for example, text files). However, encrypted data cannot
|
||||
be compressed (as it appears to consist solely of random "noise" without any compressible patterns). This may have various implications. For example, benchmarking software that reads or writes compressible data (such as sequences of zeroes) will report lower
|
||||
speeds on encrypted volumes than on unencrypted volumes (to avoid this, use benchmarking software that reads/writes random or other kinds of uncompressible data)</span><span style="text-align:left; font-size:10px; line-height:12px">.</span></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
77
doc/html/Plausible Deniability.html
Normal file
@ -0,0 +1,77 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Plausible%20Deniability.html">Plausible Deniability</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Plausible Deniability</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
In case an adversary forces you to reveal your password, VeraCrypt provides and supports two kinds of plausible deniability:</div>
|
||||
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Hidden volumes (see the section <a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">
|
||||
Hidden Volume</a>) and hidden operating systems (see the section <a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
<strong style="text-align:left">Hidden Operating System</strong></a>). </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
Until decrypted, a VeraCrypt partition/device appears to consist of nothing more than random data (it does not contain any kind of "signature"). Therefore, it should be impossible to prove that a partition or a device is a VeraCrypt volume or that it has been
|
||||
encrypted (provided that the security requirements and precautions listed in the chapter
|
||||
<a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Security Requirements and Precautions</a> are followed). A possible plausible explanation for the existence of a partition/device containing solely random data is that you have wiped (securely erased) the content of the partition/device using one of the tools
|
||||
that erase data by overwriting it with random data (in fact, VeraCrypt can be used to securely erase a partition/device too, by creating an empty encrypted partition/device-hosted volume within it). However, you need to prevent data leaks (see the section
|
||||
<a href="Data%20Leaks.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Data Leaks</a>) and also note that, for <a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
system encryption</a>, the first drive track contains the (unencrypted) VeraCrypt Boot Loader, which can be easily identified as such (for more information, see the chapter
|
||||
<a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
System Encryption</a>). When using <a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
system encryption</a>, plausible deniability can be achieved by creating a hidden operating system (see the section
|
||||
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Hidden Operating System</a>).<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Although file-hosted VeraCrypt volumes (containers) do not contain any kind of "signature" either (until decrypted, they appear to consist solely of random data), they cannot provide this kind of plausible deniability, because there is practically no plausible
|
||||
explanation for the existence of a file containing solely random data. However, plausible deniability can still be achieved with a file-hosted VeraCrypt volume (container) by creating a hidden volume within it (see above).
|
||||
</li></ol>
|
||||
<h4 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:12px; margin-bottom:1px">
|
||||
<br style="text-align:left">
|
||||
Notes</h4>
|
||||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
When formatting a hard disk partition as a VeraCrypt volume (or encrypting a partition in place), the partition table (including the partition type) is
|
||||
<em style="text-align:left">never</em> modified (no VeraCrypt "signature" or "ID" is written to the partition table).
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
There are methods to find files or devices containing random data (such as VeraCrypt volumes). Note, however, that this should
|
||||
<em style="text-align:left">not </em>affect plausible deniability in any way. The adversary still should not be able to
|
||||
<em style="text-align:left">prove</em> that the partition/device is a VeraCrypt volume or that the file, partition, or device, contains a hidden VeraCrypt volume (provided that you follow the security requirements and precautions listed in the chapter
|
||||
<a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Security Requirements and Precautions</a> and in the subsection <a href="Security%20Requirements%20for%20Hidden%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Security Requirements and Precautions Pertaining to Hidden Volumes</a>). </li></ul>
|
||||
<p> </p>
|
||||
<p><a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
87
doc/html/Portable Mode.html
Normal file
@ -0,0 +1,87 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Portable%20Mode.html">Portable Mode</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Portable Mode</h1>
|
||||
<p>VeraCrypt can run in so-called portable mode, which means that it does not have to be installed on the operating system under which it is run. However, there are two things to keep in mind:</p>
|
||||
<ol>
|
||||
<li>You need administrator privileges in order to be able to run VeraCrypt in portable mode (for the reasons, see the chapter
|
||||
<a href="Using%20VeraCrypt%20Without%20Administrator%20Privileges.html">
|
||||
<em>Using VeraCrypt Without Administrator Privileges</em></a>).
|
||||
<table border="2">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; color:#ff0000; padding:15px; border:1px solid #000000">
|
||||
Note: No matter what kind of software you use, as regards personal privacy in most cases, it is
|
||||
<em>not</em> safe to work with sensitive data under systems where you do not have administrator privileges, as the administrator can easily capture and copy your sensitive data, including passwords and keys.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</li><li>After examining the registry file, it may be possible to tell that VeraCrypt was run (and that a VeraCrypt volume was mounted) on a Windows system even if it had been run in portable mode.
|
||||
</li></ol>
|
||||
<p><strong>Note</strong>: If that is a problem, see <a href="FAQ.html#notraces" target="_blank.html">
|
||||
this question</a> in the FAQ for a possible solution.<br>
|
||||
<br>
|
||||
There are two ways to run VeraCrypt in portable mode:</p>
|
||||
<ol>
|
||||
<li>After you extract files from the VeraCrypt self-extracting package, you can directly run
|
||||
<em>VeraCrypt.exe</em>.<br>
|
||||
<br>
|
||||
Note: To extract files from the VeraCrypt self-extracting package, run it, and then select
|
||||
<em>Extract</em> (instead of <em>Install</em>) on the second page of the VeraCrypt Setup wizard.
|
||||
</li><li>You can use the <em>Traveler Disk Setup</em> facility to prepare a special traveler disk and launch VeraCrypt from there.
|
||||
</li></ol>
|
||||
<p>The second option has several advantages, which are described in the following sections in this chapter.</p>
|
||||
<p>Note: When running in ‘portable’ mode, the VeraCrypt driver is unloaded when it is no longer needed (e.g., when all instances of the main application and/or of the Volume Creation Wizard are closed and no VeraCrypt volumes are mounted). However,
|
||||
if you force dismount on a VeraCrypt volume when VeraCrypt runs in portable mode, or mount a writable NTFS-formatted volume on Windows Vista or later, the VeraCrypt driver may
|
||||
<em>not</em> be unloaded when you exit VeraCrypt (it will be unloaded only when you shut down or restart the system). This prevents various problems caused by a bug in Windows (for instance, it would be impossible to start VeraCrypt again as long as there are
|
||||
applications using the dismounted volume).</p>
|
||||
<h3>Tools -> Traveler Disk Setup</h3>
|
||||
<p>You can use this facility to prepare a special traveler disk and launch VeraCrypt from there. Note that VeraCrypt ‘traveler disk’ is
|
||||
<em>not</em> a VeraCrypt volume but an <em>unencrypted</em> volume. A ‘traveler disk’ contains VeraCrypt executable files and optionally the ‘autorun.inf’ script (see the section
|
||||
<em>AutoRun Configuration</em> below). After you select <em>Tools -> Traveler Disk Setup</em>, the
|
||||
<em>Traveler Disk Setup</em> dialog box should appear. Some of the parameters that can be set within the dialog deserve further explanation:</p>
|
||||
<h4>Include VeraCrypt Volume Creation Wizard</h4>
|
||||
<p>Check this option, if you need to create new VeraCrypt volumes using VeraCrypt run from the traveler disk you will create. Unchecking this option saves space on the traveler disk.</p>
|
||||
<h4>AutoRun Configuration (autorun.inf)</h4>
|
||||
<p>In this section, you can configure the ‘traveler disk’ to automatically start VeraCrypt or mount a specified VeraCrypt volume when the ‘traveler disk’ is inserted. This is accomplished by creating a special script file called ‘<em>autorun.inf</em>’
|
||||
on the traveler disk. This file is automatically executed by the operating system each time the ‘traveler disk’ is inserted.<br>
|
||||
<br>
|
||||
Note, however, that this feature only works for removable storage devices such as CD/DVD (Windows XP SP2, Windows Vista, or a later version of Windows is required for this feature to work on USB memory sticks) and only when it is enabled in the operating system.
|
||||
Depending on the operating system configuration, these auto-run and auto-mount features may work only when the traveler disk files are created on a non-writable CD/DVD-like medium (which is not a bug in VeraCrypt but a limitation of Windows).<br>
|
||||
<br>
|
||||
Also note that the ‘<em>autorun.inf</em>’ file must be in the root directory (i.e., for example
|
||||
<em>G:\</em>, <em>X:\</em>, or <em>Y:\</em> etc.) of an <strong>unencrypted </strong>
|
||||
disk in order for this feature to work.</p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
43
doc/html/Preface.html
Normal file
@ -0,0 +1,43 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Preface.html">Preface</a>
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Preface</h1>
|
||||
<p>
|
||||
Please note that although most chapters of this documentation apply generally to all versions of VeraCrypt, some sections are primarily aimed at users of the Windows versions of VeraCrypt. Hence, such sections may contain information that is inappropriate in regards to the Mac OS X and Linux versions of VeraCrypt.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
</body></html>
|
205
doc/html/Program Menu.html
Normal file
@ -0,0 +1,205 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Main%20Program%20Window.html">Main Program Window</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Program%20Menu.html">Program Menu</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h2>Program Menu</h2>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<p>Note: To save space, only the menu items that are not self-explanatory are described in this documentation.</p>
|
||||
<h3>Volumes -> Auto-Mount All Device-Hosted Volumes</h3>
|
||||
<p>See the section <a href="Main%20Program%20Window.html">
|
||||
<em>Auto-Mount Devices.</em></a></p>
|
||||
<h3>Volumes -> Dismount All Mounted Volumes</h3>
|
||||
<p>See the section <a href="Main%20Program%20Window.html">
|
||||
<em>Dismount All.</em></a></p>
|
||||
<h3>Volumes -> Change Volume Password</h3>
|
||||
<p>Allows changing the password of the currently selected VeraCrypt volume (no matter whether the volume is hidden or standard). Only the header key and the secondary header key (XTS mode) are changed – the master key remains unchanged. This function
|
||||
re-encrypts the volume header using<br>
|
||||
<br>
|
||||
a header encryption key derived from a new password. Note that the volume header contains the master encryption key with which the volume is encrypted. Therefore, the data stored on the volume will
|
||||
<em>not</em> be lost after you use this function (password change will only take a few seconds).<br>
|
||||
<br>
|
||||
To change a VeraCrypt volume password, click on <em>Select File</em> or <em>Select Device</em>, then select the volume, and from the
|
||||
<em>Volumes</em> menu select <em>Change Volume Password</em>.<br>
|
||||
<br>
|
||||
Note: For information on how to change a password used for pre-boot authentication, please see the section
|
||||
<em>System -> Change Password</em>.<br>
|
||||
<br>
|
||||
See also the chapter <a href="Security%20Requirements%20and%20Precautions.html">
|
||||
<em>Security Requirements and Precautions</em></a>.</p>
|
||||
<div style="margin-left:50px">
|
||||
<h4>PKCS-5 PRF</h4>
|
||||
<p>In this field you can select the algorithm that will be used in deriving new volume header keys (for more information, see the section
|
||||
<a href="Header%20Key%20Derivation.html">
|
||||
<em>Header Key Derivation, Salt, and Iteration Count</em></a>) and in generating the new salt (for more information, see the section
|
||||
<a href="Random%20Number%20Generator.html">
|
||||
<em>Random Number Generator</em></a>).<br>
|
||||
<br>
|
||||
Note: When VeraCrypt re-encrypts a volume header, the original volume header is first overwritten many times (3, 7, 35 or 256 depending on the user choice) with random data to prevent adversaries from using techniques such as magnetic force microscopy or magnetic
|
||||
force scanning tunneling microscopy [17] to recover the overwritten header (however, see also the chapter
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">
|
||||
<em>Security Requirements and Precautions</em></a>).</p>
|
||||
</div>
|
||||
<h3>Volumes -> Set Header Key Derivation Algorithm</h3>
|
||||
<p>This function allows you to re-encrypt a volume header with a header key derived using a different PRF function (for example, instead of HMAC-RIPEMD-160 you could use HMAC-Whirlpool). Note that the volume header contains the master encryption key with which
|
||||
the volume is encrypted. Therefore, the data stored on the volume will <em>not</em> be lost after you use this function. For more information, see the section
|
||||
<a href="Header%20Key%20Derivation.html">
|
||||
<em>Header Key Derivation, Salt, and Iteration Count</em></a>.<br>
|
||||
<br>
|
||||
Note: When VeraCrypt re-encrypts a volume header, the original volume header is first overwritten many times (3, 7, 35 or 256 depending on the user choice) with random data to prevent adversaries from using techniques such as magnetic force microscopy or magnetic
|
||||
force scanning tunneling microscopy [17] to recover the overwritten header (however, see also the chapter
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">
|
||||
<em>Security Requirements and Precautions</em></a>).</p>
|
||||
<h3>Volumes -> Add/Remove Keyfiles to/from Volume</h3>
|
||||
<h3>Volumes -> Remove All Keyfiles from Volume</h3>
|
||||
<p>See the chapter <a href="Keyfiles.html">
|
||||
<em>Keyfiles.</em></a></p>
|
||||
<h3>Favorites -> Add Mounted Volume to Favorites Favorites -> Organize Favorite Volumes Favorites -> Mount Favorites Volumes</h3>
|
||||
<p>See the chapter <a href="Favorite%20Volumes.html">
|
||||
<em>Favorite Volumes</em></a>.</p>
|
||||
<h3>Favorites -> Add Mounted Volume to System Favorites</h3>
|
||||
<h3>Favorites -> Organize System Favorite Volumes</h3>
|
||||
<p>See the chapter <a href="System%20Favorite%20Volumes.html">
|
||||
<em>System Favorite Volumes</em></a>.</p>
|
||||
<h3>System -> Change Password</h3>
|
||||
<p>Changes the password used for pre-boot authentication (see the chapter <em>System Encryption</em>). WARNING: Your VeraCrypt Rescue Disk allows you to restore key data if it is damaged. By doing so, you also restore the password that was valid when the VeraCrypt
|
||||
Rescue Disk was created. Therefore, whenever you change the password, you should destroy your VeraCrypt Rescue Disk and create a new one (select
|
||||
<em>System</em> -> <em>Create Rescue Disk</em>). Otherwise, an attacker could decrypt your system partition/drive using the old password (if he finds the old VeraCrypt Rescue Disk and uses it to restore the key data). See also the chapter
|
||||
<a href="Security%20Requirements%20and%20Precautions.html">
|
||||
<em>Security Requirements and Precautions</em></a>.<br>
|
||||
<br>
|
||||
For more information on changing a password, please see the section <em>Volumes -> Change Volume Password</em> above.</p>
|
||||
<h3>System -> Mount Without Pre-Boot Authentication</h3>
|
||||
<p>Check this option, if you need to mount a partition that is within the key scope of system encryption without pre-boot authentication. For example, if you need to mount a partition located on the encrypted system drive of another operating system that is
|
||||
not running. This can be useful e.g. when you need to back up or repair an operating system encrypted by VeraCrypt (from within another operating system).</p>
|
||||
<p>Note 1: If you need to mount multiple partitions at once, click <em>‘Auto-Mount Devices</em>’, then click ‘<em>Mount Options</em>’ and enable the option ‘<em>Mount partition using system encryption without pre-boot authentication</em>’.<br>
|
||||
<br>
|
||||
Please note you cannot use this function to mount extended (logical) partitions that are located on an entirely encrypted system drive.</p>
|
||||
<h3>Tools -> Clear Volume History</h3>
|
||||
<p>Clears the list containing the file names (if file-hosted) and paths of the last twenty successfully mounted volumes.</p>
|
||||
<h3>Tools -> Traveler Disk Setup</h3>
|
||||
<p>See the chapter <a href="Portable%20Mode.html">
|
||||
<em>Portable Mode.</em></a></p>
|
||||
<h3>Tools -> Keyfile Generator</h3>
|
||||
<p>See section <em>Tools -> Keyfile Generator</em> in the chapter <a href="Keyfiles.html">
|
||||
<em>Keyfiles.</em></a></p>
|
||||
<h3 id="tools-backup-volume-header">Tools -> Backup Volume Header</h3>
|
||||
<h3 id="tools-restore-volume-header">Tools -> Restore Volume Header</h3>
|
||||
<p>If the header of a VeraCrypt volume is damaged, the volume is, in most cases, impossible to mount. Therefore, each volume created by VeraCrypt (except system partitions) contains an embedded backup header, located at the end of the volume. For extra safety,
|
||||
you can also create external volume header backup files. To do so, click <em>Select Device</em> or
|
||||
<em>Select File</em>, select the volume, select <em>Tools</em> -> <em>Backup Volume Header</em>, and then follow the instructions.</p>
|
||||
<p>Note: For system encryption, there is no backup header at the end of the volume. For non-system volumes, a shrink operation is done first to ensure that all data are put at the beginning of the volume, leaving all free space at the end so that we have a
|
||||
place to put the backup header. For system partitions, we can't perform this needed shrink operation while Windows is running and so the backup header can't be created at the end of the partition. The alternative way in the case of system encryption is the
|
||||
use of the <a href="VeraCrypt%20Rescue%20Disk.html">
|
||||
Rescue Disk</a>.</p>
|
||||
<p>Note: A backup header (embedded or external) is <em>not</em> a copy of the original volume header because it is encrypted with a different header key derived using a different salt (see the section
|
||||
<a href="Header%20Key%20Derivation.html">
|
||||
<em>Header Key Derivation, Salt, and Iteration Count</em></a>). When the volume password and/or keyfiles are changed, or when the header is restored from the embedded (or an external) header backup, both the volume header and the backup header (embedded in
|
||||
the volume) are re-encrypted with header keys derived using newly generated salts (the salt for the volume header is different from the salt for the backup header). Each salt is generated by the VeraCrypt random number generator (see the section
|
||||
<a href="Random%20Number%20Generator.html">
|
||||
<em>Random Number Generator</em></a>).</p>
|
||||
<p>Both types of header backups (embedded and external) can be used to repair a damaged volume header. To do so, click
|
||||
<em>Select Device</em> or <em>Select File</em>, select the volume, select <em>Tools</em> ->
|
||||
<em>Restore Volume Header</em>, and then follow the instructions.<br>
|
||||
<br>
|
||||
WARNING: Restoring a volume header also restores the volume password that was valid when the backup was created. Moreover, if keyfile(s) are/is necessary to mount a volume when the backup is created, the same keyfile(s) will be necessary to mount the volume
|
||||
again after the volume header is restored. For more information, see the section
|
||||
<a href="Encryption%20Scheme.html"><em>Encryption Scheme</em></a> in the chapter
|
||||
<a href="Technical%20Details.html"><em>Technical Details</em></a>.<br>
|
||||
<br>
|
||||
After you create a volume header backup, you might need to create a new one only when you change the volume password and/or keyfiles. Otherwise, the volume header remains unmodified so the volume header backup remains up-to-date.</p>
|
||||
<p>Note: Apart from salt (which is a sequence of random numbers), external header backup files do not contain any unencrypted information and they cannot be decrypted without knowing the correct password and/or supplying the correct keyfile(s). For more information,
|
||||
see the chapter <a href="Technical%20Details.html">
|
||||
<em>Technical Details</em></a>.</p>
|
||||
<p>When you create an external header backup, both the standard volume header and the area where a hidden volume header can be stored is backed up, even if there is no hidden volume within the volume (to preserve plausible deniability of hidden volumes). If
|
||||
there is no hidden volume within the volume, the area reserved for the hidden volume header in the backup file will be filled with random data (to preserve plausible deniability).<br>
|
||||
<br>
|
||||
When <em>restoring</em> a volume header, you need to choose the type of volume whose header you wish to restore (a standard or hidden volume). Only one volume header can be restored at a time. To restore both headers, you need to use the function twice (<em>Tools</em>
|
||||
-> <em>Restore Volume Header</em>). You will need to enter the correct password (and/or to supply the correct keyfiles) that was/were valid when the volume header backup was created. The password (and/or keyfiles) will also automatically determine the type
|
||||
of the volume header to restore, i.e. standard or hidden (note that VeraCrypt determines the type through the process of trial and error).<br>
|
||||
<br>
|
||||
Note: If the user fails to supply the correct password (and/or keyfiles) twice in a row when trying to mount a volume, VeraCrypt will automatically try to mount the volume using the embedded backup header (in addition to trying to mount it using the primary
|
||||
header) each subsequent time that the user attempts to mount the volume (until he or she clicks
|
||||
<em>Cancel</em>). If VeraCrypt fails to decrypt the primary header but it successfully decrypts the embedded backup header at the same time, the volume is mounted and the user is warned that the volume header is damaged (and informed as to how to repair it).</p>
|
||||
<h3 id="Settings-Performance">Settings -> Performance and Driver Options</h3>
|
||||
<p>Invokes the Performance dialog window, where you can change enable or disable AES Hardware acceleration and thread based parallelization. You can also change the following driver option:</p>
|
||||
<h4>Enable extended disk control codes support</h4>
|
||||
<p>If enabled, VeraCrypt driver will support returning extended technical information about mounted volumes through IOCTL_STORAGE_QUERY_PROPERTY control code. This control code is always supported by physical drives and it can be required by some applications
|
||||
to get technical information about a drive (e.g. the Windows fsutil program uses this control code to get the physical sector size of a drive.).<br>
|
||||
Enabling this option brings VeraCrypt volumes behavior much closer to that of physical disks and if it is disabled, applications can easily distinguish between physical disks and VeraCrypt volumes since sending this control code to a VeraCrypt volume will result
|
||||
in an error.<br>
|
||||
Disable this option if you experience stability issues (like volume access issues or system BSOD) which can be caused by poorly written software and drivers.</p>
|
||||
<h3>Settings -> Preferences</h3>
|
||||
<p>Invokes the Preferences dialog window, where you can change, among others, the following options:</p>
|
||||
<h4>Wipe cached passwords on exit</h4>
|
||||
<p>If enabled, passwords (which may also contain processed keyfile contents) cached in driver memory will be cleared when VeraCrypt exits.</p>
|
||||
<h4>Cache passwords in driver memory</h4>
|
||||
<p>When checked, passwords and/or processed keyfile contents for up to last four successfully mounted VeraCrypt volumes are cached. This allows mounting volumes without having to type their passwords (and selecting keyfiles) repeatedly. VeraCrypt never saves
|
||||
any password to a disk (however, see the chapter <a href="Security%20Requirements%20and%20Precautions.html">
|
||||
<em>Security Requirements and Precautions</em></a>). Password caching can be enabled/disabled in the Preferences (<em>Settings</em> ->
|
||||
<em>Preferences</em>) and in the password prompt window. If the system partition/drive is encrypted, caching of the pre-boot authentication password can be enabled or disabled in the system encryption settings (<em>Settings</em> > ‘<em>System Encryption</em>’).</p>
|
||||
<h4>Temporary Cache password during "Mount Favorite Volumes" operations</h4>
|
||||
<p>When this option is unchecked (this is the default), VeraCrypt will display the password prompt window for every favorite volume during the execution of the "Mount Favorite Volumes" operation and each password is erased once the volume is mounted (unless
|
||||
password caching is enabled).<br>
|
||||
<br>
|
||||
If this option is checked and if there are two or more favorite volumes, then during the operation "Mount Favorite Volumes", VeraCrypt will first try the password of the previous favorite and if it doesn't work, it will display password prompt window. This
|
||||
logic applies starting from the second favorite volume onwards. Once all favorite volumes are processed, the password is erased from memory.</p>
|
||||
<p>This option is useful when favorite volumes share the same password since the password prompt window will only be displayed once for the first favorite and VeraCrypt will automatically mount all subsequent favorites.</p>
|
||||
<p>Please note that since we can't assume that all favorites use the same PRF (hash) nor the same TrueCrypt mode, VeraCrypt uses Autodetection for the PRF of subsequent favorite volumes and it tries both TrueCryptMode values (false, true) which means that the
|
||||
total mounting time will be slower compared to the individual mounting of each volume with the manual selection of the correct PRF and the correct TrueCryptMode.</p>
|
||||
<h4>Open Explorer window for successfully mounted volume</h4>
|
||||
<p>If this option is checked, then after a VeraCrypt volume has been successfully mounted, an Explorer window showing the root directory of the volume (e.g., T:\) will be automatically opened.</p>
|
||||
<h4>Use a different taskbar icon when there are mounted volumes</h4>
|
||||
<p>If enabled, the appearance of the VeraCrypt taskbar icon (shown within the system tray notification area) is different while a VeraCrypt volume is mounted, except the following:</p>
|
||||
<ul>
|
||||
<li>Partitions/drives within the key scope of active system encryption (e.g., a system partition encrypted by VeraCrypt, or a non-system partition located on a system drive encrypted by VeraCrypt, mounted when the encrypted operating system is running).
|
||||
</li><li>VeraCrypt volumes that are not fully accessible to the user account (e.g. a volume mounted from within another user account).
|
||||
</li><li>VeraCrypt volumes that are not displayed in the VeraCrypt application window. For example, system favorite volumes attempted to be dismounted by an instance of VeraCrypt without administrator privileges when the option '<em>Allow only administrators to
|
||||
view and dismount system favorite volumes in VeraCrypt</em>' is enabled. </li></ul>
|
||||
<h4>VeraCrypt Background Task – Enabled</h4>
|
||||
<p>See the chapter <a href="VeraCrypt%20Background%20Task.html">
|
||||
<em>VeraCrypt Background Task</em></a>.</p>
|
||||
<h4>VeraCrypt Background Task – Exit when there are no mounted volumes</h4>
|
||||
<p>If this option is checked, the VeraCrypt background task automatically and silently exits as soon as there are no mounted VeraCrypt volumes. For more information, see the chapter
|
||||
<a href="VeraCrypt%20Background%20Task.html">
|
||||
<em>VeraCrypt Background Task</em></a>. Note that this option cannot be disabled when VeraCrypt runs in portable mode.</p>
|
||||
<h4>Auto-dismount volume after no data has been read/written to it for</h4>
|
||||
<p>After no data has been written/read to/from a VeraCrypt volume for <em>n</em> minutes, the volume is automatically dismounted.</p>
|
||||
<h4>Force auto-dismount even if volume contains open files or directories</h4>
|
||||
<p>This option applies only to auto-dismount (not to regular dismount). It forces dismount (without prompting) on the volume being auto-dismounted in case it contains open files or directories (i.e., file/directories that are in use by the system or applications).</p>
|
||||
<p> </p>
|
||||
<p><a href="Mounting%20VeraCrypt%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
127
doc/html/Protection of Hidden Volumes.html
Normal file
@ -0,0 +1,127 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||||
<meta name="keywords" content="encryption, security"/>
|
||||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div>
|
||||
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||||
</div>
|
||||
|
||||
<div id="menu">
|
||||
<ul>
|
||||
<li><a href="Home.html">Home</a></li>
|
||||
<li><a href="/code/">Source Code</a></li>
|
||||
<li><a href="Downloads.html">Downloads</a></li>
|
||||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||||
<li><a href="Donation.html">Donate</a></li>
|
||||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<p>
|
||||
<a href="Documentation.html">Documentation</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Plausible%20Deniability.html">Plausible Deniability</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Hidden%20Volume.html">Hidden Volume</a>
|
||||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||||
<a href="Protection%20of%20Hidden%20Volumes.html">Protection of Hidden Volumes</a>
|
||||
</p></div>
|
||||
|
||||
<div class="wikidoc">
|
||||
<h1>Protection of Hidden Volumes Against Damage</h1>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
If you mount a VeraCrypt volume within which there is a <a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
hidden volume</a>, you may <em style="text-align:left">read</em> data stored on the (outer) volume without any risk. However, if you (or the operating system) need to
|
||||
<em style="text-align:left">save</em> data to the outer volume, there is a risk that the hidden volume will get damaged (overwritten). To prevent this, you should protect the hidden volume in a way described in this section.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
When mounting an outer volume, type in its password and before clicking <em style="text-align:left">
|
||||
OK, </em>click <em style="text-align:left">Mount Options</em>:</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<img src="Protection of Hidden Volumes_Image_027.jpg" alt="VeraCrypt GUI" width="499" height="205"></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
In the <em style="text-align:left">Mount Options </em>dialog window, enable the option '<em style="text-align:left">Protect hidden volume against damage caused by writing to outer volume</em> '. In the '<em style="text-align:left">Password to hidden volume</em>'
|
||||
input field, type the password for the hidden volume. Click <em style="text-align:left">
|
||||
OK </em>and, in the main password entry dialog, click <em style="text-align:left">
|
||||
OK</em>.</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<img src="Protection of Hidden Volumes_Image_028.jpg" alt="Mounting with hidden protection" width="432" height="402"></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Both passwords must be correct; otherwise, the outer volume will not be mounted. When hidden volume protection is enabled, VeraCrypt does
|
||||
<em style="text-align:left">not</em> actually mount the hidden volume. It only decrypts its header (in RAM) and retrieves information about the size of the hidden volume (from the decrypted header). Then, the outer volume is mounted and any attempt to save
|
||||
data to the area of the hidden volume will be rejected (until the outer volume is dismounted).
|
||||
<strong style="text-align:left">Note that VeraCrypt never modifies the filesystem (e.g., information about allocated clusters, amount of free space, etc.) within the outer volume in any way. As soon as the volume is dismounted, the protection is lost. When
|
||||
the volume is mounted again, it is not possible to determine whether the volume has used hidden volume protection or not. The hidden volume protection can be activated only by users who supply the correct password (and/or keyfiles) for the hidden volume (each
|
||||
time they mount the outer volume). <br style="text-align:left">
|
||||
</strong><br style="text-align:left">
|
||||
As soon as a write operation to the hidden volume area is denied/prevented (to protect the hidden volume), the entire host volume (both the outer and the hidden volume) becomes write-protected until dismounted (the VeraCrypt driver reports the 'invalid parameter'
|
||||
error to the system upon each attempt to write data to the volume). This preserves plausible deniability (otherwise certain kinds of inconsistency within the file system could indicate that this volume has used hidden volume protection). When damage to hidden
|
||||
volume is prevented, a warning is displayed (provided that the VeraCrypt Background Task is enabled – see the chapter
|
||||
<a href="VeraCrypt%20Background%20Task.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
VeraCrypt Background Task</a>). Furthermore, the type of the mounted outer volume displayed in the main window changes to '<em style="text-align:left">Outer(!)</em> ':</div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<img src="Protection of Hidden Volumes_Image_029.jpg" alt="VeraCrypt GUI" width="579" height="498"></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Moreover, the field <em style="text-align:left">Hidden Volume Protected </em>in the
|
||||
<em style="text-align:left">Volume Properties </em>dialog window says:<br style="text-align:left">
|
||||
'<em style="text-align:left">Yes (damage prevented!)</em>'<em style="text-align:left">.</em><br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
Note that when damage to hidden volume is prevented, <em style="text-align:left">
|
||||
no</em> information about the event is written to the volume. When the outer volume is dismounted and mounted again, the volume properties will
|
||||
<em style="text-align:left">not </em>display the string "<em style="text-align:left">damage prevented</em>".<em style="text-align:left"><br style="text-align:left">
|
||||
</em></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
There are several ways to check that a hidden volume is being protected against damage:</div>
|
||||
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
A confirmation message box saying that hidden volume is being protected is displayed after the outer volume is mounted (if it is not displayed, the hidden volume is not protected!).
|
||||
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
In the <em style="text-align:left">Volume Properties </em>dialog, the field <em style="text-align:left">
|
||||
Hidden Volume Protected </em>says '<em style="text-align:left">Yes</em>': </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||||
The type of the mounted outer volume is <em style="text-align:left">Outer</em>: </li></ol>
|
||||
<p><img src="Protection of Hidden Volumes_Image_030.jpg" alt="VeraCrypt GUI" width="579" height="232"></p>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<em style="text-align:left"><br style="text-align:left">
|
||||
<strong style="text-align:left">Important: You are the only person who can mount your outer volume with the hidden volume protection enabled (since nobody else knows your hidden volume password). When an adversary asks you to mount an outer volume, you of course
|
||||
must </strong></em><strong style="text-align:left">not</strong><em style="text-align:left"><strong style="text-align:left"> mount it with the hidden volume protection enabled. You must mount it as a normal volume (and then VeraCrypt will not show the volume
|
||||
type "Outer" but "Normal"). The reason is that, during the time when an outer volume is mounted with the hidden volume protection enabled, the adversary
|
||||
</strong></em><strong style="text-align:left">can</strong><em style="text-align:left"><strong style="text-align:left"> find out that a hidden volume exists within the outer volume (he/she will be able to find it out until the volume is dismounted and possibly
|
||||
even some time after the computer has been powered off - see <a href="Unencrypted%20Data%20in%20RAM.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Unencrypted Data in RAM</a>).</strong></em> <br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
<em style="text-align:left">Warning</em>: Note that the option '<em style="text-align:left">Protect hidden volume against damage caused by writing to outer volume</em>' in the
|
||||
<em style="text-align:left">Mount Options </em>dialog window is automatically disabled after a mount attempt is completed, no matter whether it is successful or not (all hidden volumes that are already being protected will, of course, continue to be protected).
|
||||
Therefore, you need to check that option <em style="text-align:left">each </em>time you attempt to mount the outer volume (if you wish the hidden volume to be protected):<br style="text-align:left">
|
||||
<br style="text-align:left">
|
||||
<img src="Protection of Hidden Volumes_Image_031.jpg" alt="VeraCrypt GUI" width="432" height="402"></div>
|
||||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||||
<br style="text-align:left">
|
||||
If you want to mount an outer volume and protect a hidden volume within using cached passwords, then follow these steps: Hold down the
|
||||
<em style="text-align:left">Control </em>(<em style="text-align:left">Ctrl</em>) key when clicking
|
||||
<em style="text-align:left">Mount </em>(or select <em style="text-align:left">Mount with Options
|
||||
</em>from the <em style="text-align:left">Volumes </em>menu). This will open the <em style="text-align:left">
|
||||
Mount Options </em>dialog. Enable the option '<em style="text-align:left">Protect hidden volume against damage caused by writing to outer volume</em>' and leave the password box empty. Then click
|
||||
<em style="text-align:left">OK</em>.</div>
|
||||
<p>If you need to mount an outer volume and you know that you will not need to save any data to it, then the most comfortable way of protecting the hidden volume against damage is mounting the outer volume as read-only (see the section
|
||||
<a href="Mounting%20VeraCrypt%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
|
||||
Mount Options</a>).</p>
|
||||
<p> </p>
|
||||
<p><a href="Security%20Requirements%20for%20Hidden%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
|
||||
</div><div class="ClearBoth"></div></body></html>
|
BIN
doc/html/Protection of Hidden Volumes_Image_027.jpg
Normal file
After Width: | Height: | Size: 36 KiB |
BIN
doc/html/Protection of Hidden Volumes_Image_028.jpg
Normal file
After Width: | Height: | Size: 63 KiB |