n l i t e d
August 19 2017
CryptDisk is a work-in-progress, neither the author nor nlited systems inc. make any guarantees nor provide any warranties for the software or its use in any situation nor assume any liability for damages incurred while using the software.
CryptDisk contains no backdoors (aka password recovery). If the password is forgotten or the key file is lost, the data is lost forever. Period. I'm not kidding.
Use at your own risk.
CryptDisk is downloaded as a zipfile containing two files, CryptDisk.exe (the loader app) and CryptDriver2.sys (the virtual disk device driver). No other files are required, there is no installer.
These are beta releases.
CryptDisk must be run as admin the first time to install the service.
Installation is now complete. Click "Driver > Unload" to stop the service, then exit the CryptDisk program. CryptDisk can run as a normal process.
This does not clear the registry keys. CryptDisk stores everything under "HKCU\Software\nlited\CryptDisk". You can use RegEdit to delete the key and everything under it.
CryptDisk does not start automatically, you need to launch CryptDisk and load the driver to access any CryptDisk volumes.
CryptDisk does not need to be running once the driver is loaded. You can close the CryptDisk app and continue to use mounted volumes.
You need a key file before you can do anything else. A new key can be created using the command KEY CREATE or the UI (Menu > Keys > New).
The "Key Name" is the friendly name for the key, the name that will be shown in lists and prompts. It does not need to be unique, but should be enough to remind you what it is. The name will be visible as plain text in the key file.
The Encryption Method sets the block encryption method used for anything encrypted using the key. Click the button to cycle through the choices.
Parameters sets custom encryption values. Leave this unchecked to use the defaults. The values depend on the method, but are generally the internal round counts. This is an expert setting, if you are still confused just leave Parameters unchecked.
Passcode is the password for the key. Longer is better, but it should be something you can remember without needing to look it up. The password text is hashed through Argon2 to generate the final secret.
Key File is the where the key will be saved. The key file is a small (~1KB) text file. You can edit the file to add notes, but do not modify any text between the >>>> and <<<< markers.
The key files must be kept secret and never lost! Make a copy and stash it in your safe. CryptDisk contains no back doors, no "password recovery" schemes. If you lose the key file or forget the password your data is lost forever! I'm not kidding.
Three things are needed to access your secret data:
First, you need to open the key that will be used for the disk. This key will then be needed each time you want to use the disk. Open the key using the command KEY OPEN Or the UI (Menu > Keys > Open).
Create a new disk using the command MEDIA CREATE or the UI (Menu > Volumes > Create).
Media File is where the new disk will be saved. Make sure there is enough physical disk space to hold the virtual disk file. Media can be stored on network disks.
Media size is the size of the media file ("container"). The usable space on the virtual disk will be something less. The size can be suffixed with K, M, or G. "4G" will create a disk with 4,000,000,000 bytes. The minimum and maximum disk size will be determined by the file system you intend to use.
The "Quick Format" will skip the step where "empty" data is written to every sector in the disk. However, NTFS will always write to unused space so this won't save any time when the media is stored on a physical disk that uses NTFS. It is better to leave this unchecked.
Check "Encrypt" to enable encryption, otherwise data will be stored as plain text. Select the key you want to use from the list box. If the list box is empty, you forgot to open a key and need to click Cancel.
Click OK to create the disk. This can be a lengthy operation for very large disks, plan on a couple of hours for a 200GB disk. If this process is interrupted the disk may cause very long and unexpected system hangs. It is better to delete a partially formatted disk and start over.
The new disk can be mounted using the command
DRIVER MOUNT Or the UI (Menu > Volumes > Mount...)
Select a drive letter ("mount point") and the path to the media file.
You can enter the password here or leave it blank to be prompted later, if the key is not already open. Keys are cached until the CryptDisk.exe application is closed or you explicitly clear the keys. Keys are cleared using the command KEY CLEAR or the UI (Menu > Keys > Clear)
If CryptDisk has access to the correct key file and your password is correct, the new volume will appear in the main window's list box. You can add a mounted disk as a "Favorite" by selecting it in the list and clicking (Menu > Volume > Favorites > Add).
The disk should now appear in File Explorer and can be used just like any other disk.
Creating the disk performed a "raw sector format". Now you need to format the disk with your favorite file system. You can do this by double-clicking the disk in File Explorer or using the command VOLUME FORMAT
After the file system formatting is done, the disk is ready for use.
Disks are gracefully unmounted when Windows shuts down, so there is no need to manually unmount the disk. You can also unmount the disk on demand using the command DRIVER UNMOUNT or the UI by selecting the disk from the list and clicking (Menu > Volumes > Unmount), the "Unmount" button, or the "Unmount All" button. CryptDisk will try to gracefully close all open files before unmounting. Some programs (I looking at you, File Explorer!) retain open handles and will prevent the disk from unmounting. The "Force" check box will ignore the open handles and unmount the disk. This is safe if you close all your programs and wait a few seconds, but any unsaved data will be lost when the disk is forcibly unmounted.
One of the nicest features of CryptDisk is how quick and easy it is to archive your data. A clone is an exact copy of a disk that is locked to its parent. Creating a clone is a lengthy operation, requiring roughly the same time required to create the disk. Updating a clone is much quicker, typically requiring only 1-2% as long.
The disk must be unmounted to create or update the clone, and the key must be open. The clone is created using the command CLONE COPY or the UI (Menu > Volumes > Clone).
CryptDisk is designed for power-users and many of the really
powerful functions are found in the command interface. The commands
can be explored using the "HELP" option. For example the various
media commands can be explored using the commands
MEDIA ?
MEDIA CREATE ?
If you have any further questions, please go to the CryptDisk web site (https://aws.nlited.org/p1052.htm). Each page has a "Comment" button at the bottom.
CryptDisk manages volumes and keys separately to provide a greater flexibility than a simple password/volume approach. The password unlocks the key, the key unlocks the media. All three components are required.
It is common to copy a volume from one machine to another with the intention of moving the working version, not forking it. This usually involves tediously copying the entire volume, a time-consuming and error-prone process. Then it is up to user to remember which copy of the volume is the current version.
When CryptDisk creates a clone of a volume, the ID of the original volume is recorded. A full volume copy is then made to create the clone. Subsequent updates of a clone back to the original, the original to a clone, or a clone to another sibling clone are then treated as incremental updates, copying only the sectors that have changed. CryptDisk will lock the original, allowing read-only access. Only the most current version can be updated. Moving a volume from one physical disk to another takes only a fraction of the time of a full copy since the vast majority of sectors are typically unchanged. CryptDisk warns you when trying to update a locked volume.
This same incremental approach also makes creating volume backups much easier and more convenient.
The main reason for writing CryptDisk was to avoid the tedium and problems involved in waiting 35 minutes to copy a 200GB TrueCrypt volume. CryptDisk can typically clone a 200GB disk in about 90 seconds.
CryptDisk is a work-in-progress, neither the author nor nlited systems inc. make any guarantees nor provide any warranties for the software or its use in any situation nor assume any liability for damages incurred while using the software.
Use at your own risk.
Comments are moderated. Anonymous comments are not visible to other users until approved. The content of comments remains the intellectual property of the poster. Comments may be removed or reused (but not modified) by this site at any time without notice.