n l i t e d

:



Thread Links
next

User Manual

📢 PUBLIC Page 1052:45/45 | edit | chip 2018-04-15 12:17:36
Tags: CryptDisk

August 19 2017



CryptDisk is a work-in-progress, neither the author nor nlited systems inc. make any guarantees nor provide any warranties for the software or its use in any situation nor assume any liability for damages incurred while using the software.

CryptDisk contains no backdoors (aka password recovery). If the password is forgotten or the key file is lost, the data is lost forever. Period. I'm not kidding.

Use at your own risk.


Downloading

CryptDisk is downloaded as a zipfile containing two files, CryptDisk.exe (the loader app) and CryptDriver2.sys (the virtual disk device driver). No other files are required, there is no installer.

These are beta releases.

Installing

CryptDisk must be run as admin the first time to install the service.

  1. Run CryptDisk as admin.
  2. Debug builds only: Click "Driver > Load"
  3. You should "Driver authentication complete."

Installation is now complete. Click "Driver > Unload" to stop the service, then exit the CryptDisk program. CryptDisk can run as a normal process.

Uninstalling

  1. Run CryptDisk as admin.
  2. If there are any volumes mounted, unmount them.
  3. Click "Driver > Unload"
  4. Click "Driver > Uninstall"

This does not clear the registry keys. CryptDisk stores everything under "HKCU\Software\nlited\CryptDisk". You can use RegEdit to delete the key and everything under it.

Starting CryptDisk

CryptDisk does not start automatically, you need to launch CryptDisk and load the driver to access any CryptDisk volumes.

  1. Run CryptDisk as a normal user.
  2. Click "Volume > Mount" to mount volumes.

CryptDisk does not need to be running once the driver is loaded. You can close the CryptDisk app and continue to use mounted volumes.

Getting Started

  1. Create a key file
  2. Create a disk.
  3. Mount the disk.
  4. Format the disk.
  5. ... profit!
  6. Unmount the disk.
  7. Create a backup clone

Create a Key File

You need a key file before you can do anything else. A new key can be created using the command KEY CREATE or the UI (Menu > Keys > New).

The "Key Name" is the friendly name for the key, the name that will be shown in lists and prompts. It does not need to be unique, but should be enough to remind you what it is. The name will be visible as plain text in the key file.

The Encryption Method sets the block encryption method used for anything encrypted using the key. Click the button to cycle through the choices.

Parameters sets custom encryption values. Leave this unchecked to use the defaults. The values depend on the method, but are generally the internal round counts. This is an expert setting, if you are still confused just leave Parameters unchecked.

Passcode is the password for the key. Longer is better, but it should be something you can remember without needing to look it up. The password text is hashed through Argon2 to generate the final secret.

Key File is the where the key will be saved. The key file is a small (~1KB) text file. You can edit the file to add notes, but do not modify any text between the >>>> and <<<< markers.

The key files must be kept secret and never lost! Make a copy and stash it in your safe. CryptDisk contains no back doors, no "password recovery" schemes. If you lose the key file or forget the password your data is lost forever! I'm not kidding.

Three things are needed to access your secret data:

  1. Key file: Keep this on a micro USB drive on your key chain.
  2. Password: Keep this in your head.
  3. Media file: This is not a secret.

Create a Disk

First, you need to open the key that will be used for the disk. This key will then be needed each time you want to use the disk. Open the key using the command KEY OPEN Or the UI (Menu > Keys > Open).

Create a new disk using the command MEDIA CREATE or the UI (Menu > Volumes > Create).

Media File is where the new disk will be saved. Make sure there is enough physical disk space to hold the virtual disk file. Media can be stored on network disks.

Media size is the size of the media file ("container"). The usable space on the virtual disk will be something less. The size can be suffixed with K, M, or G. "4G" will create a disk with 4,000,000,000 bytes. The minimum and maximum disk size will be determined by the file system you intend to use.

The "Quick Format" will skip the step where "empty" data is written to every sector in the disk. However, NTFS will always write to unused space so this won't save any time when the media is stored on a physical disk that uses NTFS. It is better to leave this unchecked.

Check "Encrypt" to enable encryption, otherwise data will be stored as plain text. Select the key you want to use from the list box. If the list box is empty, you forgot to open a key and need to click Cancel.

Click OK to create the disk. This can be a lengthy operation for very large disks, plan on a couple of hours for a 200GB disk. If this process is interrupted the disk may cause very long and unexpected system hangs. It is better to delete a partially formatted disk and start over.

Mount the Disk

The new disk can be mounted using the command DRIVER MOUNT Or the UI (Menu > Volumes > Mount...)

Select a drive letter ("mount point") and the path to the media file.

You can enter the password here or leave it blank to be prompted later, if the key is not already open. Keys are cached until the CryptDisk.exe application is closed or you explicitly clear the keys. Keys are cleared using the command KEY CLEAR or the UI (Menu > Keys > Clear)

If CryptDisk has access to the correct key file and your password is correct, the new volume will appear in the main window's list box. You can add a mounted disk as a "Favorite" by selecting it in the list and clicking (Menu > Volume > Favorites > Add).

The disk should now appear in File Explorer and can be used just like any other disk.

Format the Disk

Creating the disk performed a "raw sector format". Now you need to format the disk with your favorite file system. You can do this by double-clicking the disk in File Explorer or using the command VOLUME FORMAT

After the file system formatting is done, the disk is ready for use.

Unmount the Disk

Disks are gracefully unmounted when Windows shuts down, so there is no need to manually unmount the disk. You can also unmount the disk on demand using the command DRIVER UNMOUNT or the UI by selecting the disk from the list and clicking (Menu > Volumes > Unmount), the "Unmount" button, or the "Unmount All" button. CryptDisk will try to gracefully close all open files before unmounting. Some programs (I looking at you, File Explorer!) retain open handles and will prevent the disk from unmounting. The "Force" check box will ignore the open handles and unmount the disk. This is safe if you close all your programs and wait a few seconds, but any unsaved data will be lost when the disk is forcibly unmounted.

Create a Backup Clone

One of the nicest features of CryptDisk is how quick and easy it is to archive your data. A clone is an exact copy of a disk that is locked to its parent. Creating a clone is a lengthy operation, requiring roughly the same time required to create the disk. Updating a clone is much quicker, typically requiring only 1-2% as long.

The disk must be unmounted to create or update the clone, and the key must be open. The clone is created using the command CLONE COPY or the UI (Menu > Volumes > Clone).

And Wait, There's More!

CryptDisk is designed for power-users and many of the really powerful functions are found in the command interface. The commands can be explored using the "HELP" option. For example the various media commands can be explored using the commands
MEDIA ? MEDIA CREATE ?

If you have any further questions, please go to the CryptDisk web site (https://aws.nlited.org/p1052.htm). Each page has a "Comment" button at the bottom.

Volumes and Keys

CryptDisk manages volumes and keys separately to provide a greater flexibility than a simple password/volume approach. The password unlocks the key, the key unlocks the media. All three components are required.

  • Key and media files should be stored on separate physical media. Keep the key files on a USB drive on your keychain. Keep the passwords in your head. (And nowhere else, this is your master password. All your other passwords can be saved inside a CryptDisk volume.).
  • The same key can be used for any number of volumes.
  • The same password can be used for multiple keys.
  • Keys can be re-encoded with a new password without requiring the entire volume to re-encoded.
  • Keys can be cloned with a different password to allow others to access a volume without disclosing the original key's password.

Cloning Volumes

It is common to copy a volume from one machine to another with the intention of moving the working version, not forking it. This usually involves tediously copying the entire volume, a time-consuming and error-prone process. Then it is up to user to remember which copy of the volume is the current version.

When CryptDisk creates a clone of a volume, the ID of the original volume is recorded. A full volume copy is then made to create the clone. Subsequent updates of a clone back to the original, the original to a clone, or a clone to another sibling clone are then treated as incremental updates, copying only the sectors that have changed. CryptDisk will lock the original, allowing read-only access. Only the most current version can be updated. Moving a volume from one physical disk to another takes only a fraction of the time of a full copy since the vast majority of sectors are typically unchanged. CryptDisk warns you when trying to update a locked volume.

This same incremental approach also makes creating volume backups much easier and more convenient.

The main reason for writing CryptDisk was to avoid the tedium and problems involved in waiting 35 minutes to copy a 200GB TrueCrypt volume. CryptDisk can typically clone a 200GB disk in about 90 seconds.

Known Bugs, Missing Features

CryptDisk is a work-in-progress, neither the author nor nlited systems inc. make any guarantees nor provide any warranties for the software or its use in any situation nor assume any liability for damages incurred while using the software.

Use at your own risk.

Known Bugs

  • The Disk Activity lights are not working.
  • The Disk Activity lights support only a single volume.

ToDo List

  • ✅Re-encoding keys with a new password.
  • ✅Cloning keys with a different password.
  • ✅Re-encoding volumes with a new key.
  • The device list should include indicators for a volume's lock status, original volume ID, and other interesting information from the VolumeInfo.
  • Each volume should have its own disk activity lights.
  • ✅CryptDisk should automatically load the driver. (This is a release feature.)
  • CryptDriver does not handle the "Eject" system request.
  • ✅Process filtering. Allow/Deny disk access by process.
  • Allow the user to control the HotPlug configuration. Enabling write-cache provides better performance with higher risk of data loss and less (no?) process control.
  • A system tray applet for when the main CryptDisk.exe window is dismissed.


close comments Comments are closed.

Comments are moderated. Anonymous comments are not visible to other users until approved. The content of comments remains the intellectual property of the poster. Comments may be removed or reused (but not modified) by this site at any time without notice.

  1. [] ok delete


Page rendered by tikope in 117.115ms