.net (French) 1996 December

home *** CD-ROM | disk | FTP | other *** search

/ .net (French) 1996 December / .net Magazine (FR) - Issue 02 - Dec 1996.iso / Utilpers / DIRCRYPT / DIRCRYPT.DOC < prev next >

Wrap

Text File | 1995-11-24 | 55KB | 997 lines

────────────────────────────────────────────────────────────────── ─────────────────────────────────────────────────────────── Documentation for DIRCRYPT Version 2.11 - english version - for the german version please read DEUTSCH.TXT la documentation française est cachée dans FRANCAIS.DOC ─────────────────────────────────────────────────────────── ────────────────────────────────────────────────────────────────── Shareware-Program Author and (C)opyright 1995: Timo Hartmann FIDONET: 2:2457/315.3 INTERNET: timo_hartmann@citybox.fido.de CIS: 100753,1266 All Rights Reserved ────────────────────────────────────────────────────────────────── All product names mentioned in this software and documentation are trademarks or registered trademarks of their respective owners. They are used for identification purposes only. ┌────────────────────────────────────────────────────────────────┐ │ Contents │ └────────────────────────────────────────────────────────────────┘ CHAPTER I - INTRODUCTION, INFO FOR GERMAN SPEAKING USERS 1.1 What is Dircrypt 1.2 The principle of Dircrypt CHAPTER II - GENERAL INFORMATION 2.1 Files 2.2 Disclaimer 2.3 Before using Dircrypt 2.4 Users of previous dircrypt versions 2.5 Shareware 2.6 Contact to the author CHAPTER III - USING DIRCRYPT 3.1 Keyboard 3.2 General CHAPTER IV - WORKING WITH DIRCRYPT 4.1 Encryption 4.1.1 Encryption level 2 4.2 Decryption 4.3 Automation of encryption and decryption 4.3.1 Create EXE-Loader 4.3.2 Commandline-Parameters, Batchfiles 4.4 Masterpassword 4.5 Programpassword 4.6 Dircrypt with more than one user 4.7 Logfile DC-LOG.LOG 4.8 Menu item "Drive-setup" 4.9 Menu item "Rebuild datafile" 4.10 Menu item "Sessionpassword" 4.11 Option "Datafile duplicate save" 4.12 Option "Progress log" CHAPTER V - Compatibility and problem solutions 5.1 Dircrypt and Windows 3.x 5.2 Dircrypt and Windows 95 5.3 Dircrypt and OS/2 5.4 Dircrypt and disk double / disk compression 5.5 Can't remember password ! What now ? 5.6 Datafile DCDATA*.DAT deleted ! What now ? 5.7 Free "bad" cluster 5.8 Error messages CHAPTER VI 6.1 Thoughts on security 6.2 Errorlevel 6.3 Credits ┌────────────────────────────────────────────────────────────────┐ │ │ │ │ │ Chapter I Introduction │ │ │ │ │ └────────────────────────────────────────────────────────────────┘ The original version of Dircrypt is in german, so if you are more familiar with german please take a look at the file DEUTSCH.TXT. This file contains information on how to get the german version. ┌────────────────────────────────────────────────────────────────┐ │ 1.1 What is Dircrypt │ └────────────────────────────────────────────────────────────────┘ Dircrypt is a fast and secure program to protect your data from unauthorized access. Your data will be completely hidden and protected, using a bootdisk or certain utilities like diskeditors is useless. Dircrypt is extremely fast, for example 40 MB on a harddisk are protected in less than 5 seconds. Because of this it is possible to protect your files anytime without the need to wait minutes or hours. You can protect your data at the end of each computer session without delays, you can decrypt files on harddisk or floppydisk, use them, and encrypt them again, all this within a few seconds. Dircrypt can also be used on computers with more than one user, every user can protect his own data on the same harddisk. Run DEMO.EXE for a short demonstration of Dircrypt. ┌────────────────────────────────────────────────────────────────┐ │ 1.2 The principle of Dircrypt │ └────────────────────────────────────────────────────────────────┘ Dircrypt is based on the principle of protecting files and directories by deleting their directory entries and marking their clusters as bad. That means if you use CHKDSK on a drive with protected data on it you will be shown some bad clusters. This is nothing to worry about, these bad clusters will disappear as soon as you decrypt your data again. There will also be no problems if you have real bad clusters on your disk, Dircrypt is able to tell real and faked bad clusters apart. The deletion of the directory entries is done in a way which makes it impossible even for a professional to restore them, even when using utilities like Undelete or diskeditors. Your selected files and directories are securely hidden and protected, there is no way to get access or get to know their names in the first place. Dircrypt can be used on harddisks and floppydisks, but as far as I know it will not work on netdrives (like any format or diskcopy would not work). If you want to encrypt data on a network drive Dircrypt must be run on the computer which owns this drive. Do not use Dircrypt on compressed drives like "Stacker", "Double Space" etc. before reading paragraph 5.4. ┌────────────────────────────────────────────────────────────────┐ │ │ │ │ │ Chapter II - GENERAL INFORMATION │ │ │ │ │ └────────────────────────────────────────────────────────────────┘ ┌────────────────────────────────────────────────────────────────┐ │ 2.1 Files │ └────────────────────────────────────────────────────────────────┘ DIRCRYPT.EXE the main program DCHELP.HLP Helpfile for DIRCRYPT.EXE DCAUTO.DAT Datafile used by Dircrypt DCAUTOW.DAT Datafile used by Dircrypt DEMO.EXE Dircrypt demonstration program DEMO1.DAT Datafile used by DEMO.EXE DIRCRYPT.DOC Dircrypt documentation (this file) ORDER.DOC Register form and how to register SHAREWAR.TXT Informations on shareware HISTORY.TXT Version-History of Dircrypt BBS.TXT obtain latest version via BBS DEUTSCH.TXT Information for german speaking users FRANCAIS.TXT Information for french speaking users LIST.EXE Program to show textfiles READ.ME Info DCUNMARK.EXE Additional program, read paragraph 5.6 DCUNMARK.DOC Manual to DCUNMARK FILE_ID.DIZ Infofile for BBS VENDOR.DOC Infofile for vendors Latest versions of Dircrypt can be found on "Citybox Siegen" BBS, please read BBS.TXT for further information. ┌────────────────────────────────────────────────────────────────┐ │ 2.2 Disclaimer │ └────────────────────────────────────────────────────────────────┘ DIRCRYPT IS SUPPLIED AS IS. THE AUTHOR DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE WARRANTIES OF MERCHANTABILITY AND OF FITNESS FOR ANY PURPOSE. THE AUTHOR ASSUMES NO LIABILITY FOR DAMAGES, DIRECT OR CONSEQUENTIAL, WHICH MAY RESULT FROM THE USE OF DIRCRYPT. IF YOU DO NOT ACCEPT THIS, OR IF YOU DO NOT COMPLETELY UNDERSTAND IT THEN DO NOT USE THIS PROGRAM. ┌────────────────────────────────────────────────────────────────┐ │ 2.3 Before using Dircrypt │ └────────────────────────────────────────────────────────────────┘ A very good advise before trying out new software on your PC is making a backup. This is especially true for software like Dircrypt, which makes direct manipulations to your disk structures. Dircrypt is working fine on a lot of computers, but naturally Dircrypt has not been tested on all possible configurations. So if you are first trying Dircrypt, then try it on a disk with no important data on it, or make a backup! ┌────────────────────────────────────────────────────────────────┐ │ 2.4 Users of previous dircrypt versions │ └────────────────────────────────────────────────────────────────┘ Dircrypt Version 2 is not able to decrypt data protected with Dircrypt Version 1. To decrypt this data please use the older version of Dircrypt. This is the consequence of the new features of Dircrypt 2, for example encryption of files or directories in subdirectories. ┌────────────────────────────────────────────────────────────────┐ │ 2.5 Shareware │ └────────────────────────────────────────────────────────────────┘ Dircrypt is distributed as Shareware, which means you may try out if Dircrypt fits your needs, but if you want to use Dircrypt apart from testing purposes you are required to buy the program. Dircrypt costs 30 DM (inside germany) or 30 US$ for non-commercial private use, and 50 DM (inside germany) or 40 US$ for use in a commercial environment. Read SHAREWAR.TXT for further informations on the Shareware principle. If you decide to buy Dircrypt please print out the registerform in ORDER.DOC, complete it and send it to one of the addresses shown in ORDER.DOC. In this file you will also find further information on registering (where and how). ┌────────────────────────────────────────────────────────────────┐ │ 2.6 Contact to the author │ └────────────────────────────────────────────────────────────────┘ Please direct any orders and complaints about missing files or non-working copies as well as all communication in languages except english or german to our national registration sites. Our national registration sites are answering normal support questions as well. FIDONET: 2:2457/315.3 e-mail : th@citybox.fido.de CIS : 100753,1266 Timo Hartmann, Oststr. 38, 57074 Siegen, Germany ┌────────────────────────────────────────────────────────────────┐ │ │ │ │ │ CHAPTER III - USING DIRCRYPT │ │ │ │ │ └────────────────────────────────────────────────────────────────┘ ┌────────────────────────────────────────────────────────────────┐ │ 3.1 Keyboard │ └────────────────────────────────────────────────────────────────┘ Key commands will be enclosed in < >, for example <Alt>. This means you are asked to press the Alt-Key, do not press < or >. <Alt>-<M> means press the Alt-Key and M while holding Alt. Well, just as usual. ┌────────────────────────────────────────────────────────────────┐ │ 3.2 General │ └────────────────────────────────────────────────────────────────┘ Dircrypt features a SAA desktop. Since this is a standard interface you should be familiar with its operation. Hit <F10> to activate the menubar, <F1> for online help, <TAB> to move in dialog windows. ┌────────────────────────────────────────────────────────────────┐ │ │ │ │ │ CHAPTER IV - WORKING WITH DIRCRYPT │ │ │ │ │ └────────────────────────────────────────────────────────────────┘ ┌────────────────────────────────────────────────────────────────┐ │ 4.1 Encryption │ └────────────────────────────────────────────────────────────────┘ Before encryption you must choose the desired drive, so press <F2> or select the menu item "Drive/Change drive" for this purpose. Then select "Drive/Encryption" or hit <F3> for encryption. You will be presented with a dialog window containing two listboxes, of which the left box shows all files and directories in the selected drives root directory at first. You can select files or directories to encrypt by clicking with the mouse or pressing space on the desired filename. The selected file or directory will be marked and will also appear in the right listbox, which shows all of the to be encrypted files. To select files in subdirectories just move the selection bar to a directory name and press enter to change to this directory. You can change between the two listboxes by using cursor left and cursor right. When in the right listbox you can unselect files by pressing space, and you can toggle encryption level by hitting "M". Encryption level 2 is a lot slower than normal encryption, so just use it when really neccessary. You can change encryption level for all files at once be pressing <Alt>-<M>. Please read paragraph 4.1.1 for further information on encryption levels. After you have selected all entries you wish to encrypt, press the "Start" button. Dircrypt will ask you for a password, and encrypt the selected files and directories. You can decrypt by choosing the menu item "Drive/Decrypt". For safety reasons your password input will be shown as X for every char. Please note that uppercase and lowercase are NOT treated the same, and special chars like space are also allowed. By the way, the longer the password, the better the security (a 2 chars password could be guessed easily). For this reason the supplied password must be at least 5 chars long. Now Dircrypt will start encryption, with normal encryption level this will be extremely fast, for example 5 seconds for 1,44 MB in 10 files on a floppy! disk. Harddrive encryption will be much faster, for example less than 5 seconds for 40 megabytes. ┌──────────────────────────┐ │ 4.1.1 Encryption level 2 │ └──────────────────────────┘ There are two levels of encryption, "normal" and "level 2". How these levels are set is described in paragraph 4.1 above. At encryption level "normal" the filedata itself is not encrypted, only the directory entries and internal DOS structures (like FAT) are manipulated to show no more signs of an encrypted file. This means that no access to the file is possible anymore, the file has disappeared. But the filedata naturally is still on the disk, spread in single data blocks (clusters). If you encrypt plain textfiles, it is theoretically possible to use a diskeditor, search the disk for fragments of a textfile and read them. This needs time and is not easy, but it can be done. If your textfiles contain really sensible data you better use "level 2" encryption, which means each file will be encrypted seperately. But be aware that in order to do this Dircrypt completely reads each file and writes it back to disk. This is a lot slower than "normal" encryption level, in fact it is just as slow as any other encryption software. The needed time is mainly determined by disk read and write time, and you know that for example reading 50 megabytes and writing them again takes its time even on a fast harddisk. So use "level 2" only if really neccessary, in other cases use normal encryption. ┌────────────────────────────────────────────────────────────────┐ │ 4.2 Decryption │ └────────────────────────────────────────────────────────────────┘ Hit <F4> or select "Drive/Decrypt" for decryption. Dircrypt will ask you for a password and check if there is any data on the current disk encrypted with the supplied password. If there is more than one group of data Dircrypt will ask you which one to decrypt. ┌────────────────────────────────────────────────────────────────┐ │ 4.3 Automation of encryption and decryption │ └────────────────────────────────────────────────────────────────┘ ┌────────────────────────────┐ │ 4.3.1 Create EXE-loader │ └────────────────────────────┘ In most cases you don't need to encrypt different directories or files each time, but you have your applications or data which you would like to be protected. Therefore it is annoying to select the same files again and again each time you want to encrypt them. By using the menu item "Create EXE-loader" you can create an EXE- file which does the following: decrypt your data after asking you for the right password, call your application, and encrypt your data again after your application has terminated. For example if you have a directory named C:\BUSINESS and an application FINANCE.EXE in it which you like to protect from unauthorized access. This feature lets you create a loader, for example C:\F.EXE. F.EXE will manage decryption and encryption automatically. If you call F.EXE it will decrypt your directory C:\BUSINESS, call C:\BUSINESS\FINANCE.EXE, and after you quit FINANCE.EXE encrypt C:\BUSINESS again. Your data will be securely protected, and only the right password will give access, but you are able to work with your program as usual. The only additional work is typing in the password for decryption (encryption does not need the password to be typed in again). Another example, with complete information on the dialog window: At "commandline" type in the complete commandline for calling your program, for example "C:\DATA\MYPROG.EXE". Append commandline parameters if necessary. At "workdir" type in the directory from which the program will be called, for example "C:\DATA". At "Loader EXE-filename" type in the name of the new EXE-file which is to be created. Later you can call this EXE-file for encryption, execution of your program, and decryption (no need to call Dircrypt yourself anymore). Obviously this EXE-file should not be located in a directory which will be encrypted, because you call it to decrypt your data. Example: "C:\MYPROG.EXE". Use the "search" buttons for easy selection of filenames and directories. After all input has been made select "Ok". Dircrypt will ask you for the files and directories you want to encrypt, encrypt them and create the new loader executable. If you want to use your encrypted program the next time just call this loader instead of your (encrypted) program, and all you need to do is type in the right password. Decryption, starting your program, and encryption after your program has terminated will be handled automatically. ┌──────────────────────────────────────────┐ │ 4.3.2 Commandline-Parameters, Batchfiles │ └──────────────────────────────────────────┘ Dircrypt can be operated by commandline, which lets you do the same like the EXE-loader does for you. You can create batchfiles to automatically handle encryption and decryption. I recommend using a EXE-loader instead (read 4.3.1). Commandline parameters are supported only for compatibility reason with version 1 of Dircrypt. The following parameters are available: DIRCRYPT Drive: ────────────────── Examples: DIRCRYPT C: , DIRCRYPT F: This just means the given drive is set as default when calling dircrypt. Parameters /E (Encryption) and /D (Decryption): ───────────────────────────────────────────────────────── You can use this parameters to avoid using the menudriven interface of Dircrypt, so you just need to type in the password for decryption and that's it. Encryption can even be made completely without user input. How this works: If you decrypt files or directories by using "DIRCRYPT Drive: /D" Dircrypt will ask for the password immediately, decrypt your data, and exit. The only keys you need to press are those for password input. In order to make encryption just as easy to use as decryption Dircrypt saves the names of the decrypted files and the used password in a temporary file named DCDATA*.DIR (which is encrypted of course, so your password can not be read). If you call "DIRCRYPT Drive: /E" after having worked with your decrypted data, Dircrypt will use the saved information to re-encrypt your data without any user input. Just wait a few seconds, and your data will be protected again. Example: Lets say Dircrypt is installed in C:\DIRCRYPT, and D:\TEXT contains private data you want to be protected. The first time you encrypt this directory as usual from within Dircrypt (select drive, select files, encrypt). The next time you want to use your data just call "DIRCRYPT D: /D". Dircrypt will ask for the password and decrypt D:\TEXT. Now you can work with your data. After you have finished work just call "DIRCRYPT D: /E" to encrypt your data again. You don't need to supply the password again, or select the directory D:\TEXT, everything is done automatically. In order to make this all just more easy and convenient you can use batch files, for example TEXT.BAT: C:\DIRCRYPT\DIRCRYPT.EXE D: /D D:\TEXT\MYPROG.EXE C:\DIRCRYPT\DIRCRYPT.EXE D: /E You will find further information on batch files in your DOS manual. You can even create batchfiles like LOGIN.BAT and LOGOFF.BAT which can be used to decrypt your data at the begin of a PC session, and encrypt your data before switching off the PC. Commandline parameters /E?? and /D??: ───────────────────────────────────── These parameters work just like /E and /D, only that they can be used if you want to manage more than one group of files with commandline parameters. Dircrypt stores the information for commandline encryption in DCDATA.DIR. If you use /E?? or /D?? Dircrypt will use the file DCDATA??.DIR, e.g. /D01 will create DCDATA01.DIR, and this file will not collide with /D99, which will create /D99. ┌────────────────────────────────────────────────────────────────┐ │ 4.4 Masterpassword │ └────────────────────────────────────────────────────────────────┘ The masterpassword can be set with "Setup\Masterpassword". This password serves three purposes: first it protects the current dialog window, so unauthorized users can not make any changes to the settings, second it serves as a programpassword, if the option "programpassword" is activated, and third it can be used for decrypting files which have been encrypted with the option "masterpassword" activated. The option "masterpassword active" serves as a backdoor for decrypting files without knowing the used password. If this files have been encrypted with the option set, the masterpassword can be used for decryption by choosing the menu item "Drive/Master- decrypt". This feature is especially useful if you want other persons to be able to protect their data from each other on your PC, but you want complete access to all data in case of need. ┌────────────────────────────────────────────────────────────────┐ │ 4.5 Programpassword │ └────────────────────────────────────────────────────────────────┘ The option "programpassword active" is for protecting the execution of Dircrypt itself. If activated the right password must be supplied at startup of Dircrypt, otherwise Dircrypt will not work. This way no one can even try to use Dircrypt if he does not know the programpassword. To set the programpassword press the button "programmpassword". Please note that apart from the programpassword the masterpassword can also be used to get access to Dircrypt. Use the masterpassword if you want access to this dialog and to the menu item "master-decryption". If you log in with the programpassword and not with the masterpassword you have no access to this features. If you activate the option "programpassword as only password" Dircrypt will always use the programpassword for encryption and decryption. This is useful if you are always using the same password, this way you just have to supply the password once at program startup, and afterwards Dircrypt will automatically use this password and not ask before each encryption or decryption. ┌────────────────────────────────────────────────────────────────┐ │ 4.6 Dircrypt with more than one user │ └────────────────────────────────────────────────────────────────┘ Dircrypt allows multiple protected areas (groups of files ) on one disk, with the same or different passwords. This is especially useful on PCs with two or more users, who like to protect their private data from each other. See the paragraphs on "Masterpassword" and "Programpassword" for information on useful features concerning muli-user dircrypt. ┌────────────────────────────────────────────────────────────────┐ │ 4.7 Logfile DC-LOG.LOG │ └────────────────────────────────────────────────────────────────┘ The file DC-LOG.LOG is for logging failed decryptions because of wrong passwords. You can delete this file if it gets to big. ┌────────────────────────────────────────────────────────────────┐ │ 4.8 Menu item "Drive-setup" │ └────────────────────────────────────────────────────────────────┘ This is for creating a DCDATA.DIR file. See paragraph 4.3.2 for further information on this file. This works just the same as normal encryption, only that you hit the "Save"-Button when done, and the selected files will not be encrypted immediately but saved for encryption with commandline parameters. ┌────────────────────────────────────────────────────────────────┐ │ 4.9 Menu item "Rebuild datafile" │ └────────────────────────────────────────────────────────────────┘ DIRCRYPT saves information about an encryption in a file named DCDATA*.DAT. This file is needed for decryption, without this file decryption is impossible. This file is made writeprotected and hidden to prevent it from being deleted by mistake. But it is still possible to delete the file, for example with certain filemanagers. If this has happened you can rebuild the datafile. This is only possible if you know the right password and the option "datafile duplicate save" has been activated on encryption. Rebuilding is only possible if there are no other encrypted areas on the disk, so decrypt all files on the disk before trying to rebuild a datafile. After rebuilding a datafile you can decrypt the data as usual. ┌────────────────────────────────────────────────────────────────┐ │ 4.10 Menu item "Sessionpassword" │ └────────────────────────────────────────────────────────────────┘ At this point you may set a default password for encryption. This is useful if you want to encrypt several groups of files with the same password. If a session password is set you don't have to enter the password for each encryption, instead Dircrypt will use the sessionpassword. A sessionpassword is only valid for the current run of dircrypt, if you exit Dircrypt the sessionpassword will not be saved. In addition the sessionpassword is only functional for encryption, not for decryption. You can deactivate a sessionpassword by choosing the menuitem "Delete session password". ┌────────────────────────────────────────────────────────────────┐ │ 4.11 Option "Datafile duplicate save" │ └────────────────────────────────────────────────────────────────┘ DIRCRYPT saves information about an encryption in a file named DCDATA*.DAT. This file is needed for decryption, without this file decryption is impossible. This file is made writeprotected and hidden to prevent it from being deleted by mistake. But it is still possible to delete the file, for example with certain filemanagers. If you think the DCDATA*.DAT file may get deleted by mistake you can activate this option. In response Dircrypt will make a copy of the datafile when encrypting. This copy is not a file, but it is placed in sectors marked as bad, so it can not be deleted or destroyed unintentionally. If the first DCDATA-file is lost, Dircrypt is able to reconstruct the file using this copy. For this choose the menu item "Rebuild datafile". There is a drawback when activating duplicate save: the diskspace needed for the datafile is doubled because of the copy (which is not much of course, just a few KB), and encryption may take (insignificantly) more time. You may only recover a datafile if you know the right password. ┌────────────────────────────────────────────────────────────────┐ │ 4.12 Option "Progress log" │ └────────────────────────────────────────────────────────────────┘ Use this to protect Dircrypt against power blackout or switching off the PC by mistake. If activated you can restart Dircrypt and Dircrypt will continue the interrupted encryption or decryption. Progress-log can only be used when encryption or decryption is not taking place on the same drive where DIRCRYPT.EXE resides. Major drawback: encryption and decryption will be noticable slower. Note that this option is not a guarenteed protection against loss of data when the computer is switched off during operation of Dircrypt. So MAKE BACKUPS to be on the safe side. By the way, I myself don't use this option because I want real fast encryption and decryption, and I have backups. ┌────────────────────────────────────────────────────────────────┐ │ │ │ │ │ Chapter V - Compatibility and problem solutions │ │ │ │ │ └────────────────────────────────────────────────────────────────┘ ┌────────────────────────────────────────────────────────────────┐ │ 5.1 Dircrypt and Windows 3.x │ └────────────────────────────────────────────────────────────────┘ You may use Dircrypt under Windows 3.x if you watch out for the following: Since Dircrypt manipulates directory entries and other disk structures there should be no other program running in the background which writes to the same disk as Dircrypt. You can be sure of this by executing Dircrypt "exclusively" under Windows and not changing the task while Dircrypt is working. Read your Windows manual for further information. Never encrypt the Windows directory or system files like the swapfile when Windows is currently running. This would lead to errors in Windows. 32-Bit-Access ───────────── On some systems Dircrypt does not work properly under Windows 3.x if 32-Bit-Access is activated. If you have it activated and you get the message "Interrupt 26 blocked to preserve volume integrity" from Windows when running Dircrypt then you must disable 32-Bit-Access in order to use Dircrypt under Windows 3.x. ┌────────────────────────────────────────────────────────────────┐ │ 5.2 Dircrypt and Windows 95 │ └────────────────────────────────────────────────────────────────┘ Dircrypt is compatible with Windows 95 and the long filenames. These long filenames can be encrypted and decrypted. Since Windows 95 supports drive locking there should be no problem with other applications running in the background, because Dircrypt will lock a drive before encrypting or decrypting. Never encrypt the Windows 95 directory or system files like the swapfile WIN386.SWP when Windows 95 is currently running. This would lead to errors in Windows 95. ┌────────────────────────────────────────────────────────────────┐ │ 5.3 Dircrypt and OS/2 │ └────────────────────────────────────────────────────────────────┘ As far as I know OS/2 does not support the direct manipulation Dircrypt does on the harddisk. For this reason you will just get an error message when using Dircrypt under OS/2. Maybe it is possible to use Dircrypt under OS/2, but since I do not use OS/2 I am not sure how to do this. ┌────────────────────────────────────────────────────────────────┐ │ 5.4 Dircrypt and disk doubler / disk compression │ └────────────────────────────────────────────────────────────────┘ This paragraph is on Dircrypt and programs like Stacker, Double Disk or Double Density, programs which compress a whole partition "on the fly". Dircrypt is tested with the disk compression programs delivered with MSDOS 6.0 and 6.2. Other disk compression programs are not tested and very probably will not work with Dircrypt, since Dircrypt accesses DOS-internal disk structures which do not exist on most compressed drives. If you want to try Dircrypt on a compressed drive which is not made by MSDOS-DBLSPACE or DRVSPACE be sure to make a backup of the entire drive first. ┌────────────────────────────────────────────────────────────────┐ │ 5.5 Can't remember password ! What now ? │ └────────────────────────────────────────────────────────────────┘ If you can not remember your password (please note that uppercase and lowercase are distinguished) there is no way to get access to the encrypted data if you didn't have the "Masterpassword" option actived on encryption. Even I as the author of Dircrypt can not get access to your data, there is no backdoor in Dircrypt. So better remember your password. If you want to delete the encrypted data because you can not remember the password use DCUNMARK.EXE (see paragraph 5.6). ┌────────────────────────────────────────────────────────────────┐ │ 5.6 Datafile DCDATA*.DAT deleted ! - What now ? │ └────────────────────────────────────────────────────────────────┘ Very bad. If you had the option "datafile duplicate save" activated on encryption you can rebuild the datafile by choosing "Tools/Rebuild datafile". If this option was not activated you may try an UNDELETE utility. If this does not work your data is lost. To free the bad-marked clusters read paragraph 5.6. ┌────────────────────────────────────────────────────────────────┐ │ 5.7 Free "bad" cluster │ └────────────────────────────────────────────────────────────────┘ If you want to free the clusters/sectors Dircrypt has marked as bad you can use DCUNMARK.EXE. This program will delete the "BAD" flag on all simulated bad sectors. This means that all encrypted data is lost (not decrypted), so decrypt all files that you can before using DCUNMARK. Again: ALL!! ENCRYPTED DATA ON THE SELECTED DISK IS LOST WHEN USING DCUNMARK.EXE. ┌────────────────────────────────────────────────────────────────┐ │ 5.8 Error messages │ └────────────────────────────────────────────────────────────────┘ "Drive could not be locked" ─────────────────────────── This error occurs under Windows 95 when Dircrypt can not get exclusive access to the drive. Windows 95 allows direct disk manipulation only after locking the drive. Check if other active programs have exclusive access (i.e. locked) the drive (e.g. Defrag, Scandisk, ...). Close these programs and try again. "Wrong filesystem" ────────────────── Dircrypt works only on MSDOS-based filesystems which have a FAT. You can not use Dircrypt an other filesystems, e.g. CDROMs or NTFS-drives (Windows NT). "Long filenames not supported" ────────────────────────────── This error occurs when trying to decrypt files or directories which have been encrypted under Windows 95, and when Windows 95 is not running at the moment. Some of the encrypted files use the long filenames available under Windows 95, but the current operating system (e.g. DOS 6.xx) does not support this long names. If you continue to decrypt the long filenames will be lost, and the files will only have their short names (8 chars, 3 chars suffix). Win95-programs may not be able to find this files anymore because their long name is no longer available. It is recommended that you cancel the operation, start Windows 95 and restart Dircrypt. "Error in FAT" ─────────────────── This error occurs when the disk structures (i.e. the FAT) on the disk does not fit to Dircrypt's expectations. Use CHKDSK or SCANDISK on the disk. This error may also occure if Dircrypt is used on disk compressed with a not compatible compression program. "Error reading cluster" ─────────────────────────────── This means a Dircrypt was not able to read a certain cluster (a cluster is a data block on a disk). Check if the disk is inserted correctly. "Error writing cluster" ─────────────────────────────────── Check if the disk is write protected. If not read the previous paragraph. "Error reading bootsector" ─────────────────────────────────── Maybe the disk is not inserted properly, unformatted or damaged. This error also occurrs when you try to use Dircrypt on a network drive. Dircrypt can only be used on drives which are physically present at the used PC. "Not enough diskspace for datafile" ────────────────────────────────── When protecting data on a disk Dircrypt needs a few kilobyte (usually around 2 or 3 KB) of free diskspace in order to save its datafile. The actual size of the datafile depends on the amount of files which are protected. If this error occurs there was not enough diskspace and Dircrypt will save the datafile on another drive and decrypt the data immediately. To solve this problem you should delete or move a file from the disk to free diskspace. "Error writing datafile" ──────────────────────── Dircrypt was not able to create or write the hidden datafile to disk. Check if the disk is inserted properly and if it is not write-protected. In case of this error Dircrypt will save the datafile to another drive and decrypt the just encrypted files immediately, so no data is lost. "Error writing to root directory" ───────────────────────────────── This is a critical error, perhaps your disk is damaged. Check your disk with a utility like CHKDSK or SCANDISK. "Error writing FAT" ─────────────────── The FAT sector seems to be damaged. In most cases such a disk can not be repaired, but you may try certain disk-utilities. "Not enough memory" ─────────────────── There is not enough base memory to run Dircrypt. Exit Dircrypt and try to free more memory. "Error reading bootsector" ────────────────────────── Check if the disk is inserted properly. Maybe the disk is damaged, please check this with a proper disk-utility like CHKDSK or SCANDISK. "Error reading root directory" ────────────────────────────── read previous paragraph "Error reading FAT" ─────────────────── read previous paragraph "Wrong datafile" ──────────────── The datafile is not as expected, maybe it is a wrong file or the file has been manipulated. Decryption is only possible with a correct datafile. "No free entry in root directory" ───────────────────────────────── The root directory of a disk can only hold a limited number of files. If the maximum number is reached new files can only be created in subdirectories. Please move or delete some files from the root directory to create free space. If you are not able to solve a problem do not hesitate to write me via e-mail, my address can be found in paragraph 2.5. But please note that I can not help you remembering a lost password, there is absolutely no backdoor in Dircrypt, I can not decrypt your data if you forgot your password. ┌────────────────────────────────────────────────────────────────┐ │ │ │ │ │ CHAPTER VI │ │ │ │ │ └────────────────────────────────────────────────────────────────┘ ┌────────────────────────────────────────────────────────────────┐ │ 6.1 Thoughts on security │ └────────────────────────────────────────────────────────────────┘ I have been asked a few times how secure Dircrypt really is. So lets have a look at the way Dircrypt works. Dircrypt is so fast because it does not encrypt each byte in a file, but it encrypts the diskstructures needed by DOS to get access to the file. This means the data of the file is still there, but to just look at them you would need to use a diskeditor and search the whole disk. Not a very nice task to do, and if you do not know exactly what kind of data you are looking for it is not very easy to find and identify the data. A different case is when protecting plain ASCII-Files, which can be identified easily when someone really searches a whole disk with a diskeditor. Because of this Dircrypt offers the encrypt-level 2 (read paragraph 4.1.1), which encrypts the file itself. Obviously Dircrypt will work much slower on this file, in fact just as slow as any other typical encryption program. This is because the whole file must be read, encrypted and written back to disk. I think level 1 encryption (the default fast way) is enough in most cases, since it reliably prevents access to the protected files. ┌────────────────────────────────────────────────────────────────┐ │ 6.2 Errorlevel │ └────────────────────────────────────────────────────────────────┘ These are the errorlevels of Dircrypt. They are only of use to you if you run Dircrypt from within Batchfiles. 0 = everything Ok 1 = Decryption failed 2 = Encryption failed 100 = Input of password was canceled by user 200 = wrong programpassword 253 = Selfcheck failed 254 = not enough memory For general information on batch files and errorlevels read your DOS manual. ┌────────────────────────────────────────────────────────────────┐ │ 6.3 Credits │ └────────────────────────────────────────────────────────────────┘ Max Maischein, Author of SFECACHE.PAS ( Public Domain TPascal-Unit )