home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
.net (French) 1996 December
/
.net Magazine (FR) - Issue 02 - Dec 1996.iso
/
Utilpers
/
DIRCRYPT
/
DIRCRYPT.DOC
< prev
next >
Wrap
Text File
|
1995-11-24
|
55KB
|
997 lines
──────────────────────────────────────────────────────────────────
───────────────────────────────────────────────────────────
Documentation for DIRCRYPT Version 2.11
- english version -
for the german version please read DEUTSCH.TXT
la documentation française est cachée dans FRANCAIS.DOC
───────────────────────────────────────────────────────────
──────────────────────────────────────────────────────────────────
Shareware-Program
Author and (C)opyright 1995:
Timo Hartmann
FIDONET: 2:2457/315.3
INTERNET: timo_hartmann@citybox.fido.de
CIS: 100753,1266
All Rights Reserved
──────────────────────────────────────────────────────────────────
All product names mentioned in this software and documentation are
trademarks or registered trademarks of their respective owners.
They are used for identification purposes only.
┌────────────────────────────────────────────────────────────────┐
│ Contents │
└────────────────────────────────────────────────────────────────┘
CHAPTER I - INTRODUCTION, INFO FOR GERMAN SPEAKING USERS
1.1 What is Dircrypt
1.2 The principle of Dircrypt
CHAPTER II - GENERAL INFORMATION
2.1 Files
2.2 Disclaimer
2.3 Before using Dircrypt
2.4 Users of previous dircrypt versions
2.5 Shareware
2.6 Contact to the author
CHAPTER III - USING DIRCRYPT
3.1 Keyboard
3.2 General
CHAPTER IV - WORKING WITH DIRCRYPT
4.1 Encryption
4.1.1 Encryption level 2
4.2 Decryption
4.3 Automation of encryption and decryption
4.3.1 Create EXE-Loader
4.3.2 Commandline-Parameters, Batchfiles
4.4 Masterpassword
4.5 Programpassword
4.6 Dircrypt with more than one user
4.7 Logfile DC-LOG.LOG
4.8 Menu item "Drive-setup"
4.9 Menu item "Rebuild datafile"
4.10 Menu item "Sessionpassword"
4.11 Option "Datafile duplicate save"
4.12 Option "Progress log"
CHAPTER V - Compatibility and problem solutions
5.1 Dircrypt and Windows 3.x
5.2 Dircrypt and Windows 95
5.3 Dircrypt and OS/2
5.4 Dircrypt and disk double / disk compression
5.5 Can't remember password ! What now ?
5.6 Datafile DCDATA*.DAT deleted ! What now ?
5.7 Free "bad" cluster
5.8 Error messages
CHAPTER VI
6.1 Thoughts on security
6.2 Errorlevel
6.3 Credits
┌────────────────────────────────────────────────────────────────┐
│ │
│ │
│ Chapter I Introduction │
│ │
│ │
└────────────────────────────────────────────────────────────────┘
The original version of Dircrypt is in german, so if you are more
familiar with german please take a look at the file DEUTSCH.TXT.
This file contains information on how to get the german version.
┌────────────────────────────────────────────────────────────────┐
│ 1.1 What is Dircrypt │
└────────────────────────────────────────────────────────────────┘
Dircrypt is a fast and secure program to protect your data from
unauthorized access. Your data will be completely hidden and
protected, using a bootdisk or certain utilities like diskeditors
is useless. Dircrypt is extremely fast, for example 40 MB on a
harddisk are protected in less than 5 seconds. Because of this it
is possible to protect your files anytime without the need to wait
minutes or hours. You can protect your data at the end of each
computer session without delays, you can decrypt files on harddisk
or floppydisk, use them, and encrypt them again, all this within a
few seconds. Dircrypt can also be used on computers with more than
one user, every user can protect his own data on the same
harddisk.
Run DEMO.EXE for a short demonstration of Dircrypt.
┌────────────────────────────────────────────────────────────────┐
│ 1.2 The principle of Dircrypt │
└────────────────────────────────────────────────────────────────┘
Dircrypt is based on the principle of protecting files and
directories by deleting their directory entries and marking their
clusters as bad. That means if you use CHKDSK on a drive with
protected data on it you will be shown some bad clusters. This is
nothing to worry about, these bad clusters will disappear as soon
as you decrypt your data again. There will also be no problems if
you have real bad clusters on your disk, Dircrypt is able to tell
real and faked bad clusters apart. The deletion of the directory
entries is done in a way which makes it impossible even for a
professional to restore them, even when using utilities like
Undelete or diskeditors. Your selected files and directories are
securely hidden and protected, there is no way to get access or
get to know their names in the first place.
Dircrypt can be used on harddisks and floppydisks, but as far as I
know it will not work on netdrives (like any format or diskcopy
would not work). If you want to encrypt data on a network drive
Dircrypt must be run on the computer which owns this drive.
Do not use Dircrypt on compressed drives like "Stacker", "Double
Space" etc. before reading paragraph 5.4.
┌────────────────────────────────────────────────────────────────┐
│ │
│ │
│ Chapter II - GENERAL INFORMATION │
│ │
│ │
└────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────┐
│ 2.1 Files │
└────────────────────────────────────────────────────────────────┘
DIRCRYPT.EXE the main program
DCHELP.HLP Helpfile for DIRCRYPT.EXE
DCAUTO.DAT Datafile used by Dircrypt
DCAUTOW.DAT Datafile used by Dircrypt
DEMO.EXE Dircrypt demonstration program
DEMO1.DAT Datafile used by DEMO.EXE
DIRCRYPT.DOC Dircrypt documentation (this file)
ORDER.DOC Register form and how to register
SHAREWAR.TXT Informations on shareware
HISTORY.TXT Version-History of Dircrypt
BBS.TXT obtain latest version via BBS
DEUTSCH.TXT Information for german speaking users
FRANCAIS.TXT Information for french speaking users
LIST.EXE Program to show textfiles
READ.ME Info
DCUNMARK.EXE Additional program, read paragraph 5.6
DCUNMARK.DOC Manual to DCUNMARK
FILE_ID.DIZ Infofile for BBS
VENDOR.DOC Infofile for vendors
Latest versions of Dircrypt can be found on "Citybox Siegen" BBS,
please read BBS.TXT for further information.
┌────────────────────────────────────────────────────────────────┐
│ 2.2 Disclaimer │
└────────────────────────────────────────────────────────────────┘
DIRCRYPT IS SUPPLIED AS IS. THE AUTHOR DISCLAIMS ALL WARRANTIES,
EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE
WARRANTIES OF MERCHANTABILITY AND OF FITNESS FOR ANY PURPOSE. THE
AUTHOR ASSUMES NO LIABILITY FOR DAMAGES, DIRECT OR CONSEQUENTIAL,
WHICH MAY RESULT FROM THE USE OF DIRCRYPT.
IF YOU DO NOT ACCEPT THIS, OR IF YOU DO NOT COMPLETELY UNDERSTAND
IT THEN DO NOT USE THIS PROGRAM.
┌────────────────────────────────────────────────────────────────┐
│ 2.3 Before using Dircrypt │
└────────────────────────────────────────────────────────────────┘
A very good advise before trying out new software on your PC is
making a backup. This is especially true for software like
Dircrypt, which makes direct manipulations to your disk
structures. Dircrypt is working fine on a lot of computers, but
naturally Dircrypt has not been tested on all possible
configurations. So if you are first trying Dircrypt, then try it
on a disk with no important data on it, or make a backup!
┌────────────────────────────────────────────────────────────────┐
│ 2.4 Users of previous dircrypt versions │
└────────────────────────────────────────────────────────────────┘
Dircrypt Version 2 is not able to decrypt data protected with
Dircrypt Version 1. To decrypt this data please use the older
version of Dircrypt. This is the consequence of the new features
of Dircrypt 2, for example encryption of files or directories in
subdirectories.
┌────────────────────────────────────────────────────────────────┐
│ 2.5 Shareware │
└────────────────────────────────────────────────────────────────┘
Dircrypt is distributed as Shareware, which means you may try out
if Dircrypt fits your needs, but if you want to use Dircrypt apart
from testing purposes you are required to buy the program.
Dircrypt costs 30 DM (inside germany) or 30 US$ for non-commercial
private use, and 50 DM (inside germany) or 40 US$ for use in a
commercial environment.
Read SHAREWAR.TXT for further informations on the Shareware
principle.
If you decide to buy Dircrypt please print out the registerform in
ORDER.DOC, complete it and send it to one of the addresses shown
in ORDER.DOC. In this file you will also find further information
on registering (where and how).
┌────────────────────────────────────────────────────────────────┐
│ 2.6 Contact to the author │
└────────────────────────────────────────────────────────────────┘
Please direct any orders and complaints about missing files or
non-working copies as well as all communication in languages
except english or german to our national registration sites. Our
national registration sites are answering normal support questions
as well.
FIDONET: 2:2457/315.3
e-mail : th@citybox.fido.de
CIS : 100753,1266
Timo Hartmann, Oststr. 38, 57074 Siegen, Germany
┌────────────────────────────────────────────────────────────────┐
│ │
│ │
│ CHAPTER III - USING DIRCRYPT │
│ │
│ │
└────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────┐
│ 3.1 Keyboard │
└────────────────────────────────────────────────────────────────┘
Key commands will be enclosed in < >, for example <Alt>. This
means you are asked to press the Alt-Key, do not press < or >.
<Alt>-<M> means press the Alt-Key and M while holding Alt. Well,
just as usual.
┌────────────────────────────────────────────────────────────────┐
│ 3.2 General │
└────────────────────────────────────────────────────────────────┘
Dircrypt features a SAA desktop. Since this is a standard
interface you should be familiar with its operation. Hit <F10> to
activate the menubar, <F1> for online help, <TAB> to move in
dialog windows.
┌────────────────────────────────────────────────────────────────┐
│ │
│ │
│ CHAPTER IV - WORKING WITH DIRCRYPT │
│ │
│ │
└────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────┐
│ 4.1 Encryption │
└────────────────────────────────────────────────────────────────┘
Before encryption you must choose the desired drive, so press <F2>
or select the menu item "Drive/Change drive" for this purpose.
Then select "Drive/Encryption" or hit <F3> for encryption. You
will be presented with a dialog window containing two listboxes,
of which the left box shows all files and directories in the
selected drives root directory at first. You can select files or
directories to encrypt by clicking with the mouse or pressing
space on the desired filename. The selected file or directory will
be marked and will also appear in the right listbox, which shows
all of the to be encrypted files. To select files in
subdirectories just move the selection bar to a directory name and
press enter to change to this directory. You can change between
the two listboxes by using cursor left and cursor right. When in
the right listbox you can unselect files by pressing space, and
you can toggle encryption level by hitting "M". Encryption level 2
is a lot slower than normal encryption, so just use it when really
neccessary. You can change encryption level for all files at once
be pressing <Alt>-<M>. Please read paragraph 4.1.1 for further
information on encryption levels.
After you have selected all entries you wish to encrypt, press the
"Start" button. Dircrypt will ask you for a password, and encrypt
the selected files and directories. You can decrypt by choosing
the menu item "Drive/Decrypt".
For safety reasons your password input will be shown as X for
every char. Please note that uppercase and lowercase are NOT
treated the same, and special chars like space are also allowed.
By the way, the longer the password, the better the security (a 2
chars password could be guessed easily). For this reason the
supplied password must be at least 5 chars long.
Now Dircrypt will start encryption, with normal encryption level
this will be extremely fast, for example 5 seconds for 1,44 MB in
10 files on a floppy! disk. Harddrive encryption will be much
faster, for example less than 5 seconds for 40 megabytes.
┌──────────────────────────┐
│ 4.1.1 Encryption level 2 │
└──────────────────────────┘
There are two levels of encryption, "normal" and "level 2". How
these levels are set is described in paragraph 4.1 above.
At encryption level "normal" the filedata itself is not encrypted,
only the directory entries and internal DOS structures (like FAT)
are manipulated to show no more signs of an encrypted file. This
means that no access to the file is possible anymore, the file has
disappeared. But the filedata naturally is still on the disk,
spread in single data blocks (clusters). If you encrypt plain
textfiles, it is theoretically possible to use a diskeditor,
search the disk for fragments of a textfile and read them. This
needs time and is not easy, but it can be done. If your textfiles
contain really sensible data you better use "level 2" encryption,
which means each file will be encrypted seperately. But be aware
that in order to do this Dircrypt completely reads each file and
writes it back to disk. This is a lot slower than "normal"
encryption level, in fact it is just as slow as any other
encryption software. The needed time is mainly determined by disk
read and write time, and you know that for example reading 50
megabytes and writing them again takes its time even on a fast
harddisk.
So use "level 2" only if really neccessary, in other cases use
normal encryption.
┌────────────────────────────────────────────────────────────────┐
│ 4.2 Decryption │
└────────────────────────────────────────────────────────────────┘
Hit <F4> or select "Drive/Decrypt" for decryption. Dircrypt will
ask you for a password and check if there is any data on the
current disk encrypted with the supplied password. If there is
more than one group of data Dircrypt will ask you which one to
decrypt.
┌────────────────────────────────────────────────────────────────┐
│ 4.3 Automation of encryption and decryption │
└────────────────────────────────────────────────────────────────┘
┌────────────────────────────┐
│ 4.3.1 Create EXE-loader │
└────────────────────────────┘
In most cases you don't need to encrypt different directories or
files each time, but you have your applications or data which you
would like to be protected. Therefore it is annoying to select the
same files again and again each time you want to encrypt them.
By using the menu item "Create EXE-loader" you can create an EXE-
file which does the following: decrypt your data after asking you
for the right password, call your application, and encrypt your
data again after your application has terminated.
For example if you have a directory named C:\BUSINESS and an
application FINANCE.EXE in it which you like to protect from
unauthorized access.
This feature lets you create a loader, for example C:\F.EXE.
F.EXE will manage decryption and encryption automatically. If you
call F.EXE it will decrypt your directory C:\BUSINESS, call
C:\BUSINESS\FINANCE.EXE, and after you quit FINANCE.EXE encrypt
C:\BUSINESS again. Your data will be securely protected, and only
the right password will give access, but you are able to work with
your program as usual. The only additional work is typing in the
password for decryption (encryption does not need the password
to be typed in again).
Another example, with complete information on the dialog window:
At "commandline" type in the complete commandline for calling your
program, for example "C:\DATA\MYPROG.EXE". Append commandline
parameters if necessary. At "workdir" type in the directory from
which the program will be called, for example "C:\DATA".
At "Loader EXE-filename" type in the name of the new EXE-file
which is to be created. Later you can call this EXE-file for
encryption, execution of your program, and decryption (no need to
call Dircrypt yourself anymore). Obviously this EXE-file should
not be located in a directory which will be encrypted, because you
call it to decrypt your data. Example: "C:\MYPROG.EXE".
Use the "search" buttons for easy selection of filenames and
directories. After all input has been made select "Ok". Dircrypt
will ask you for the files and directories you want to encrypt,
encrypt them and create the new loader executable. If you want to
use your encrypted program the next time just call this loader
instead of your (encrypted) program, and all you need to do is
type in the right password. Decryption, starting your program, and
encryption after your program has terminated will be handled
automatically.
┌──────────────────────────────────────────┐
│ 4.3.2 Commandline-Parameters, Batchfiles │
└──────────────────────────────────────────┘
Dircrypt can be operated by commandline, which lets you do the
same like the EXE-loader does for you. You can create batchfiles
to automatically handle encryption and decryption. I recommend
using a EXE-loader instead (read 4.3.1). Commandline parameters
are supported only for compatibility reason with version 1 of
Dircrypt.
The following parameters are available:
DIRCRYPT Drive:
──────────────────
Examples: DIRCRYPT C: , DIRCRYPT F:
This just means the given drive is set as default when calling
dircrypt.
Parameters /E (Encryption) and /D (Decryption):
─────────────────────────────────────────────────────────
You can use this parameters to avoid using the menudriven
interface of Dircrypt, so you just need to type in the password
for decryption and that's it. Encryption can even be made
completely without user input.
How this works:
If you decrypt files or directories by using "DIRCRYPT Drive: /D"
Dircrypt will ask for the password immediately, decrypt your data,
and exit. The only keys you need to press are those for password
input. In order to make encryption just as easy to use as
decryption Dircrypt saves the names of the decrypted files and the
used password in a temporary file named DCDATA*.DIR (which is
encrypted of course, so your password can not be read). If you
call "DIRCRYPT Drive: /E" after having worked with your decrypted
data, Dircrypt will use the saved information to re-encrypt your
data without any user input. Just wait a few seconds, and your
data will be protected again.
Example:
Lets say Dircrypt is installed in C:\DIRCRYPT, and D:\TEXT
contains private data you want to be protected.
The first time you encrypt this directory as usual from within
Dircrypt (select drive, select files, encrypt). The next time you
want to use your data just call "DIRCRYPT D: /D". Dircrypt will
ask for the password and decrypt D:\TEXT. Now you can work with
your data. After you have finished work just call "DIRCRYPT D: /E"
to encrypt your data again. You don't need to supply the password
again, or select the directory D:\TEXT, everything is done
automatically.
In order to make this all just more easy and convenient you can
use batch files, for example
TEXT.BAT: C:\DIRCRYPT\DIRCRYPT.EXE D: /D
D:\TEXT\MYPROG.EXE
C:\DIRCRYPT\DIRCRYPT.EXE D: /E
You will find further information on batch files in your DOS
manual.
You can even create batchfiles like LOGIN.BAT and LOGOFF.BAT which
can be used to decrypt your data at the begin of a PC session, and
encrypt your data before switching off the PC.
Commandline parameters /E?? and /D??:
─────────────────────────────────────
These parameters work just like /E and /D, only that they can be
used if you want to manage more than one group of files with
commandline parameters. Dircrypt stores the information for
commandline encryption in DCDATA.DIR. If you use /E?? or /D??
Dircrypt will use the file DCDATA??.DIR, e.g. /D01 will create
DCDATA01.DIR, and this file will not collide with /D99, which will
create /D99.
┌────────────────────────────────────────────────────────────────┐
│ 4.4 Masterpassword │
└────────────────────────────────────────────────────────────────┘
The masterpassword can be set with "Setup\Masterpassword".
This password serves three purposes: first it protects the current
dialog window, so unauthorized users can not make any changes to
the settings, second it serves as a programpassword, if the option
"programpassword" is activated, and third it can be used for
decrypting files which have been encrypted with the option
"masterpassword" activated.
The option "masterpassword active" serves as a backdoor for
decrypting files without knowing the used password. If this files
have been encrypted with the option set, the masterpassword can be
used for decryption by choosing the menu item "Drive/Master-
decrypt". This feature is especially useful if you want other
persons to be able to protect their data from each other on your
PC, but you want complete access to all data in case of need.
┌────────────────────────────────────────────────────────────────┐
│ 4.5 Programpassword │
└────────────────────────────────────────────────────────────────┘
The option "programpassword active" is for protecting the
execution of Dircrypt itself. If activated the right password must
be supplied at startup of Dircrypt, otherwise Dircrypt will not
work. This way no one can even try to use Dircrypt if he does not
know the programpassword. To set the programpassword press the
button "programmpassword". Please note that apart from the
programpassword the masterpassword can also be used to get access
to Dircrypt. Use the masterpassword if you want access to this
dialog and to the menu item "master-decryption". If you log in
with the programpassword and not with the masterpassword you have
no access to this features.
If you activate the option "programpassword as only password"
Dircrypt will always use the programpassword for encryption and
decryption. This is useful if you are always using the same
password, this way you just have to supply the password once at
program startup, and afterwards Dircrypt will automatically use
this password and not ask before each encryption or decryption.
┌────────────────────────────────────────────────────────────────┐
│ 4.6 Dircrypt with more than one user │
└────────────────────────────────────────────────────────────────┘
Dircrypt allows multiple protected areas (groups of files ) on one
disk, with the same or different passwords. This is especially
useful on PCs with two or more users, who like to protect their
private data from each other. See the paragraphs on
"Masterpassword" and "Programpassword" for information on useful
features concerning muli-user dircrypt.
┌────────────────────────────────────────────────────────────────┐
│ 4.7 Logfile DC-LOG.LOG │
└────────────────────────────────────────────────────────────────┘
The file DC-LOG.LOG is for logging failed decryptions because of
wrong passwords. You can delete this file if it gets to big.
┌────────────────────────────────────────────────────────────────┐
│ 4.8 Menu item "Drive-setup" │
└────────────────────────────────────────────────────────────────┘
This is for creating a DCDATA.DIR file. See paragraph 4.3.2 for
further information on this file. This works just the same as
normal encryption, only that you hit the "Save"-Button when done,
and the selected files will not be encrypted immediately but saved
for encryption with commandline parameters.
┌────────────────────────────────────────────────────────────────┐
│ 4.9 Menu item "Rebuild datafile" │
└────────────────────────────────────────────────────────────────┘
DIRCRYPT saves information about an encryption in a file named
DCDATA*.DAT. This file is needed for decryption, without this file
decryption is impossible. This file is made writeprotected and
hidden to prevent it from being deleted by mistake. But it is
still possible to delete the file, for example with certain
filemanagers. If this has happened you can rebuild the datafile.
This is only possible if you know the right password and the
option "datafile duplicate save" has been activated on encryption.
Rebuilding is only possible if there are no other encrypted areas
on the disk, so decrypt all files on the disk before trying to
rebuild a datafile. After rebuilding a datafile you can decrypt
the data as usual.
┌────────────────────────────────────────────────────────────────┐
│ 4.10 Menu item "Sessionpassword" │
└────────────────────────────────────────────────────────────────┘
At this point you may set a default password for encryption. This
is useful if you want to encrypt several groups of files with the
same password. If a session password is set you don't have to
enter the password for each encryption, instead Dircrypt will use
the sessionpassword. A sessionpassword is only valid for the
current run of dircrypt, if you exit Dircrypt the sessionpassword
will not be saved. In addition the sessionpassword is only
functional for encryption, not for decryption. You can deactivate
a sessionpassword by choosing the menuitem "Delete session
password".
┌────────────────────────────────────────────────────────────────┐
│ 4.11 Option "Datafile duplicate save" │
└────────────────────────────────────────────────────────────────┘
DIRCRYPT saves information about an encryption in a file named
DCDATA*.DAT. This file is needed for decryption, without this file
decryption is impossible. This file is made writeprotected and
hidden to prevent it from being deleted by mistake. But it is
still possible to delete the file, for example with certain
filemanagers. If you think the DCDATA*.DAT file may get deleted by
mistake you can activate this option. In response Dircrypt will
make a copy of the datafile when encrypting. This copy is not a
file, but it is placed in sectors marked as bad, so it can not be
deleted or destroyed unintentionally. If the first DCDATA-file is
lost, Dircrypt is able to reconstruct the file using this copy.
For this choose the menu item "Rebuild datafile".
There is a drawback when activating duplicate save: the diskspace
needed for the datafile is doubled because of the copy (which is
not much of course, just a few KB), and encryption may take
(insignificantly) more time.
You may only recover a datafile if you know the right password.
┌────────────────────────────────────────────────────────────────┐
│ 4.12 Option "Progress log" │
└────────────────────────────────────────────────────────────────┘
Use this to protect Dircrypt against power blackout or switching
off the PC by mistake. If activated you can restart Dircrypt and
Dircrypt will continue the interrupted encryption or decryption.
Progress-log can only be used when encryption or decryption is not
taking place on the same drive where DIRCRYPT.EXE resides. Major
drawback: encryption and decryption will be noticable slower. Note
that this option is not a guarenteed protection against loss of
data when the computer is switched off during operation of
Dircrypt. So MAKE BACKUPS to be on the safe side.
By the way, I myself don't use this option because I want real
fast encryption and decryption, and I have backups.
┌────────────────────────────────────────────────────────────────┐
│ │
│ │
│ Chapter V - Compatibility and problem solutions │
│ │
│ │
└────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────┐
│ 5.1 Dircrypt and Windows 3.x │
└────────────────────────────────────────────────────────────────┘
You may use Dircrypt under Windows 3.x if you watch out for the
following: Since Dircrypt manipulates directory entries and other
disk structures there should be no other program running in the
background which writes to the same disk as Dircrypt. You can be
sure of this by executing Dircrypt "exclusively" under Windows and
not changing the task while Dircrypt is working. Read your Windows
manual for further information.
Never encrypt the Windows directory or system files like the
swapfile when Windows is currently running. This would lead to
errors in Windows.
32-Bit-Access
─────────────
On some systems Dircrypt does not work properly under Windows 3.x
if 32-Bit-Access is activated. If you have it activated and you
get the message "Interrupt 26 blocked to preserve volume
integrity" from Windows when running Dircrypt then you must
disable 32-Bit-Access in order to use Dircrypt under Windows 3.x.
┌────────────────────────────────────────────────────────────────┐
│ 5.2 Dircrypt and Windows 95 │
└────────────────────────────────────────────────────────────────┘
Dircrypt is compatible with Windows 95 and the long filenames.
These long filenames can be encrypted and decrypted. Since Windows
95 supports drive locking there should be no problem with other
applications running in the background, because Dircrypt will lock
a drive before encrypting or decrypting.
Never encrypt the Windows 95 directory or system files like the
swapfile WIN386.SWP when Windows 95 is currently running. This
would lead to errors in Windows 95.
┌────────────────────────────────────────────────────────────────┐
│ 5.3 Dircrypt and OS/2 │
└────────────────────────────────────────────────────────────────┘
As far as I know OS/2 does not support the direct manipulation
Dircrypt does on the harddisk. For this reason you will just get
an error message when using Dircrypt under OS/2.
Maybe it is possible to use Dircrypt under OS/2, but since I do
not use OS/2 I am not sure how to do this.
┌────────────────────────────────────────────────────────────────┐
│ 5.4 Dircrypt and disk doubler / disk compression │
└────────────────────────────────────────────────────────────────┘
This paragraph is on Dircrypt and programs like Stacker, Double
Disk or Double Density, programs which compress a whole partition
"on the fly". Dircrypt is tested with the disk compression
programs delivered with MSDOS 6.0 and 6.2. Other disk compression
programs are not tested and very probably will not work with
Dircrypt, since Dircrypt accesses DOS-internal disk structures
which do not exist on most compressed drives. If you want to try
Dircrypt on a compressed drive which is not made by MSDOS-DBLSPACE
or DRVSPACE be sure to make a backup of the entire drive first.
┌────────────────────────────────────────────────────────────────┐
│ 5.5 Can't remember password ! What now ? │
└────────────────────────────────────────────────────────────────┘
If you can not remember your password (please note that uppercase
and lowercase are distinguished) there is no way to get access to
the encrypted data if you didn't have the "Masterpassword" option
actived on encryption.
Even I as the author of Dircrypt can not get access to your data,
there is no backdoor in Dircrypt. So better remember your
password.
If you want to delete the encrypted data because you can not
remember the password use DCUNMARK.EXE (see paragraph 5.6).
┌────────────────────────────────────────────────────────────────┐
│ 5.6 Datafile DCDATA*.DAT deleted ! - What now ? │
└────────────────────────────────────────────────────────────────┘
Very bad. If you had the option "datafile duplicate save"
activated on encryption you can rebuild the datafile by choosing
"Tools/Rebuild datafile". If this option was not activated you may
try an UNDELETE utility. If this does not work your data is lost.
To free the bad-marked clusters read paragraph 5.6.
┌────────────────────────────────────────────────────────────────┐
│ 5.7 Free "bad" cluster │
└────────────────────────────────────────────────────────────────┘
If you want to free the clusters/sectors Dircrypt has marked as
bad you can use DCUNMARK.EXE. This program will delete the "BAD"
flag on all simulated bad sectors. This means that all encrypted
data is lost (not decrypted), so decrypt all files that you can
before using DCUNMARK. Again: ALL!! ENCRYPTED DATA ON THE SELECTED
DISK IS LOST WHEN USING DCUNMARK.EXE.
┌────────────────────────────────────────────────────────────────┐
│ 5.8 Error messages │
└────────────────────────────────────────────────────────────────┘
"Drive could not be locked"
───────────────────────────
This error occurs under Windows 95 when Dircrypt can not get
exclusive access to the drive. Windows 95 allows direct disk
manipulation only after locking the drive. Check if other active
programs have exclusive access (i.e. locked) the drive (e.g.
Defrag, Scandisk, ...). Close these programs and try again.
"Wrong filesystem"
──────────────────
Dircrypt works only on MSDOS-based filesystems which have a FAT.
You can not use Dircrypt an other filesystems, e.g. CDROMs or
NTFS-drives (Windows NT).
"Long filenames not supported"
──────────────────────────────
This error occurs when trying to decrypt files or directories
which have been encrypted under Windows 95, and when Windows 95 is
not running at the moment. Some of the encrypted files use the
long filenames available under Windows 95, but the current
operating system (e.g. DOS 6.xx) does not support this long names.
If you continue to decrypt the long filenames will be lost, and
the files will only have their short names (8 chars, 3 chars
suffix). Win95-programs may not be able to find this files anymore
because their long name is no longer available. It is recommended
that you cancel the operation, start Windows 95 and restart
Dircrypt.
"Error in FAT"
───────────────────
This error occurs when the disk structures (i.e. the FAT) on the
disk does not fit to Dircrypt's expectations. Use CHKDSK or
SCANDISK on the disk. This error may also occure if Dircrypt is
used on disk compressed with a not compatible compression program.
"Error reading cluster"
───────────────────────────────
This means a Dircrypt was not able to read a certain cluster (a
cluster is a data block on a disk). Check if the disk is inserted
correctly.
"Error writing cluster"
───────────────────────────────────
Check if the disk is write protected. If not read the previous
paragraph.
"Error reading bootsector"
───────────────────────────────────
Maybe the disk is not inserted properly, unformatted or damaged.
This error also occurrs when you try to use Dircrypt on a network
drive. Dircrypt can only be used on drives which are physically
present at the used PC.
"Not enough diskspace for datafile"
──────────────────────────────────
When protecting data on a disk Dircrypt needs a few kilobyte
(usually around 2 or 3 KB) of free diskspace in order to save its
datafile. The actual size of the datafile depends on the amount of
files which are protected. If this error occurs there was not
enough diskspace and Dircrypt will save the datafile on another
drive and decrypt the data immediately. To solve this problem you
should delete or move a file from the disk to free diskspace.
"Error writing datafile"
────────────────────────
Dircrypt was not able to create or write the hidden datafile to
disk. Check if the disk is inserted properly and if it is not
write-protected. In case of this error Dircrypt will save the
datafile to another drive and decrypt the just encrypted files
immediately, so no data is lost.
"Error writing to root directory"
─────────────────────────────────
This is a critical error, perhaps your disk is damaged. Check your
disk with a utility like CHKDSK or SCANDISK.
"Error writing FAT"
───────────────────
The FAT sector seems to be damaged. In most cases such a disk can
not be repaired, but you may try certain disk-utilities.
"Not enough memory"
───────────────────
There is not enough base memory to run Dircrypt. Exit Dircrypt and
try to free more memory.
"Error reading bootsector"
──────────────────────────
Check if the disk is inserted properly. Maybe the disk is damaged,
please check this with a proper disk-utility like CHKDSK or
SCANDISK.
"Error reading root directory"
──────────────────────────────
read previous paragraph
"Error reading FAT"
───────────────────
read previous paragraph
"Wrong datafile"
────────────────
The datafile is not as expected, maybe it is a wrong file or the
file has been manipulated. Decryption is only possible with a
correct datafile.
"No free entry in root directory"
─────────────────────────────────
The root directory of a disk can only hold a limited number of
files. If the maximum number is reached new files can only be
created in subdirectories. Please move or delete some files from
the root directory to create free space.
If you are not able to solve a problem do not hesitate to write me
via e-mail, my address can be found in paragraph 2.5.
But please note that I can not help you remembering a lost
password, there is absolutely no backdoor in Dircrypt, I can not
decrypt your data if you forgot your password.
┌────────────────────────────────────────────────────────────────┐
│ │
│ │
│ CHAPTER VI │
│ │
│ │
└────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────┐
│ 6.1 Thoughts on security │
└────────────────────────────────────────────────────────────────┘
I have been asked a few times how secure Dircrypt really is. So
lets have a look at the way Dircrypt works. Dircrypt is so fast
because it does not encrypt each byte in a file, but it encrypts
the diskstructures needed by DOS to get access to the file. This
means the data of the file is still there, but to just look at
them you would need to use a diskeditor and search the whole disk.
Not a very nice task to do, and if you do not know exactly what
kind of data you are looking for it is not very easy to find and
identify the data. A different case is when protecting plain
ASCII-Files, which can be identified easily when someone really
searches a whole disk with a diskeditor. Because of this Dircrypt
offers the encrypt-level 2 (read paragraph 4.1.1), which encrypts
the file itself. Obviously Dircrypt will work much slower on this
file, in fact just as slow as any other typical encryption
program. This is because the whole file must be read, encrypted
and written back to disk.
I think level 1 encryption (the default fast way) is enough in
most cases, since it reliably prevents access to the protected
files.
┌────────────────────────────────────────────────────────────────┐
│ 6.2 Errorlevel │
└────────────────────────────────────────────────────────────────┘
These are the errorlevels of Dircrypt. They are only of use to you
if you run Dircrypt from within Batchfiles.
0 = everything Ok
1 = Decryption failed
2 = Encryption failed
100 = Input of password was canceled by user
200 = wrong programpassword
253 = Selfcheck failed
254 = not enough memory
For general information on batch files and errorlevels read your
DOS manual.
┌────────────────────────────────────────────────────────────────┐
│ 6.3 Credits │
└────────────────────────────────────────────────────────────────┘
Max Maischein, Author of SFECACHE.PAS
( Public Domain TPascal-Unit )