Basic Concepts

This chapter gives a quick overview of all the major components of the BestCrypt data encryption system and provides an introduction to a few basic concepts that are used throughout the rest of this guide.

BestCrypt Component Overview

To achieve its goals in providing the best in data protection, BestCrypt utilizes four major components:

1. Control Panel. This is the main BestCrypt user interaction application. It allows you to create and manage your container files and perform a number of operations on them.
2. Resident Agent. This component starts with your computer and exists in the background. Its main tasks are to monitor the appearance of BestCrypt virtual devices and provide a system-wide hotkey to eject them. It also takes care of containers configured to be mounted on user logon.
3. Finder Service. This component integrates with Finder to publish services for container files. Using it, you can display container file properties and mount them directly from the Finder window.
4. Virtual Encrypted Disk Driver. This component provides an emulation of a virtual removable disk mounted from the container file. This is the place where all data written to the disk is encrypted and everything read from the disk is decrypted.

In the following section, we will take a closer look at each of these components.

Control Panel

Control Panel is the main BestCrypt command and control application. Virtually any function supported by BestCrypt is available through its functions and dialogs, which include:

• Creating new container files and locating existing ones
• Mounting and ejecting containers
• Displaying container information and configuring container preferences
• Managing container passwords
• Creating and restoring container key data backups and mounting containers using these backups
• Providing advanced functionality, such as encrypting and decrypting container headers and creating hidden parts
• Setting BestCrypt system preferences

Control Panel provides a wide variety of functions, all of which are fully explained in the BestCrypt Control Panel section.

To launch the Control Panel, find BestCrypt in your "/Applications" folder and double click.

Resident Agent

Resident Agent is a specific BestCrypt component that runs in the background when your computer is working. You can locate its taskbar item to access its functions:

When a computer boots up, Resident Agent's first task is to check what containers you specified to be mounted upon your logging on and then to display a mounting dialog for each of them. You can also see its task bar item menu on the screenshot above. This menu displays a list of known and currently mounted containers. You can use this menu to quickly mount and eject containers by simply clicking on the associated item. It also allows you to quickly eject all currently mounted containers by either clicking Eject All or using a system-wide hotkey.

Finder Service

BestCrypt provides its Finder Service to integrate common container functions directly into your workflow:

Double-clicking on any BestCrypt container file from a Finder window will mount that container or open its content if it is already mounted. The item in the Finder context menu called Open With > BestCrypt (default) has the same functionality.

Container File

The main unit all BestCrypt components operate on is called the BestCrypt Container File. True to its name, it represents a file on your system with a specific default .jbc extension and the icon shown below:

This file contains all encrypted data stored on the virtual disk contained within it. Each container file stores at least one main virtual disk and can also store a number of additional hidden disks. You can imagine a container file as a collection of encrypted disk images with all data required to verify passwords and perform all other operations.

A BestCrypt container file has a well-known format that exists in a variety of versions and is described in more detail in Appendix B, BestCrypt Container File Structure. Of course, you don't need to know all the details of container file structure to fully and easily use BestCrypt. For purposes of this general introduction, it is sufficient to simply say that container file consists of two main parts:

1. A service header, and
2. Encrypted disk(s) data.

BestCrypt provides a number of operations that deal specifically with a container file's service header, including backing up key data and header encryption. These operations are explained in more details in other sections of this guide.

Some versions of the container file format are declared deprecated and can't support newer functionality. Of course, by default, only the latest format is used when creating new containers.

For help with creating new container files, refer to Creating a New Container.

Virtual Encrypted Disk

Encrypted data stored inside a container file can be mounted with the correct password and accessed from a virtual encrypted disk. This disk emulates an ordinary removable device (like a thumb drive) with the exception that all files written to it will be stored encrypted in the container file this disk was mounted from. When reading existing files from the disk, all data will be read from its container file and decrypted.

Every single application -- be it Finder, a text editor or even Terminal -- will work with virtual encrypted disks as usual. All encryption and decryption is performed transparently for every single bit of data located on each encrypted disk. This allows BestCrypt to easily and seamlessly integrate into your day-to-day workflow, while you simultaneously get automatic and transparent data protection.

Mounting and Ejecting Containers

Mounting a Container

The process of decoding a virtual encrypted disk from container file is called mounting. There are several ways to mount a BestCrypt container:

• Clicking Mount in the Control Panel
• Clicking on the container in the resident menu
• Double-clicking the container file in finder
• Double-clicking the container file in the BestCrypt Control Panel container list
• Configuring the container to mount on logon

No matter how you've chosen to mount your container, you will be greeted with the Container Mount Dialog:

The simple view contains:

• Password field. Enter your container password in this field.

The advanced view, which you can view by clicking the small button in the bottom-left corner of the dialog, contains the following checkbox options:

• Mount for reading only (default). The mounted virtual encrypted disk will not allow any changes to it. This option is initially set as the default value. Changing the option in this dialog will only affect the current virtual disk, leaving the defaults for other containers as they are.
• Mount at specified location (default). This text string shows the path where your container will be mounted. You can change it by navigating to the directory where you want this container to be mounted now. This option is initially set to default value for this container. Changing path in this dialog only affects the current virtual disk, the default path is not changed for other containers.
• Mount with keyblock backup. If the container's keyblock is wiped, you can assign the keyblock path to be able to mount the container from keyblock backup.
• Mount with keyfiles. If you created the container with keyfiles, you can assign path(s) to keyfile(s) to mount the container.

After the container password and selecting all desired options, click Ok to verify the password and mount the container.

Mount Location

On a Mac, all your mounted disks, whether real or virtual, are attached to one big file-system hierarchy. New disks can be attached to any folder anywhere in this hierarchy as long as you are allowed to access the folder. On a Mac, there is a default folder where new disks are mounted, called /Volumes. For each new disk, a new folder is automatically created there and all the disk's contents become accessible from that folder. However, nothing stops you from mounting your new disk at any other custom location. In this case, the contents of the new disk will be accessible from this custom location and any previous contents of that location will be "hidden under" the disk contents. Once you eject the disk, previous folder contents will become visible again.

You can use this behavior to your advantage to intentionally hide previous folder contents under the contents of the BestCrypt container. One typical application of this trick is to mount a BestCrypt container right on the folder where this very container file is located. This way, the actual container file will be hidden as long as its virtual encrypted disk is mounted.

Ejecting a Container

You can eject encrypted disks the same way you would eject an ordinary flash drive: using the eject button in Finder's disk panel or the DiskUtility application. BestCrypt, however, also provides additional ways to eject mounted containers that complement standard ways described previously and add additional functionality to this process:

• The Eject button in the BestCrypt Control Panel toolbar
• The BestCrypt resident menu, located as an item on the taskbar (This option and the previous one are simply convenient shortcuts to standard removable disk ejecting mechanisms.)
• The Forced Eject button on the Control Panel toolbar (This option works the same way as removing an ordinary thumb drive physically without ejecting it in Finder. Ejecting your container this way can possibly damage any files currently opened from the disk, but it is indispensable when you need to urgently remove your mounted containers -- just like when you need to urgently remove your thumb drive.)
• The Eject All button located on the toolbar and in the Resident menu (This option will do the same as Forced Eject, but instead of ejecting a single container it will remove all currently mounted containers. This option is always active and can be activated with the system-wide hot key command-shift-delete without running Control Panel.)

See also:

Quick Start Guide
BestCrypt Control Panel