Table of contents Up Previous Next Glossary Home   Container File Format  

Current BestCrypt container file format was introduced in BestCrypt v.6. This format is supported by following products:
  • BestCrypt v.7 for Windows 95/98/ME/NT/2000/XP
  • BestCrypt v.6 for Windows 95/98/ME/NT/2000
  • BestCrypt for Linux
Note: since BestCrypt v.7.10 for Windows and BestCrypt v.1.3 for Linux initial vector generation procedure is improved in order to avoid security flaw described by Adal Chiriliuc. Thus newer containers will not be recognized by older BestCrypt versions. Actually newer containers are identified by version field of Hidden Sector and have other signature in Key Data Block.

BestCrypt container file consists of three sections:

Hidden Sector
512-byte fixed header with public information
Key Data Block
Key Generator-dependent encrypted information


Encrypted image of the
BestCrypt virtual drive


  1. Hidden Sector (first 512 bytes).

    It is used by the BestCrypt software to verify integrity and check size of the container file without opening it for access. Hidden sector does not contain any sensitive information. BestCrypt disk driver does not use the Hidden Sector data at all.

    Hidden Sector format is derived from MS-DOS/FAT Bios Parameter Block and Boot Record structures. Thus, Hidden Sector is backward-compatible with all versions of BestCrypt (including BestCrypt for DOS).

    The following C-style text shows an exact format of the Hidden Sector:

    #define HIDDEN_SECTOR_SIZE	512
    #define DESCRIPTION_SIZE	66
    #define CHECKSUM_SIZE		8
    
    typedef struct _BPB {
    	WORD	   sectSize;
    	BYTE	   sectPerCluster;
    	WORD	   reservedSectors;
    	BYTE	   NumberOfFat;
    	WORD	   maxRootDirEntry;
    	WORD	   totalSectors;
    	BYTE	   mediaDesc;
    	WORD	   sectorsPerFat;
    	WORD	   sectorsPerTrack;
    	WORD	   numberOfHeads;
    	DWORD	   hiddenSectors;
    	DWORD	   totalSectorsLong;
    } BPB; // The same as the DOS Bios Parameter Block
    
    typedef struct _BootRecord {
    	BYTE	   jmpCode[3];
    	char	   OEMid[8];
    	struct BPB bpb;
    	BYTE	   driveNo;
    	BYTE	   reserved;
    	BYTE	   extBootSign;
    	DWORD	   serialNumber;
    	char	   volumeLabel[11];
    	char	   FatType[8];
    } BootRecord; // The same as DOS Boot Record structure for FAT12 and FAT16
    
    typedef struct _HiddenSector {
    	struct BootRecord bootRecord; 
    	char       description[ DESCRIPTION_SIZE ]; // Description of the file-container
    	WORD       extent;                          // 0 (reserved for future)
    	WORD       version;                         // 0 (reserved for future)
    	BYTE       reserved[ HIDDEN_SECTOR_SIZE   -
    			     sizeof( struct BootRecord ) -
    			     DESCRIPTION_SIZE -     // sizeof(description)
    			     sizeof( WORD )   -     // sizeof(extent)
    			     sizeof( WORD )   -     // sizeof(version)
    			     sizeof( DWORD )  -     // sizeof(dwKeySize)
    			     sizeof( DWORD )  -     // sizeof(dwDataOffset)
    			     sizeof( DWORD )  -     // sizeof(fileSystemId)
    			     sizeof( DWORD )  -     // sizeof(algorithmId)
    			     sizeof( DWORD )  -     // sizeof(keyGenId)
    			     CHECKSUM_SIZE ];
    
    	DWORD      dwKeySize;    // Key Data Block size.
    	DWORD      dwDataOffset; // Encrypted Data offset from the beginning of file in bytes
    	DWORD      fileSystemId; // Driver will mark container during formating
    	DWORD      algorithmId;  // Encryption Algorithm identifier
    	DWORD      keyGenId;     // Key Generation identifier
    	char       CheckSum[ CHECKSUM_SIZE ]; // Not used in version 6 of BestCrypt
    } HiddenSector;
    
  2. Key Data Block.

    Structure of the block is defined by the Key Generator module of BestCrypt and it is completely opaque for other modules of the software. BestCrypt software modules are aware only about size of the Key Data Block.

    Knowing the size and location of the Key Data Block inside container file, the BestCrypt can read the Block from the file and pass it to the appropriate Key Generator. Getting the Block, it is a deal of the Key Generator how to use the data inside the Block. (For example, look at the KGSHA Key Generator source codes to get information about the Key Data Block structure used in the module. Other Key Generators may have their own format of the Key Data Block structure.)

    Structure of the Key Data Block is available in the KGSHA Key Generation source codes (see the KBLOCK.H file).

  3. Encrypted image of the BestCrypt virtual drive.

    When operating system sends request to read N-th sector from the virtual drive, the BestCrypt disk driver performs the following:

    • calculates offset for the sectors data inside that part of the file-container (sector size of the BestCrypt drive is 512 bytes):
      Offset = N * 512 + size of Hidden Sector + size of Key Data Block;
    • reads encrypted data from the file container using the calculated Offset;
    • calls Encryption Algorithm module to decrypt the data;
    • returns the data to the operating system.

  Table of contents Up Previous Next Glossary Home   Top