What is Volume Encryption

The chapter explains why BestCrypt Volume Encryption (a line in BestCrypt family of encryption software products) has got Volume Encryption name. Many people may think that Volume Encryption is the same as Partition Encryption or even Whole Disk Encryption. Sometimes it is really so, but not always, and it is worth to learn about the difference.

The idea of Whole Disk Encryption software is rather simple. Such software works with physical hard drive and is intended to encrypt all the sectors on the hard drive. In real life software usually does not encrypt first sectors (usually 63 sectors) reserved for future use (the latest versions of Windows can use these sectors). Whole Disk Encryption software encrypts every hard drive on computer independently, often with different encryption keys.

Whole Disk Encryption
Figure 1. Whole Disk Encryption

Partition Encryption software usually works on basic disks. It is a more flexible way of encrypting data, because it allows the user to open (enter password and get access to) different encrypted partitions independently. Note that if a partition occupies the whole hard drive (as partition C: on the Figure 2 below), Partition Encryption works for the user as Whole Disk Encryption.

Partition Encryption
Figure 2. Partition Encryption

Since Windows NT time, the Windows operating system allows the user to create multi-partition volumes. Windows can combine several partitions (even stored on different physical hard drives) into a large single "partition" called Volume. It is a significant step forward, at least because such volumes allow the user to:

We call encryption software working with volumes Volume Encryption software. Note that if Volume Encryption software encrypts a volume consisting of a single partition, for the user it will give the same result as Partition Encryption software. If a single partition occupies the whole hard drive, Volume Encryption will be equal both to Whole Disk Encryption and Partition Encryption. Encrypting of basic partition C: on Figure 3 below illustrates that.

Volume Encryption
Figure 3. Volume Encryption

What kind of encryption is better? Partition Encryption software usually works on basic partitions. If so, it will not be able to recognize and work with dynamic disks where spanned, RAID-5 or other types of volumes reside.

With Whole Disk Encryption software the user can separately encrypt all the hard disks where volumes are stored (like HDD2, HDD3 and HDD4 on the picture above). But every time the user administrates the hard drives, he/she should always keep in mind what hard drives must be opened to get some volume accessible. If some hard drive is not opened (i.e. password not entered and transparent decrypting not started), the filesystem structure of the volume can be damaged, since Windows may notice that one part of the volume is consistent, but another one contains garbage, hence, fixing is required.

Volume Encryption software works with volume as with a single portion of data. Volume is always in one of the two definite states: if password is not entered, the whole volume is not accessible. If the user enters the proper password and opens the volume, all its parts, even stored on different hard drives, become accessible. In our opinion, working with volumes is more native both for the user and computer, because it is a volume that stores a complete filesystem structure and a complete tree of the user's files. As in the modern world single volume stores data scattered on a number of physical disks, it is more convenient and safe to manage a volume, rather than work with every physical drive separately.