Using BestCrypt Volume Encryption

The chapter explains the main steps in using BestCrypt Volume Encryption and provides referencies to corresponding articles explaining them in detail.

Main purpose of the software is to make a volume permanently encrypted so that unauthorized persons could not access any information on the volume. The volume is protected by a password and optionally by hardware SafeNet (former Aladdin) eToken device.

The user can move encryption key to regular removable disk. It is also possible to move key of system/boot volume to remote server if the computer is configured to run boot process from the server.

If the user enters an appropriate password, BestCrypt Volume Encryption mounts the volume and starts transparently decrypting the data when reading from the volume. When the user decides to disable any access to the volume, he/she runs the dismount command. BestCrypt Volume Encryption forgets encryption key for the volume and stops transparent decrypting data stored on the volume.

It is recommended to use several rescue commands to backup information about encrypted volumes. BestCrypt Volume Encryption creates so-called Rescue File with information about encrypted volumes. It would be wise to backup the file to some safe place, for example to removable disk, and use it to decrypt volume if some accidental damage occurs. Information inside Rescue File is encrypted exactly in the same way as on volumes, so there is no risk that someone who does not know the proper password can use the file.

If you encrypt Windows System/Boot volume, it is recommended also to create Rescue Bootable CD, USB or Floppy Disk. If the volume where Windows boots from becomes damaged, you will be able to boot computer using the Bootable Disk. Special recovering program will start from the disk and ask your confirmation to run decrypting process for the System/Boot volume(s).

BestCrypt Volume Encryption supports hardware SafeNet eToken devices to store encryption keys. If you use eToken to store key for some encrypted volume and lose the eToken, you will not be able to access the volume. So it is recommended to backup the key to another eToken and keep it in a safe place. Managing Keys on Hardware Token article explains the backup process in detail.

If you have encrypted System/Boot volume, BestCrypt Volume Encryption software allows customizing password-prompt text appeared when you boot computer. Changing standard Enter password > text has a sense, for example, if you do not want to show everyone who may turn on your computer what program requires the password. It is also possible to hide star characters (*) reflecting password typing. You can easily make your computer showing your own fun text to surprise your family or emulate hanging boot process, or make the computer showing some standard text of an error in operating system at earlier boot up process time.

Although BestCrypt Volume Encryption does not require knowledge of physical location of volume on hard disks, the program has several commands allowing the user to view and even save and restore contents of physical disk sectors. The sectors can be viewed both in encrypted and decrypted states. The commands can be useful for deeper investigating of the software, as well advanced users may find it interesting to look at low-level contents of filesystem tables and other system data.

See also: