Encrypting and Decrypting Volumes

BestCrypt Volume Encryption allows the user permanently encrypt a whole volume. After encrypting volume the software transparently decrypts data from the volume when applications read the volume and transparently encrypts data when it is written to the volume.

To make some volume encrypted (D:\ for instance), select the volume in BestCrypt Volume Encryption main window. Then run the Volume->Encrypt Volume command. The following window will appear:

Encrypt Volume

Select encryption algorithm to encrypt the volume in Encryption algorithm combo box. Read more information about available algorithms in Encryption algorithms article.

Initial encrypting of disk volume runs with a speed about 30 - 60 sec/GByte. So it will require about 30 hours to encrypt 2 TByte volume. Sometimes we do not need to encrypt the whole disk volume, for example, if new hard disk is just bought. In this case the user may choose option Format the volume. Minimal initial encryption so that the program would format the volume and encrypt only just initialized filesystem data on the volume. In this case, the process will take seconds. All the data written later to the volume will be encrypted.

Potential drawback of Format the volume. Minimal initial encryption option is that part of the volume with encrypted data will appear as filled by random data, other part of the volume (unused disk space) will likely store zeros. So someone can define how much data are stored on the volume.

If the security consideration above is important and the user is going to format the volume, he/she may use option Erase whole volume. Format. Minimal initial encryption. In this case the program will write random data to the volume before formatting it. Hence, noone will be able to define whether the volume is full of encrypted data, or stores nothing inside. Such a process of initial encryption with overwriting a whole volume will be about 4 times faster than full initial encryption of volume that already stores data and must not be formatted (default Encrypt all sectors. Do not format the volume option). Note that Format... options are not available for boot/system volumes, because they store system files and cannot be formatted.

BestCrypt Volume Encryption can store encryption key for the volume you are going to encrypt on hardware SafeNet (former Aladdin) eToken USB devices. The picture above illustrates the case when support for eToken is not installed on the computer. In this case enter passphrase you are going to use for the volume to the Enter password edit box.

If support for SafeNet eToken USB devices is installed and some eToken is inserted to USB port, the following window appears:

Encrypt Volume

To use SafeNet eToken, check the Use SafeNet eToken Pro/Java to store encryption key checkbox. Then enter passphrase for the eToken to the Token password edit box.

When you finish entering passphrases click OK to encrypt the volume or Cancel to cancel volume encrypting.

To encrypt volume the software needs so-called seed data to generate random encryption key. To get random numbers for the seed, the program will display dialog window and ask the user to move mouse or press keys on keyboard randomly. The picture below illustrates the dialog window.

Seed generating

When enough random data is collected, encryption process will start automatically.

Encrypting is a time consuming operation. You can suspend the process by clicking Stop.

Encrypting process

If you do not complete volume encrypting procedure, BestCrypt Volume Encryption will remind you about not completely encrypted volume. You can continue encrypting process at any time you prefer, for example, after turning off computer and running it again after several days. To continue the process just select the volume and run the Volume->Encrypt Volume command again.