Using BestCrypt Volume Encryption
The chapter explains the main steps in using BestCrypt Volume Encryption and provides references to corresponding articles explaining them in detail.
Main purpose of the software is to make a volume permanently encrypted so that unauthorized persons could not access any information on the volume.
Users who want to encrypt the whole computer in one click, and do not need any additional functions - refer to the article Simple Interface.
The encrypted volume is protected by a password and optionally by removable hardware devices like SafeNet eToken or Yubikey device. The user can also move encryption key to regular USB removable disk.
When the user enters an appropriate password, BestCrypt Volume Encryption mounts the volume and starts transparently decrypting the data when reading from the volume. When the user decides to disable any access to the volume, he/she runs the dismount command. BestCrypt Volume Encryption forgets encryption key for the volume and stops transparent decrypting data stored on the volume.
It is recommended to use rescue commands to backup information about encrypted volumes. BestCrypt Volume Encryption creates so-called Rescue File with information about encrypted volumes. It would be wise to backup the file to some safe place, for example to removable disk, and use it to decrypt volume if some accidental damage occurs. Information inside Rescue File is encrypted exactly in the same way as on volumes, so there is no risk that someone who does not know the proper password can use the file.
If you encrypt Windows System/Boot volume, it is recommended also to create Rescue Bootable CD or USB disk. If the volume where Windows boots from becomes damaged, you will be able to boot computer using the Bootable Disk. Special recovering program will start from the disk and ask your confirmation to run decrypting process for the System/Boot volume(s).
BestCrypt Volume Encryption supports hardware removable devices (like eToken, Yubikey, USB disk) to store encryption keys. If you use such device to store key for some encrypted volume and lose the device, you will not be able to access the volume. So it is recommended to backup the key to another device and keep it in a safe place. Managing Keys on Hardware Token article explains the backup process in detail.
If you have encrypted System/Boot volume, BestCrypt Volume Encryption software allows customizing password-prompt text or graphic password-prompt interface appeared when you boot computer. Changing standard Enter password text has a sense, for example, if you do not want to show everyone who may turn on your computer what program requires the password. It is also possible to hide star characters (*) reflecting password typing. You can easily make your computer showing your own fun text to surprise your family or emulate hanging boot process, or make the computer showing some standard text of an error in operating system at earlier boot up process time.
The software provides a whole disk encryption for TCG Opal 2.0 storage devices. The disk devices have embedded hardware-based encryption and BestCrypt Volume Encryption utilizes and manages the hardware functionality. Such TCG Opal 2.0 storage devices are also known as Self-Encrypted Disks (SED). Read article Basic whole disk encryption functions for more detail.
The program includes Jetico BestCrypt DataShelter utility to protect folders from unwanted processes and users. While BestCrypt Volume Encryption encrypts sectors on the disk providing strong Data-In-Rest protection, BestCrypt DataShelter provides Data-In-Process protection. The utility allows creating a protection policy that is unique for every folder, as well as using more general policies for several folders.
Although BestCrypt Volume Encryption does not require knowledge of physical location of volume on hard disks, the program has several commands allowing the user to view and even save and restore contents of physical disk sectors. The sectors can be viewed both in encrypted and decrypted states. The commands can be useful for deeper investigating of the software, as well advanced users may find it interesting to look at low-level contents of filesystem tables and other system data.