FreeOTFE logo FreeOTFE
(PDA version of documentation)

Instructions on Use

Pretty much everything in FreeOTFE works as it seems, and should be fairly self explanatory. Because FreeOTFE's interface is pretty intuitive, this section will not go into too much detail as to how everything works. For the most part, if there's anything you're not too sure of, an educated guess will most likely give you the right answer.
  • Please, do read the documentation in this file before emailing me! I know it's not much, and only really covers the basics, but...
  • Both the PDA and PC versions of FreeOTFE are fully compatible with one another.
  • From the main window, doubleclicking on a mounted drive will launch explorer on that drive. Rightclicking brings up a context menu.
  • When creating new volumes, the volume creation wizard will take you through each of the stages to creating a new volume. Some users who are unfamiliar with OTFE systems may not understand all of the options they are presented with. If you feel that you are in this position, you should probably simply accept the default values you are presented with, which will give you a volume that will be secure enough for your needs. FreeOTFE is a highly flexible system that caters for both novice and advanced users alike; many of the options that the volume creation wizard provides you with are intended for more advanced users who understand the implications of the options provided (e.g. storing a volume's CDB separately to the volume file it relates to), and how they operate.
  • If you create a hidden volume within an existing volume, be warned: mounting and adding data to the "host" volume may result in the "hidden" volume being overwritten, and its data destroyed.
  • When creating a hidden volume within an existing volume, ensure that the offset you specify is large enough such that it does not overwrite any of the system areas of that host volume (e.g. the FAT)
  • After creating a new FreeOTFE volume it is recommended that you make a backup of the volume's CDB.
    • In the case of volume files which have their CDB stored as part of the volume file, this can be achieved by selecting "Tools | Critical data block... | Backup..."
    • In the case of volume files where the CDB is stored in a separate keyfile, simply make a backup copy of this keyfile.
  • A number of FreeOTFE volume properties can be changed via the "Tools | Change volume/keyfile password/details..." menuitem. Note that volumes must be dismounted first before they can be modified in this way.
  • It should be noted that the following options:
    • CDB backup/restore/overwrite/dump
    • Password changing
    • Keyfiles
  • When mounting a volume with a keyfile, you should use the password and salt length that was used to create the keyfile - not the volume.
  • When mounting a hidden volume with a keyfile, please ensure that you enter the offset that was used when the hidden volume was created, and also check/uncheck the box indicating whether or not the hidden volume has a CDB.
  • To mount a volume using a keyfile, or a CDB which is stored separately to the volume:
    1. Select "Mount file..."/"Mount partition..." as appropriate, and select the relevant volume file/partition
    2. Enter the password to the keyfile, or CDB file (as entered when it was created/last changed)
    3. If the volume being mounted was created with its CDB stored separately, uncheck the "Data from offset includes CDB". This option should be checked if the CDB is included within the volume.
    4. For "Keyfile" specify the keyfile/separate CDB file.
    5. Enter any other mount parameters, and click "OK"

PC Version Specific

  • After creating a new volume, it must be mounted and formatted. After this, it is highly recommended that you overwrite all the free space on the drive ("Tools | Overwrite free space"...)
  • A password is not needed when backing up a volume's CDB as the backup copy is not stored in plaintext; it is a literal backup copy of a volume's (encrypted) CDB.
  • A password is needed when creating a keyfile as this requires that the volume's CDB is decrypted, before being reencrypted with the keyfile's password and written out to the keyfile.
  • An option is included to dump out a human readable version of the volume's critical data block/keyfile's contents (select "Tools | Critical data block | Dump to human readable file..."). This option is primarily intended to assist developers, and to future-proof volumes file by giving you access to the actual master encryption/decryption key used by the volume it dumps out. It should be noted that the inclusion of this option does not present a security risk as it requires that the user to enter the volume/keyfile's password immediately before it can operate (obviously, the volume/keyfile's password is needed in order to decrypt the critical data block). If an attacker has your volume/keyfile's password, clearly this option will give no further information away.
  • The FreeOTFE Driver Control dialog (select "File |  Drivers..." to see) uses the following icons to show the status of the FreeOTFE drivers currently installed:

    Column
    Icon
    Description
    Startup
    Smiley
    Driver must be started manually
    Up arrow
    Driver will be started automatically when the computer starts up
    Installation mode
    Blank icon Driver is installed normally (no icon)
    Car icon Driver is installed in portable mode (world icon)
    Status
    Green triangle
    Driver started
    Red square
    Driver stopped
  • When mounting FreeOTFE volumes, you also have the option to "mount as removable". Selecting this causes the volume to be mounted as though it was a removable drive. By mounting volumes in this way, among other things, files deleted from your volume will not be first moved to a "recycle bin" on your encrypted volume.
  • Linux encryption settings files (".les") files are straightforward text files which contain the settings entered.
  • Peter Gutmann's "cryptlib" may (optionally) be used as an RNG, provided that it has been installed correctly. This may be downloaded from http://www.cs.auckland.ac.nz/~pgut001/cryptlib/. After installation, the "cryptlib" option will no longer be greyed out on RNG selection dialogs.
  • User settings configured via the "View | Options" menu are stored within a configuration file (".ini" file) which is located in the same directory the FreeOTFE executable is launched from. User options are not stored within the registry. By storing user settings in a separate file, as opposed to the registry, FreeOTFE achieves two things:
    1. If FreeOTFE is stored on removable media (e.g. a USB pen drive (flash drive), CDROM), your settings can be stored together with FreeOTFE; there is no need to configure FreeOTFE every time you use it on a different computer - this would not be possible to do if the registry was used.
    2. Because user settings are not written to the registry, security is increased. It is trivial to overwrite a simple file if needed, but removing registry entries completely is another matter.
  • Creating an encrypted partition/disk may overwrite whatever data was stored on the partition/disk you select. Be careful!

Windows Vista Specific

User Access Control (UAC)
Windows Vista incorporates a new security system called "User Access Control" (UAC), which is there to help prevent malicious software from doing things which could be harmful to your computer.

As part of this new security system, you will find a number of FreeOTFE's menuitems are marked with a "shield" icon - specifically, those which relate to installing or changing FreeOTFE's drivers, starting/stopping portable mode, and formatting.

Whenever you attempt to use functionality which is marked with one of these icons, Windows will display a dialog (the "consent/credential" dialog), asking for your permission to allow FreeOTFE to continue. This is for your protection, and is perfectly normal. You will be shown this dialog even if you are logged on as an Administrator

Because the FreeOTFE executable does not have a digital signature that Windows recognises, Windows is unable to identify FreeOTFE and as such this dialog will state that "An unidentified program wants access to your computer". Again, this is perfectly normal; if you would like to check that your copy of FreeOTFE is an original, you may do so by checking the hashes/signatures available from the FreeOTFE WWW site.

If you are logged on as a "standard" (i.e. non-Administrator) user, the prompt you are shown will also ask for an Administrator's password. It should be emphasised that it is Windows Vista itself which is generating these prompts, and not FreeOTFE, which will have no access to the password you type in. The same type of warning dialogs will appear when you attempt to (for example) go to Window's Control Panel, select "Date and Time", and then attempting to change the computer's time or date.

If you are happy for FreeOTFE to carry out the operation you requested of it, you should select the relevant option from the consent/credential dialog to allow FreeOTFE to proceed.

You can find out more about UAC from the Microsoft WWW site.


PDA Version Specific

If you intend using your encrypted volumes with both PDAs and PCs, please ensure that you initially create and format them using the PC version to ensure that they can be read by either system. If a volume is created on a PDA, your PDA will format it in a slightly different manner (i.e. it will be include additional, unused, information at the start of the partition), which will prevent your PC from reading it correctly - even though it works correctly with a PDA. Volume files created on a PC can be used freely with both PDAs and PCs.

When mounting a volume under the PDA version, if you have more than one cypher/hash driver combination which can be used to decrypt the volume in question, the first valid combination will be used. This is unlike the PC version, which will prompt you to select which one you wish to use. If you wish the PDA version to use a specific cypher/hash driver implementation when mounting volumes, please remove all other cypher/hash drivers which implement the same cypher/hash. See FAQ relating to duplicate drivers.

To reduce the amount of storage space FreeOTFE4PDA takes up on your PDA (i.e. its installed "footprint"), please see the FAQ relating to reducing the size of the installed application