VeraCrypt
aboutsummaryrefslogtreecommitdiff
VeraCrypt - Free Open source disk encryption with strong security for the Paranoid
VeraCrypt

Documentation >> Portable Mode

Portable Mode

VeraCrypt can run in so-called portable mode, which means that it does not have to be installed on the operating system under which it is run. However, there are two things to keep in mind:

  1. You need administrator privileges in order to be able to run VeraCrypt in portable mode (for the reasons, see the chapter Using VeraCrypt Without Administrator Privileges).
    Note: No matter what kind of software you use, as regards personal privacy in most cases, it is not safe to work with sensitive data under systems where you do not have administrator privileges, as the administrator can easily capture and copy your sensitive data, including passwords and keys.
  2. After examining the registry file, it may be possible to tell that VeraCrypt was run (and that a VeraCrypt volume was mounted) on a Windows system even if it had been run in portable mode.

Note: If that is a problem, see this question in the FAQ for a possible solution.

There are two ways to run VeraCrypt in portable mode:

  1. After you extract files from the VeraCrypt self-extracting package, you can directly run VeraCrypt.exe.

    Note: To extract files from the VeraCrypt self-extracting package, run it, and then select Extract (instead of Install) on the second page of the VeraCrypt Setup wizard.
  2. You can use the Traveler Disk Setup facility to prepare a special traveler disk and launch VeraCrypt from there.

The second option has several advantages, which are described in the following sections in this chapter.

Note: When running in ‘portable’ mode, the VeraCrypt driver is unloaded when it is no longer needed (e.g., when all instances of the main application and/or of the Volume Creation Wizard are closed and no VeraCrypt volumes are mounted). However, if you force dismount on a VeraCrypt volume when VeraCrypt runs in portable mode, or mount a writable NTFS-formatted volume on Windows Vista or later, the VeraCrypt driver may not be unloaded when you exit VeraCrypt (it will be unloaded only when you shut down or restart the system). This prevents various problems caused by a bug in Windows (for instance, it would be impossible to start VeraCrypt again as long as there are applications using the dismounted volume).

Tools -> Traveler Disk Setup

You can use this facility to prepare a special traveler disk and launch VeraCrypt from there. Note that VeraCrypt ‘traveler disk’ is not a VeraCrypt volume but an unencrypted volume. A ‘traveler disk’ contains VeraCrypt executable files and optionally the ‘autorun.inf’ script (see the section AutoRun Configuration below). After you select Tools -> Traveler Disk Setup, the Traveler Disk Setup dialog box should appear. Some of the parameters that can be set within the dialog deserve further explanation:

Include VeraCrypt Volume Creation Wizard

Check this option, if you need to create new VeraCrypt volumes using VeraCrypt run from the traveler disk you will create. Unchecking this option saves space on the traveler disk.

AutoRun Configuration (autorun.inf)

In this section, you can configure the ‘traveler disk’ to automatically start VeraCrypt or mount a specified VeraCrypt volume when the ‘traveler disk’ is inserted. This is accomplished by creating a special script file called ‘autorun.inf’ on the traveler disk. This file is automatically executed by the operating system each time the ‘traveler disk’ is inserted.

Note, however, that this feature only works for removable storage devices such as CD/DVD (Windows XP SP2, Windows Vista, or a later version of Windows is required for this feature to work on USB memory sticks) and only when it is enabled in the operating system. Depending on the operating system configuration, these auto-run and auto-mount features may work only when the traveler disk files are created on a non-writable CD/DVD-like medium (which is not a bug in VeraCrypt but a limitation of Windows).

Also note that the ‘autorun.inf’ file must be in the root directory (i.e., for example G:\, X:\, or Y:\ etc.) of an unencrypted disk in order for this feature to work.