+ <param name="Name" value="Normal Dismount vs Force Dismount ">

+ <param name="Local" value="Normal Dismount vs Force Dismount.html">

+ </OBJECT>

+ <LI> <OBJECT type="text/sitemap">

+ <param name="Name" value="Avoid Third-Party File Extensions">

+ <param name="Local" value="Avoid Third-Party File Extensions.html">

+ </OBJECT>

+ <LI> <OBJECT type="text/sitemap">

+ <param name="Name" value="Conversion Guide for Versions 1.26 and Later">

+ <param name="Local" value="Conversion_Guide_VeraCrypt_1.26_and_Later.html">

+ </OBJECT>

+ <LI> <OBJECT type="text/sitemap">

+ <param name="Name" value="BLAKE2s-256">

+ <param name="Local" value="BLAKE2s-256.html">

+ <param name="Name" value="VeraCrypt RAM Encryption">

+ <param name="Local" value="VeraCrypt RAM Encryption.html">

+ </OBJECT>

+ <LI> <OBJECT type="text/sitemap">

+ <param name="Name" value="VeraCrypt Memory Protection">

+ <param name="Local" value="VeraCrypt Memory Protection.html">

+ </OBJECT>

+ <LI> <OBJECT type="text/sitemap">

+ <LI> <OBJECT type="text/sitemap">

+ <param name="Name" value="Building VeraCrypt From Source">

+ <param name="Local" value="CompilingGuidelines.html">

+ </OBJECT>

+ <UL>

+ <LI> <OBJECT type="text/sitemap">

+ <param name="Name" value="Windows Build Guide">

+ <param name="Local" value="CompilingGuidelineWin.html">

+ </OBJECT>

+ <LI> <OBJECT type="text/sitemap">

+ <param name="Name" value="Linux Build Guide">

+ <param name="Local" value="CompilingGuidelineLinux.html">

+ </OBJECT>

+ </UL>

+Avoid Third-Party File Extensions.html

+BC_Logo_30x30.png

+BCH_Logo_30x30.png

+BLAKE2s-256.html

+CompilingGuidelineLinux.html

+CompilingGuidelines.html

+CompilingGuidelineWin.html

+Conversion_Guide_VeraCrypt_1.26_and_Later.html

+Donation_donate.gif

+Donation_donate_PLN.gif

+Donation_VeraCrypt_Bitcoin_small.png

+Donation_VeraCrypt_BitcoinCash.png

+Donation_VeraCrypt_Litecoin.png

+Donation_VeraCrypt_Monero.png

+liberapay_donate.svg

+LTC_Logo_30x30.png

+Monero_Logo_30x30.png

+paypal_30x30.png

+VeraCrypt Memory Protection.html

+VeraCrypt RAM Encryption.html

+xcopy /E ..\html\* .

+del /F /Q *.html *.css *.jpg *.gif *.png *.svg

+rmdir /s /Q CompilingGuidelineWin ru

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

+<head>

+<meta http-equiv="content-type" content="text/html; charset=utf-8" />

+<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>

+<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>

+<meta name="keywords" content="encryption, security"/>

+<link href="styles.css" rel="stylesheet" type="text/css" />

+</head>

+<body>

+

+<div>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+</div>

+

+<div id="menu">

+ <ul>

+ <li><a href="Home.html">Home</a></li>

+ <li><a href="/code/">Source Code</a></li>

+ <li><a href="Downloads.html">Downloads</a></li>

+ <li><a class="active" href="Documentation.html">Documentation</a></li>

+ <li><a href="Donation.html">Donate</a></li>

+ <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>

+ </ul>

+</div>

+

+<div>

+<p>

+<a href="Documentation.html">Documentation</a>

+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

+<a href="Avoid%20Third-Party%20File%20Extensions.html">Avoid Third-Party File Extensions</a>

+</p></div>

+

+<div class="wikidoc">

+ <h1>Understanding the Risks of Using Third-Party File Extensions with VeraCrypt</h1>

+ <div>

+ <p>While VeraCrypt provides robust encryption capabilities to secure your data, using third-party file extensions for File Containers or Keyfiles could risk making the encrypted data inaccessible.<br />

+ This guide provides an in-depth explanation of the associated risks, and it outlines recommendations for best practices to mitigate these risks.</p>

+ </div>

+

+ <h2>Risks Associated with File Containers</h2>

+ <div>

+ <p>Using a third-party file extension for File Containers exposes you to several risks:</p>

+ <ul>

+ <li>Overwritten Metadata: Third-party applications may update their metadata, which could overwrite crucial parts of the File Container.</li>

+ <li>Unintentional Changes: Accidentally launching a File Container with a third-party application could modify its metadata without your consent.</li>

+ <li>Container Corruption: These actions could render the container unreadable or unusable.</li>

+ <li>Data Loss: The data within the container might be permanently lost if the container becomes corrupted.</li>

+ </ul>

+ </div>

+

+ <h2>Risks Associated with Keyfiles</h2>

+ <div>

+ <p>Similar risks are associated with Keyfiles:</p>

+ <ul>

+ <li>Keyfile Corruption: Inadvertently modifying a Keyfile with a third-party application can make it unusable for decryption.</li>

+ <li>Overwritten Data: Third-party applications may overwrite the portion of the Keyfile that VeraCrypt uses for decryption.</li>

+ <li>Unintentional Changes: Accidental changes can make it impossible to mount the volume unless you have an unaltered backup of the Keyfile.</li>

+ </ul>

+ </div>

+

+ <h2>Examples of Extensions to Avoid</h2>

+ <div>

+ <p>Avoid using the following types of third-party file extensions:</p>

+ <ul>

+ <li>Media Files: Picture, audio, and video files are subject to metadata changes by their respective software.</li>

+ <li>Archive Files: Zip files can be easily modified, which could disrupt the encrypted volume.</li>

+ <li>Executable Files: Software updates can modify these files, making them unreliable as File Containers or Keyfiles.</li>

+ <li>Document Files: Office and PDF files can be automatically updated by productivity software, making them risky to use.</li>

+ </ul>

+ </div>

+

+ <h2>Recommendations</h2>

+ <div>

+ <p>For secure usage, consider the following best practices:</p>

+ <ul>

+ <li>Use neutral file extensions for File Containers and Keyfiles to minimize the risk of automatic file association.</li>

+ <li>Keep secure backups of your File Containers and Keyfiles in locations isolated from network access.</li>

+ <li>Disable auto-open settings for the specific file extensions you use for VeraCrypt File Containers and Keyfiles.</li>

+ <li>Always double-check file associations and be cautious when using a new device or third-party application.</li>

+ </ul>

+ </div>

+

+<div class="ClearBoth"></div></body></html>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<a href="BLAKE2s-256.html">BLAKE2s-256</a>

+<h1>BLAKE2s-256</h1>

+<p>

+BLAKE2 is a cryptographic hash function based on BLAKE, created by Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein. It was announced on December 21, 2012. The design goal was to replace the widely used, but broken, MD5 and SHA-1 algorithms in applications requiring high performance in software. BLAKE2 provides better security than SHA-2 and similar to that of SHA-3 (e.g. immunity to length extension, indifferentiability from a random oracle, etc...).<br/>

+BLAKE2 removes addition of constants to message words from BLAKE round function, changes two rotation constants, simplifies padding, adds parameter block that is XOR'ed with initialization vectors, and reduces the number of rounds from 16 to 12 for BLAKE2b (successor of BLAKE-512), and from 14 to 10 for BLAKE2s (successor of BLAKE-256).<br/>

+BLAKE2b and BLAKE2s are specified in RFC 7693.

+</p>

+<p>

+VeraCrypt uses only BLAKE2s with its maximum output size of 32-bytes (256 bits).

+</p>

+</div>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<p><img src="Beginner's Tutorial_Image_001.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_002.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_003.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_004.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_005.jpg" alt=""><br>

+and the filename of the volume (container) will be <em>MyVolume.hc </em>(as can be seen in the screenshot above). You may, of course, choose any other filename and location you like (for example, on a USB memory stick). Note that the file

+<em>MyVolume.hc </em>does not exist yet &ndash; VeraCrypt will create it.</p>

+<p><img src="Beginner's Tutorial_Image_007.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_008.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_009.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_010.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_011.jpg" alt=""><br>

+Volume creation should begin. VeraCrypt will now create a file called <em>MyVolume.hc

+<img src="Beginner's Tutorial_Image_012.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_013.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_014.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_015.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_016.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_017.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_018.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_019.jpg" alt=""><br>

+<p><img src="Beginner's Tutorial_Image_020.jpg" alt=""><br>

+<img src="Beginner's Tutorial_Image_021.jpg" alt=""><br>

+<img src="Beginner's Tutorial_Image_022.jpg" alt=""><br>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<h2>Camellia-Kuznyechik</h2>

+<p>Two ciphers in a cascade [15, 16] operating in XTS mode (see the section <a href="Modes%20of%20Operation.html">

+<em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with Kuznyechik (256-bit key) in XTS mode and then with Camellia (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that

+ header keys are independent too, even though they are derived from a single password &ndash; see the section

+<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.</p>

+<h2>Camellia-Serpent</h2>

+<p>Two ciphers in a cascade [15, 16] operating in XTS mode (see the section <a href="Modes%20of%20Operation.html">

+<em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with Serpent (256-bit key) in XTS mode and then with Camellia (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that

+ header keys are independent too, even though they are derived from a single password &ndash; see the section

+<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.</p>

+<h2>Kuznyechik-AES</h2>

+<p>Two ciphers in a cascade [15, 16] operating in XTS mode (see the section <a href="Modes%20of%20Operation.html">

+<em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with AES (256-bit key) in XTS mode and then with Kuznyechik (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that

+ header keys are independent too, even though they are derived from a single password &ndash; see the section

+<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.</p>

+<h2>Kuznyechik-Serpent-Camellia</h2>

+<p>Three ciphers in a cascade [15, 16] operating in XTS mode (see the section <a href="Modes%20of%20Operation.html">

+<em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with Camellia (256-bit key) in XTS mode, then with Serpent (256- bit key) in XTS mode, and finally with Kuznyechik (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All

+ encryption keys are mutually independent (note that header keys are independent too, even though they are derived from a single password &ndash; see the section

+<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.</p>

+<h2>Kuznyechik-Twofish</h2>

+<p>Two ciphers in a cascade [15, 16] operating in XTS mode (see the section <a href="Modes%20of%20Operation.html">

+<em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with Twofish (256-bit key) in XTS mode and then with Kuznyechik (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that

+ header keys are independent too, even though they are derived from a single password &ndash; see the section

+<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.</p>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<table border="1" cellspacing="0" cellpadding="1">

+<td>It must be followed by a parameter indicating the PRF hash algorithm to use when mounting the volume. Possible values for /hash parameter are: sha256, sha-256, sha512, sha-512, whirlpool, blake2s and blake2s-256. When /hash is omitted, VeraCrypt will try

+<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: display password dialog and token PIN dialog in a dedicated secure desktop to protect against certain types of attacks.<br>

+If it is followed by <strong>n</strong> or <strong>no</strong>: the password dialog and token PIN dialog are displayed in the normal desktop.</td>

+If it is followed by <strong>p </strong>or<strong> pim</strong>: enable both password and PIM cache (e.g., /c p).<br>

+<em>/m label=MyDrive</em> will set the label of the drive in Explorer to <em>MyDrive</em>.</p>

+<p><strong>noattach</strong>: Only create virtual device without actually attaching the mounted volume to the selected drive letter.</p>

+<p>Please note that this switch may be present several times in the command line in order to specify multiple mount options (e.g.: /m rm /m ts)</p>

+<tr>

+<td><em>/DisableDeviceUpdate</em>&nbsp;</td>

+<td>Disables periodic internel check on devices connected to the system that is used for handling favorites identified with VolumeID and replace it with on-demande checks.</td>

+</tr>

+<tr>

+<td><em>/protectMemory</em>&nbsp;</td>

+<td>Activates a mechanism that protects VeraCrypt process memory from being accessed by other non-admin processes.</td>

+</tr>

+<tr>

+<td><em>/signalExit</em>&nbsp;</td>

+<td>It must be followed by a parameter specifying the name of the signal to send to unblock a waiting <a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/waitfor" target="_blank">WAITFOR.EXE</a> command when VeraCrypt exists.<br>

+The name of signal must be the same as the one specified to WAITFOR.EXE command (e.g."veracrypt.exe /q /v test.hc /l Z /signal SigName" followed by "waitfor.exe SigName"<br>

+This switch is ignored if /q is not specified</td>

+</tr>

+<td>&nbsp;/keyfile or /k</td>

+<td>&nbsp;(Only with /create)<br>

+It must be followed by a parameter specifying a keyfile or a keyfile search path. For multiple keyfiles, specify e.g.: /k c:\keyfile1.dat /k d:\KeyfileFolder /k c:\kf2 To specify a keyfile stored on a security token or smart card, use the following syntax:

+ token://slot/SLOT_NUMBER/file/FILE_NAME</td>

+</tr>

+<tr>

+<td><em>/tokenlib</em></td>

+<td>&nbsp;(Only with /create)<br>

+It must be followed by a parameter indicating the PKCS #11 library to use for security tokens and smart cards. (e.g.: /tokenlib c:\pkcs11lib.dll)</td>

+</tr>

+<tr>

+<td><em>/tokenpin</em></td>

+<td>&nbsp;(Only with /create)<br>

+It must be followed by a parameter indicating the PIN to use in order to authenticate to the security token or smart card (e.g.: /tokenpin 0000). Warning: This method of entering a smart card PIN may be insecure, for example, when an unencrypted command

+ prompt history log is being saved to unencrypted disk.</td>

+</tr>

+<tr>

+<li>AES </li><li>Serpent </li><li>Twofish </li><li>Camellia </li><li>Kuznyechik </li><li>AES(Twofish) </li><li>AES(Twofish(Serpent)) </li><li>Serpent(AES) </li><li>Serpent(Twofish(AES)) </li><li>Twofish(Serpent) </li>

+<li>Camellia(Kuznyechik) </li>

+<li>Kuznyechik(Twofish) </li>

+<li>Camellia(Serpent) </li>

+<li>Kuznyechik(AES) </li>

+<li>Kuznyechik(Serpent(Camellia)) </li>

+</ul>

+</li>

+<li>ExFAT: format using ExFAT. This switch is available starting from Windows Vista SP1 </li>

+<li>ReFS: format using ReFS. This switch is available starting from Windows 10 </li>

+</ul>

+<tr>

+<td>/nosizecheck</td>

+<td>Don't check that the given size of the file container is smaller than the available disk free. This applies to both UI and command line.</td>

+</tr>

+<tr>

+<td>/quick</td>

+<td>Perform quick formatting of volumes instead of full formatting. This applies to both UI and command line.</td>

+</tr>

+<tr>

+<td>/FastCreateFile</td>

+<td>Enables a faster, albeit potentially insecure, method for creating file containers. This option carries security risks as it can embed existing disk content into the file container, possibly exposing sensitive data if an attacker gains access to it. Note that this switch affects all file container creation methods, whether initiated from the command line, using the /create switch, or through the UI wizard.</td>

+</tr>

+<tr>

+<td><em>/protectMemory</em>&nbsp;</td>

+<td>Activates a mechanism that protects VeraCrypt Format process memory from being accessed by other non-admin processes.</td>

+</tr>

+<tr>

+<td><em>/secureDesktop</em></td>

+<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: display password dialog and token PIN dialog in a dedicated secure desktop to protect against certain types of attacks.<br>

+If it is followed by <strong>n</strong> or <strong>no</strong>: the password dialog and token PIN dialog are displayed in the normal desktop.</td>

+</tr>

+<p>VeraCrypt.exe [/tc] [/hash {sha256|sha-256|sha512|sha-512|whirlpool |blake2s|blake2s-256}][/a [devices|favorites]] [/b] [/c [y|n|f]] [/d [drive letter]] [/e] [/f] [/h [y|n]] [/k keyfile or search path] [tryemptypass [y|n]] [/l drive letter] [/m {bk|rm|recovery|ro|sm|ts|noattach}]

+<p>&quot;VeraCrypt Format.exe&quot; [/n] [/create] [/size number[{K|M|G|T}]] [/p password]&nbsp; [/encryption {AES | Serpent | Twofish | Camellia | Kuznyechik | AES(Twofish) | AES(Twofish(Serpent)) | Serpent(AES) | Serpent(Twofish(AES)) | Twofish(Serpent) | Camellia(Kuznyechik) | Kuznyechik(Twofish) | Camellia(Serpent) | Kuznyechik(AES) | Kuznyechik(Serpent(Camellia))}] [/hash {sha256|sha-256|sha512|sha-512|whirlpool|blake2s|blake2s-256}]

+ [/filesystem {None|FAT|NTFS|ExFAT|ReFS}] [/dynamic] [/force] [/silent] [/noisocheck] [FastCreateFile] [/quick]</p>

+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+

+<style>

+.textbox {

+ vertical-align: top;

+ height: auto !important;

+ font-family: Helvetica,sans-serif;

+ font-size: 20px;

+ font-weight: bold;

+ margin: 10px;

+ padding: 10px;

+ background-color: white;

+ width: auto;

+ border-radius: 10px;

+}

+

+.texttohide {

+ font-family: Helvetica,sans-serif;

+ font-size: 14px;

+ font-weight: normal;

+}

+

+

+</style>

+

+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

+<head>

+<meta http-equiv="content-type" content="text/html; charset=utf-8" />

+<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>

+<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>

+<meta name="keywords" content="encryption, security"/>

+<link href="styles.css" rel="stylesheet" type="text/css" />

+</head>

+<body>

+

+<div>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+</div>

+

+<div id="menu">

+ <ul>

+ <li><a href="Home.html">Home</a></li>

+ <li><a href="/code/">Source Code</a></li>

+ <li><a href="Downloads.html">Downloads</a></li>

+ <li><a class="active" href="Documentation.html">Documentation</a></li>

+ <li><a href="Donation.html">Donate</a></li>

+ <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>

+ </ul>

+</div>

+

+<div>

+<p>

+<a href="Documentation.html">Documentation</a>

+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

+<a href="Technical%20Details.html">Technical Details</a>

+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

+<a href="CompilingGuidelines.html">Building VeraCrypt From Source</a>

+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

+<a href="CompilingGuidelineLinux.html">Linux Build Guide</a>

+</p></div>

+

+<div class="wikidoc">

+This guide describes how to set up a Linux System to build VeraCrypt from source and how to perform compilation. <br>

+The procedure for a Ubuntu 22.04 LTS system is described here as an example, the procedure for other Linux systems is analogous.

+</div>

+

+<div class="wikidoc">

+<br>

+<br>

+The following components are required for compiling VeraCrypt:

+<ol>

+ <li>GNU Make</li>

+ <li>GNU C/C++ Compiler</li>

+ <li>YASM 1.3.0</li>

+ <li>pkg-config</li>

+ <li>wxWidgets 3.x shared library and header files installed by the system or wxWidgets 3.x library source code </li>

+ <li>FUSE library and header files</li>

+ <li>PCSC-lite library and header files</li>

+</ol>

+</div>

+

+<div class="wikidoc">

+<p>Below are the procedure steps. Clicking on any of the link takes directly to the related step:

+<ul>

+<li><strong><a href="#InstallationOfGNUMake">Installation of GNU Make</a></li></strong>

+<li><strong><a href="#InstallationOfGNUCompiler">Installation of GNU C/C++ Compiler</a></li></strong>

+<li><strong><a href="#InstallationOfYASM">Installation of YASM</a></li></strong>

+<li><strong><a href="#InstallationOfPKGConfig">Installation of pkg-config</a></li></strong>

+<li><strong><a href="#InstallationOfwxWidgets">Installation of wxWidgets 3.2</a></li></strong>

+<li><strong><a href="#InstallationOfFuse">Installation of libfuse</a></li></strong>

+<li><strong><a href="#InstallationOfPCSCLite">Installation of libpcsclite</a></li></strong>

+<li><strong><a href="#DownloadVeraCrypt">Download VeraCrypt</a></li></strong>

+<li><strong><a href="#CompileVeraCrypt">Compile VeraCrypt</a></li></strong>

+</ul>

+</p>

+<p>They can also be performed by running the below list of commands in a terminal or by copying them to a script:<br>

+<code>

+sudo apt update <br>

+sudo apt install -y build-essential yasm pkg-config libwxgtk3.0-gtk3-dev <br>

+sudo apt install -y libfuse-dev git libpcsclite-dev <br>

+git clone https://github.com/veracrypt/VeraCrypt.git <br>

+cd ~/VeraCrypt/src <br>

+make

+</code>

+</p>

+</div>

+

+<div class="wikidoc">

+ <div class="textbox" id="InstallationOfGNUMake">

+ <a href="#InstallationOfGNUMake">Installation of GNU Make</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Open a terminal

+ </li>

+ <li>

+ Execute the following commands: <br>

+ <code>

+ sudo apt update <br>

+ sudo apt install build-essential

+ </code>

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfGNUCompiler">

+ <a href="#InstallationOfGNUCompiler">Installation of GNU C/C++ Compiler</a>

+ <div class="texttohide">

+ <p> If the build-essential were already installed in the step before, this step can be skipped.

+ <ol>

+ <li>

+ Open a terminal

+ </li>

+ <li>

+ Execute the following commands: <br>

+ <code>

+ sudo apt update <br>

+ sudo apt install build-essential

+ </code>

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfYASM">

+ <a href="#InstallationOfYASM">Installation of YASM</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Open a terminal

+ </li>

+ <li>

+ Execute the following commands: <br>

+ <code>

+ sudo apt update <br>

+ sudo apt install yasm

+ </code>

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfPKGConfig">

+ <a href="#InstallationOfPKGConfig">Installation of pkg-config</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Open a terminal

+ </li>

+ <li>

+ Execute the following commands: <br>

+ <code>

+ sudo apt update <br>

+ sudo apt install pkg-config

+ </code>

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfwxWidgets">

+ <a href="#InstallationOfwxWidgets">Installation of wxWidgets 3.2</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Open a terminal

+ </li>

+ <li>

+ Execute the following commands: <br>

+ <code>

+ sudo apt update <br>

+ sudo apt install libwxgtk3.0-gtk3-dev <br>

+ </code>

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfFuse">

+ <a href="#InstallationOfFuse">Installation of libfuse</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Open a terminal

+ </li>

+ <li>

+ Execute the following commands: <br>

+ <code>

+ sudo apt update <br>

+ sudo apt install libfuse-dev

+ </code>

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+<div class="textbox" id="InstallationOfPCSCLite">

+ <a href="#InstallationOfPCSCLite">Installation of libpcsclite</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Open a terminal

+ </li>

+ <li>

+ Execute the following commands: <br>

+ <code>

+ sudo apt update <br>

+ sudo apt install libpcsclite-dev

+ </code>

+ </li>

+ </ol>

+ </p>

+ </div>

+</div>

+

+ <div class="textbox" id="DownloadVeraCrypt">

+ <a href="#DownloadVeraCrypt">Download VeraCrypt</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Open a terminal

+ </li>

+ <li>

+ Execute the following commands: <br>

+ <code>

+ sudo apt update <br>

+ sudo apt install git <br>

+ git clone https://github.com/veracrypt/VeraCrypt.git

+ </code>

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="CompileVeraCrypt">

+ <a href="#CompileVeraCrypt">Compile VeraCrypt</a>

+ <div class="texttohide">

+ <p> Remarks: <br>

+ <ul>

+ <li>

+ By default, a universal executable supporting both graphical and text user interface (through the switch --text) is built. <br>

+ On Linux, a console-only executable, which requires no GUI library, can be built using the 'NOGUI' parameter. <br>

+ For that, you need to dowload wxWidgets sources, extract them to a location of your choice and then run the following commands: <br>

+ <code>

+ make NOGUI=1 WXSTATIC=1 WX_ROOT=/path/to/wxWidgetsSources wxbuild <br>

+ make NOGUI=1 WXSTATIC=1 WX_ROOT=/path/to/wxWidgetsSources

+ </code>

+ </li>

+ <li>

+ If you are not using the system wxWidgets library, you will have to download and use wxWidgets sources like the remark above but this time the following commands should be run to build GUI version of VeraCrypt (NOGUI is not specified): <br>

+ <code>

+ make WXSTATIC=1 WX_ROOT=/path/to/wxWidgetsSources wxbuild <br>

+ make WXSTATIC=1 WX_ROOT=/path/to/wxWidgetsSources

+ </code>

+ </li>

+ </ul>

+ Steps:

+ <ol>

+ <li>

+ Open a terminal

+ </li>

+ <li>

+ Execute the following commands: <br>

+ <code>

+ cd ~/VeraCrypt/src <br>

+ make

+ </code>

+ </li>

+ <li>

+ If successful, the VeraCrypt executable should be located in the directory 'Main'.

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+</div>

+</body></html>

+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+

+<style>

+.textbox {

+ vertical-align: top;

+ height: auto !important;

+ font-family: Helvetica,sans-serif;

+ font-size: 20px;

+ font-weight: bold;

+ margin: 10px;

+ padding: 10px;

+ background-color: white;

+ width: auto;

+ border-radius: 10px;

+}

+

+.texttohide {

+ font-family: Helvetica,sans-serif;

+ font-size: 14px;

+ font-weight: normal;

+}

+

+

+</style>

+

+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

+<head>

+<meta http-equiv="content-type" content="text/html; charset=utf-8" />

+<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>

+<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>

+<meta name="keywords" content="encryption, security"/>

+<link href="styles.css" rel="stylesheet" type="text/css" />

+</head>

+<body>

+

+<div>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+</div>

+

+<div id="menu">

+ <ul>

+ <li><a href="Home.html">Home</a></li>

+ <li><a href="/code/">Source Code</a></li>

+ <li><a href="Downloads.html">Downloads</a></li>

+ <li><a class="active" href="Documentation.html">Documentation</a></li>

+ <li><a href="Donation.html">Donate</a></li>

+ <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>

+ </ul>

+</div>

+

+<div>

+<p>

+<a href="Documentation.html">Documentation</a>

+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

+<a href="Technical%20Details.html">Technical Details</a>

+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

+<a href="CompilingGuidelines.html">Building VeraCrypt From Source</a>

+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

+<a href="CompilingGuidelineWin.html">Windows Build Guide</a>

+</p></div>

+

+<div class="wikidoc">

+This guide describes how to set up a Windows system that can compile the VeraCrypt. Further it is described how VeraCrypt is going to be compiled. <br>

+The procedure for a Windows 10 system is described here as an example, but the procedure for other Windows systems is analogous.

+</div>

+

+<div class="wikidoc">

+The following components are required for compiling VeraCrypt:

+

+<ol>

+ <li>Microsoft Visual Studio 2010</li>

+ <li>Microsoft Visual Studio 2010 Service Pack 1</li>

+ <li>NASM</li>

+ <li>YASM</li>

+ <li>Visual C++ 1.52</li>

+ <li>Windows SDK 7.1</li>

+ <li>Windows Driver Kit 7.1</li>

+ <li>Windows 8.1 SDK</li>

+ <li>gzip</li>

+ <li>upx</li>

+ <li>7zip</li>

+ <li>Wix3</li>

+ <li>Microsoft Visual Studio 2019</li>

+ <li>Windows 10 SDK</li>

+ <li>Windows Driver Kit 1903</li>

+ <li>Visual Studio build tools</li>

+

+</ol>

+

+</div>

+

+<div class="wikidoc">

+Below are the procedure steps. Clicking on any of the link takes directly to the related step:

+<ul>

+<li><strong><a href="#InstallationOfMicrosoftVisualStudio2010">Installation of Microsoft Visual Studio 2010</a></li></strong>

+<li><strong><a href="#InstallationOfMicrosoftVisualStudio2010ServicePack1">Installation of Microsoft Visual Studio 2010 Service Pack 1</a></li></strong>

+<li><strong><a href="#InstallationOfNASM">Installation of NASM</a></li></strong>

+<li><strong><a href="#InstallationOfYASM">Installation of YASM</a></li></strong>

+<li><strong><a href="#InstallationOfVisualCPP">Installation of Microsoft Visual C++ 1.52</a></li></strong>

+<li><strong><a href="#InstallationOfWindowsSDK71PP">Installation of the Windows SDK 7.1</a></li></strong>

+<li><strong><a href="#InstallationOfWDK71PP">Installation of the Windows Driver Kit 7.1</a></li></strong>

+<li><strong><a href="#InstallationOfSDK81PP">Installation of the Windows 8.1 SDK</a></li></strong>

+<li><strong><a href="#InstallationOfGzip">Installation of gzip</a></li></strong>

+<li><strong><a href="#InstallationOfUpx">Installation of upx</a></li></strong>

+<li><strong><a href="#InstallationOf7zip">Installation of 7zip</a></li></strong>

+<li><strong><a href="#InstallationOfWix3">Installation of Wix3</a></li></strong>

+<li><strong><a href="#InstallationOfVS2019">Installation of Microsoft Visual Studio 2019</a></li></strong>

+<li><strong><a href="#InstallationOfWDK10">Installation of the Windows Driver Kit 2004</a></li></strong>

+<li><strong><a href="#InstallationOfVisualBuildTools">Installation of the Visual Studio build tools</a></li></strong>

+<li><strong><a href="#DownloadVeraCrypt">Download VeraCrypt Source Files</a></li></strong>

+<li><strong><a href="#CompileWin32X64">Compile the Win32/x64 Versions of VeraCrypt</a></li></strong>

+<li><strong><a href="#CompileARM64">Compile the ARM64 Version of VeraCrypt</a></li></strong>

+<li><strong><a href="#BuildVeraCryptExecutables">Build the VeraCrypt Executables</a></li></strong>

+<li><strong><a href="#ImportCertificates">Import the Certificates</a></li></strong>

+<li><strong><a href="#KnownIssues">Known Issues</a></li></strong>

+</ul>

+</div>

+

+<div class="wikidoc">

+ <div class="textbox" id="InstallationOfMicrosoftVisualStudio2010">

+ <a href="#InstallationOfMicrosoftVisualStudio2010">Installation of Microsoft Visual Studio 2010</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Visit the following Microsoft website and log in with a free Microsoft account: <br>

+ <a href="https://my.visualstudio.com/Downloads?q=Visual%20Studio%202010%20Professional&pgroup=" target="_blank">https://my.visualstudio.com/Downloads?q=Visual%20Studio%202010%20Professional&pgroup=</a>

+ </li>

+ <li>

+ Please download a (trial) version of “Visual Studio Professional 2010” <br>

+ <img src="CompilingGuidelineWin/DownloadVS2010.jpg" width="80%">

+ </li>

+ <li>

+ Mount the downloaded ISO file by doubleclicking it

+ </li>

+ <li>

+ Run the file "autorun.exe" as administrator

+ </li>

+ <li>

+ Install Microsoft Visual Studio 2010 with the default settings

+ </li>

+ </ol>

+ The installation of the Microsoft SQL Server 2008 Express Service Pack 1 (x64) may fail, but it is not required for compiling VeraCrypt.

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfMicrosoftVisualStudio2010ServicePack1">

+ <a href="#InstallationOfMicrosoftVisualStudio2010ServicePack1">Installation of Microsoft Visual Studio 2010 Service Pack 1</a>

+ <div class="texttohide">

+ <p>

+ Note: The content the official installer from Microsoft tries to download is no longer available. Therefore, it is necessary to use an offline installer.

+ <ol>

+ <li>

+ Visit the website of the internet archive and download the iso image of the Microsoft Visual Studio 2010 Service Pack 1:<br>

+ <a href="https://archive.org/details/vs-2010-sp-1dvd-1" target="_blank">https://archive.org/details/vs-2010-sp-1dvd-1</a>

+ </li>

+ <li>

+ Mount the downloaded ISO file by doubleclicking it

+ </li>

+ <li>

+ Run the file "Setup.exe" as administrator

+ </li>

+ <li>

+ Install Microsoft Visual Studio 2010 Service Pack 1 with the default settings

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfNASM">

+ <a href="#InstallationOfNASM">Installation of NASM</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Download “nasm-2.08-installer.exe” at: <br>

+ <a href="https://www.nasm.us/pub/nasm/releasebuilds/2.08/win32/" target="_blank">https://www.nasm.us/pub/nasm/releasebuilds/2.08/win32/</a>

+ </li>

+ <li>

+ Run the file as administrator

+ </li>

+ <li>

+ Install NASM with the default settings

+ </li>

+ <li>

+ Add NASM to the path Variable. This will make the command globally available on the command line. <br>

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ Open a file explorer

+ </li>

+ <li>

+ Within the left file tree, please make a right click on "This PC" and select "Properties" <br>

+ <img src="CompilingGuidelineWin/SelectThisPC.jpg" width="40%">

+ </li>

+ <li>

+ Within the right menu, please click on "Advanced system settings" <br>

+ <img src="CompilingGuidelineWin/SelectAdvancedSystemSettings.jpg" width="50%">

+ </li>

+ <li>

+ Please click on "Environment Variables" <br>

+ <img src="CompilingGuidelineWin/SelectEnvironmentVariables.jpg" width="17%">

+ </li>

+ <li>

+ Within the area of the system variables, please select the "Path" variable and click on "Edit..." <br>

+ <img src="CompilingGuidelineWin/SelectPathVariable.jpg" width="25%">

+ </li>

+ <li>

+ Click on "New" and add the following value: <br>

+ <p style="font-family: 'Courier New', monospace;">C:\Program Files (x86)\nasm</p>

+ </li>

+ <li>

+ Close the windows by clicking on "OK"

+ </li>

+ </ol>

+ </li>

+ <li>

+ To check if the configuration is working correctly, please open a command prompt and watch the output of the following command: <br>

+ <p style="font-family: 'Courier New', monospace;">nasm</p> <br>

+ <img src="CompilingGuidelineWin/NasmCommandLine.jpg" width="50%">

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfYASM">

+ <a href="#InstallationOfYASM">Installation of YASM</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Please create the following folder: <br>

+ C:\Program Files\YASM

+ </li>

+ <li>

+ Please download the file "Win64 VS2010 .zip" at: <br>

+ <a href="https://yasm.tortall.net/Download.html" target="_blank">https://yasm.tortall.net/Download.html</a>

+ </li>

+ <li>

+ Your browser might inform you that the file might be a security risk due to the low download rate or the unencrypted connection. Nevertheless, the official website is the most reliable source for this file, so we recommend to allow the download

+ </li>

+ <li>

+ Unzip the zip file and copy the files to “C:\Program Files\YASM”

+ </li>

+ <li>

+ Please download the file "Win64 .exe" at: <br>

+ <a href="https://yasm.tortall.net/Download.html" target="_blank">https://yasm.tortall.net/Download.html</a>

+ </li>

+ <li>

+ Your browser might inform you that the file might be a security risk due to the low download rate or the unencrypted connection. Nevertheless, the official website is the most reliable source for this file, so we recommend to allow the download

+ </li>

+ <li>

+ Rename the file to “yasm.exe” and copy it to “C:\Program Files\YASM”

+ </li>

+ <li>

+ Add YASM to the path Variable and create a new system variable for YASM. This will make the command globally available on the command line. <br>

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ Open a file explorer

+ </li>

+ <li>

+ Within the left file tree, please make a right click on "This PC" and select "Properties" <br>

+ <img src="CompilingGuidelineWin/SelectThisPC.jpg" width="40%">

+ </li>

+ <li>

+ Within the right menu, please click on "Advanced system settings" <br>

+ <img src="CompilingGuidelineWin/SelectAdvancedSystemSettings.jpg" width="50%">

+ </li>

+ <li>

+ Please click on "Environment Variables" <br>

+ <img src="CompilingGuidelineWin/SelectEnvironmentVariables.jpg" width="17%">

+ </li>

+ <li>

+ Within the area of the system variables, please select the "Path" variable and click on "Edit..." <br>

+ <img src="CompilingGuidelineWin/SelectPathVariable.jpg" width="25%">

+ </li>

+ <li>

+ Click on "New" and add the following value: <br>

+ <p style="font-family: 'Courier New', monospace;">C:\Program Files\YASM</p>

+ </li>

+ <li>

+ Close the top window by clicking on "OK"

+ </li>

+ <li>

+ Within the area of the system variables, please click on "New..." <br>

+ <img src="CompilingGuidelineWin/AddNewSystemVar.jpg" width="25%">

+ </li>

+ <li>

+ Fill out the form with the following values: <br>

+ <p style="font-family: 'Courier New', monospace;">Variable name: YASMPATH<br> Variable value: C:\Program Files\YASM</p>

+ </li>

+ <li>

+ Close the windows by clicking on "OK"

+ </li>

+ </ol>

+ </li>

+ <li>

+ To check if the configuration is working correctly, please open a command prompt and watch the output of the following command: <br>

+ <p style="font-family: 'Courier New', monospace;">yasm</p> <br>

+ and <br>

+ <p style="font-family: 'Courier New', monospace;">vsyasm</p> <br>

+ <img src="CompilingGuidelineWin/YasmCommandLine.jpg" width="50%">

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfVisualCPP">

+ <a href="#InstallationOfVisualCPP">Installation of Microsoft Visual C++ 1.52</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Visual C++ 1.52 is available via the paid Microsoft MSDN subscription. If you do not have a subscription, you download the ISO image via the internet archive: <br>

+ <a href="https://archive.org/details/ms-vc152" target="_blank">https://archive.org/details/ms-vc152</a>

+ </li>

+ <li>

+ Create the folder “C:\MSVC15”

+ </li>

+ <li>

+ Mount the ISO file and copy the content of the folder “MSVC” to “C:\MSVC15”

+ </li>

+ <li>

+ Create a system variable for Microsoft Visual C++ 1.52 <br>

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ Open a file explorer

+ </li>

+ <li>

+ Within the left file tree, please make a right click on "This PC" and select "Properties" <br>

+ <img src="CompilingGuidelineWin/SelectThisPC.jpg" width="40%">

+ </li>

+ <li>

+ Within the right menu, please click on "Advanced system settings" <br>

+ <img src="CompilingGuidelineWin/SelectAdvancedSystemSettings.jpg" width="50%">

+ </li>

+ <li>

+ Please click on "Environment Variables" <br>

+ <img src="CompilingGuidelineWin/SelectEnvironmentVariables.jpg" width="17%">

+ </li>

+ <li>

+ Within the area of the system variables, please click on "New..." <br>

+ <img src="CompilingGuidelineWin/AddNewSystemVar.jpg" width="25%">

+ </li>

+ <li>

+ Fill out the form with the following values: <br>

+ <p style="font-family: 'Courier New', monospace;">Variable name: MSVC16_ROOT<br> Variable value: C:\MSVC15</p>

+ </li>

+ <li>

+ Close the windows by clicking on "OK"

+ </li>

+ </ol>

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfWindowsSDK71PP">

+ <a href="#InstallationOfWindowsSDK71PP">Installation of the Windows SDK 7.1</a>

+ <div class="texttohide">

+ <p>

+ The installer requires .Net Framework 4 (Not a newer one like .Net Framework 4.8!). Since a newer version is already preinstalled with Windows 10, the installer has to be tricked:

+ <ol>

+ <li>

+ Click on the start button and search for: "regedit.msc". Start the first finding.

+ </li>

+ <li>

+ Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\"

+ </li>

+ <li>

+ Change the permissions for the "Client" folder, so you can edit the keys: <br>

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ Right click on the subfolder "Client" and select "Permissions..."

+ </li>

+ <li>

+ Click on "Advanced" <br>

+ <img src="CompilingGuidelineWin/RegeditPermissions-1.jpg" width="17%">

+ </li>

+ <li>

+ Change the owner to your user and click on "Add" <br>

+ <img src="CompilingGuidelineWin/RegeditPermissions-2.jpg" width="35%">

+ </li>

+ <li>

+ Set the principal to your user, select "Full Control" and click on "OK" <br>

+ <img src="CompilingGuidelineWin/RegeditPermissions-3.jpg" width="35%">

+ </li>

+ <li>

+ Within the folder "Client" note down the value of the entry "Version"

+ </li>

+ <li>

+ Doubleclick on the entry "Version" and change the value to "4.0.30319" <br>

+ <img src="CompilingGuidelineWin/RegeditPermissions-4.jpg" width="30%">

+ </li>

+ </ol>

+ </li>

+ <li>

+ Change the permissions for the "Full" folder, so you can edit the keys: <br>

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ Right click on the subfolder "Full" and select "Permissions..."

+ </li>

+ <li>

+ Click on "Advanced" <br>

+ <img src="CompilingGuidelineWin/RegeditPermissions-1.jpg" width="17%">

+ </li>

+ <li>

+ Change the owner to your user and click on "Add" <br>

+ <img src="CompilingGuidelineWin/RegeditPermissions-2.jpg" width="35%">

+ </li>

+ <li>

+ Set the principal to your user, select "Full Control" and click on "OK" <br>

+ <img src="CompilingGuidelineWin/RegeditPermissions-3.jpg" width="35%">

+ </li>

+ <li>

+ Within the folder "Full" note down the value of the entry "Version"

+ </li>

+ <li>

+ Doubleclick on the entry "Version" and change the value to "4.0.30319" <br>

+ <img src="CompilingGuidelineWin/RegeditPermissions-4.jpg" width="30%">

+ </li>

+ </ol>

+ </li>

+ <li>

+ Download the Windows SDK 7.1 at: <br>

+ <a href="https://www.microsoft.com/en-us/download/details.aspx?id=8279" target="_blank">https://www.microsoft.com/en-us/download/details.aspx?id=8279</a>

+ </li>

+ <li>

+ Run the downloaded file as administrator and install the application with default settings

+ </li>

+ <li>

+ After the installation, revert the changes done in the registry editor. <br>

+ <b>Note:</b> The owner "TrustedInstaller" can be restored by searching for: "NT Service\TrustedInstaller"

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfWDK71PP">

+ <a href="#InstallationOfWDK71PP">Installation of the Windows Driver Kit 7.1</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Please download the ISO of the Windows Diver Kit 7.1 at: <br>

+ <a href="https://www.microsoft.com/en-us/download/details.aspx?id=11800" target="_blank">https://www.microsoft.com/en-us/download/details.aspx?id=11800</a>

+ </li>

+ <li>

+ Mount the downloaded ISO file by doubleclicking it

+ </li>

+ <li>

+ Run the file "KitSetup.exe" as administrator. Within the installation select all features to be installed. <br>

+ <b>Note: </b>It might be that during the installed you are requested to install the .NET Framework 3.5. In this case click on "Download and install this feature".

+ </li>

+ <li>

+ Install the Driver Kit to the default location

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfSDK81PP">

+ <a href="#InstallationOfSDK81PP">Installation of the Windows 8.1 SDK</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Please download the ISO of the Windows 8.1 SDK at: <br>

+ <a href="https://developer.microsoft.com/de-de/windows/downloads/sdk-archive/" target="_blank">https://developer.microsoft.com/de-de/windows/downloads/sdk-archive/</a>

+ </li>

+ <li>

+ Run the downloaded file as administrator and install the Windows 8.1 SDK with default settings

+ </li>

+ <li>

+ Create a system variable for the Windows 8.1 SDK <br>

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ Open a file explorer

+ </li>

+ <li>

+ Within the left file tree, please make a right click on "This PC" and select "Properties" <br>

+ <img src="CompilingGuidelineWin/SelectThisPC.jpg" width="40%">

+ </li>

+ <li>

+ Within the right menu, please click on "Advanced system settings" <br>

+ <img src="CompilingGuidelineWin/SelectAdvancedSystemSettings.jpg" width="50%">

+ </li>

+ <li>

+ Please click on "Environment Variables" <br>

+ <img src="CompilingGuidelineWin/SelectEnvironmentVariables.jpg" width="17%">

+ </li>

+ <li>

+ Within the area of the system variables, please click on "New..." <br>

+ <img src="CompilingGuidelineWin/AddNewSystemVar.jpg" width="25%">

+ </li>

+ <li>

+ Fill out the form with the following values: <br>

+ <p style="font-family: 'Courier New', monospace;">Variable name: WSDK81<br> Variable value: C:\Program Files (x86)\Windows Kits\8.1\</p>

+ </li>

+ <li>

+ Close the windows by clicking on "OK"

+ </li>

+ </ol>

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfGzip">

+ <a href="#InstallationOfGzip">Installation of gzip</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Please create the following folder: <br>

+ C:\Program Files (x86)\gzip

+ </li>

+ <li>

+ Please download gzip version at: <br>

+ <a href="https://sourceforge.net/projects/gnuwin32/files/gzip/1.3.12-1/gzip-1.3.12-1-bin.zip/download?use-mirror=netix&download=" target="_blank">https://sourceforge.net/projects/gnuwin32/files/gzip/1.3.12-1/gzip-1.3.12-1-bin.zip/download?use-mirror=netix&download=</a>

+ </li>

+ <li>

+ Copy the content of the downloaded zip to “C:\Program Files (x86)\gzip”

+ </li>

+ <li>

+ Add gzip to the path Variable. This will make the command globally available on the command line. <br>

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ Open a file explorer

+ </li>

+ <li>

+ Within the left file tree, please make a right click on "This PC" and select "Properties" <br>

+ <img src="CompilingGuidelineWin/SelectThisPC.jpg" width="40%">

+ </li>

+ <li>

+ Within the right menu, please click on "Advanced system settings" <br>

+ <img src="CompilingGuidelineWin/SelectAdvancedSystemSettings.jpg" width="50%">

+ </li>

+ <li>

+ Please click on "Environment Variables" <br>

+ <img src="CompilingGuidelineWin/SelectEnvironmentVariables.jpg" width="17%">

+ </li>

+ <li>

+ Within the area of the system variables, please select the "Path" variable and click on "Edit..." <br>

+ <img src="CompilingGuidelineWin/SelectPathVariable.jpg" width="25%">

+ </li>

+ <li>

+ Click on "New" and add the following value: <br>

+ <p style="font-family: 'Courier New', monospace;">C:\Program Files (x86)\gzip\bin</p>

+ </li>

+ <li>

+ Close the windows by clicking on "OK"

+ </li>

+ </ol>

+ </li>

+ <li>

+ To check if the configuration is working correctly, please open a command prompt and watch the output of the following command: <br>

+ <p style="font-family: 'Courier New', monospace;">gzip</p> <br>

+ <img src="CompilingGuidelineWin/gzipCommandLine.jpg" width="50%">

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfUpx">

+ <a href="#InstallationOfUpx">Installation of upx</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Please create the following folder: <br>

+ C:\Program Files (x86)\upx

+ </li>

+ <li>

+ Please download the latest upx-X-XX-win64.zip version at: <br>

+ <a href="https://github.com/upx/upx/releases/tag/v3.96" target="_blank">https://github.com/upx/upx/releases/tag/v3.96</a>

+ </li>

+ <li>

+ Copy the content of the downloaded zip to “C:\Program Files (x86)\upx”

+ </li>

+ <li>

+ Add gzip to the path Variable. This will make the command globally available on the command line. <br>

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ Open a file explorer

+ </li>

+ <li>

+ Within the left file tree, please make a right click on "This PC" and select "Properties" <br>

+ <img src="CompilingGuidelineWin/SelectThisPC.jpg" width="40%">

+ </li>

+ <li>

+ Within the right menu, please click on "Advanced system settings" <br>

+ <img src="CompilingGuidelineWin/SelectAdvancedSystemSettings.jpg" width="50%">

+ </li>

+ <li>

+ Please click on "Environment Variables" <br>

+ <img src="CompilingGuidelineWin/SelectEnvironmentVariables.jpg" width="17%">

+ </li>

+ <li>

+ Within the area of the system variables, please select the "Path" variable and click on "Edit..." <br>

+ <img src="CompilingGuidelineWin/SelectPathVariable.jpg" width="25%">

+ </li>

+ <li>

+ Click on "New" and add the following value: <br>

+ <p style="font-family: 'Courier New', monospace;">C:\Program Files (x86)\upx</p>

+ </li>

+ <li>

+ Close the windows by clicking on "OK"

+ </li>

+ </ol>

+ </li>

+ <li>

+ To check if the configuration is working correctly, please open a command prompt and watch the output of the following command: <br>

+ <p style="font-family: 'Courier New', monospace;">upx</p> <br>

+ <img src="CompilingGuidelineWin/upxCommandLine.jpg" width="50%">

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOf7zip">

+ <a href="#InstallationOf7zip">Installation of 7zip</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Please download the latest version of 7zip at: <br>

+ <a href="https://www.7-zip.de/" target="_blank">https://www.7-zip.de/</a>

+ </li>

+ <li>

+ Run the downloaded file as administrator and install 7zip with default settings

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfWix3">

+ <a href="#InstallationOfWix3">Installation of Wix3</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Please download wix311.exe at: <br>

+ <a href="https://github.com/wixtoolset/wix3/releases" target="_blank">https://github.com/wixtoolset/wix3/releases</a>

+ </li>

+ <li>

+ Run the downloaded file as administrator and install WiX Toolset with default settings

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfVS2019">

+ <a href="#InstallationOfVS2019">Installation of Microsoft Visual Studio 2019</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Visit the following Microsoft website and log in with a free Microsoft account: <br>

+ <a href="https://my.visualstudio.com/Downloads?q=visual%20studio%202019%20Professional" target="_blank">https://my.visualstudio.com/Downloads?q=visual%20studio%202019%20Professional</a>

+ </li>

+ <li>

+ Please download the latest (trial) version of “Visual Studio Professional 2019” <br>

+ <img src="CompilingGuidelineWin/DownloadVS2019.jpg" width="80%">

+ </li>

+ <li>

+ Run the downloaded file as administrator and go through the wizard. <br>

+ Select the following Workloads for installation: <br>

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ Desktop development with C++

+ </li>

+ <li>

+ .NET desktop development

+ </li>

+ </ol>

+ Select the following individual components for installation:

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ .NET

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ .NET 6.0 Runtime

+ </li>

+ <li>

+ .NET Core 3.1 Runtime (LTS)

+ </li>

+ <li>

+ .NET Framework 4 targeting pack

+ </li>

+ <li>

+ .NET Framework 4.5 targeting pack

+ </li>

+ <li>

+ .NET Framework 4.5.1 targeting pack

+ </li>

+ <li>

+ .NET Framework 4.5.2 targeting pack

+ </li>

+ <li>

+ .NET Framework 4.6 targeting pack

+ </li>

+ <li>

+ .NET Framework 4.6.1 targeting pack

+ </li>

+ <li>

+ .NET Framework 4.7.2 targeting pack

+ </li>

+ <li>

+ .NET Framework 4.8 SDK

+ </li>

+ <li>

+ .NET Framework 4.8 targeting pack

+ </li>

+ <li>

+ .NET SDK

+ </li>

+ <li>

+ ML.NET Model Builder (Preview)

+ </li>

+ </ol>

+ </li>

+ <li>

+ Cloud, database, and server

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ CLR data types for SQL Server

+ </li>

+ <li>

+ Connectivity and publishing tools

+ </li>

+ </ol>

+ </li>

+ <li>

+ Code tools

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ NuGet package manager

+ </li>

+ <li>

+ Text Template Transformation

+ </li>

+ </ol>

+ </li>

+ <li>

+ Compilers, build tools, and runtimes

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ .NET Compiler Platform SDK

+ </li>

+ <li>

+ C# and Visual Basic Roslyn compilers

+ </li>

+ <li>

+ C++ 2019 Redistributable Update

+ </li>

+ <li>

+ C++ CMake tools for Windows

+ </li>

+ <li>

+ C++/CLI support for v142 build tools (Latest)

+ </li>

+ <li>

+ MSBuild

+ </li>

+ <li>

+ MSVC v142 - VS 2019 C++ ARM64 build tools (Latest)

+ </li>

+ <li>

+ MSVC v142 - VS 2019 C++ ARM64 Spectre-mitigated libs (Latest)

+ </li>

+ <li>

+ MSVC v142 - VS 2019 C++ x64/x86 build tools (Latest)

+ </li>

+ <li>

+ MSVC v142 - VS 2019 C++ x64/x86 Spectre-mitigated libs (Latest)

+ </li>

+ </ol>

+ </li>

+ <li>

+ Debugging and testing

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ .NET profiling tools

+ </li>

+ <li>

+ C++ AddressSanatizer

+ </li>

+ <li>

+ C++ profiling tools

+ </li>

+ <li>

+ Just-In-Time debugger

+ </li>

+ <li>

+ Test Adapter for Boost.Test

+ </li>

+ <li>

+ Test Adapter for Google Test

+ </li>

+ </ol>

+ </li>

+ <li>

+ Development activities

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ C# and Visual Basic

+ </li>

+ <li>

+ C++ core features

+ </li>

+ <li>

+ F# language support

+ </li>

+ <li>

+ IntelliCode

+ </li>

+ <li>

+ JavaScript and TypeScript language support

+ </li>

+ <li>

+ Live Share

+ </li>

+ </ol>

+ </li>

+ <li>

+ Emulators

+ <ol style="list-style-type: upper-roman;">

+ NONE

+ </ol>

+ </li>

+ <li>

+ Games and Graphics

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ Graphics debugger and GPU profiler for DirectX

+ </li>

+ </ol>

+ </li>

+ <li>

+ SDKs, libraries, and frameworks

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ C++ ATL for latest v142 build tools (ARM64)

+ </li>

+ <li>

+ C++ ATL for latest v142 build tools (x86 & x64)

+ </li>

+ <li>

+ C++ ATL for latest v142 build tools with Spectre Mitigations (ARM64)

+ </li>

+ <li>

+ C++ ATL for latest v142 build tools with Spectre Mitigations (x86 & x64)

+ </li>

+ <li>

+ C++ MFC for latest v142 build tools (ARM64)

+ </li>

+ <li>

+ C++ MFC for latest v142 build tools (x86 & x64)

+ </li>

+ <li>

+ C++ MFC for latest v142 build tools with Spectre Mitigations (ARM64)

+ </li>

+ <li>

+ C++ MFC for latest v142 build tools with Spectre Mitigations (x86 & x64)

+ </li>

+ <li>

+ Entity Framework 6 tools

+ </li>

+ <li>

+ TypeScript 4.3 SDK

+ </li>

+ <li>

+ Windows 10 SDK (10.0.19041.0)

+ </li>

+ <li>

+ Windows Universal C Runtime

+ </li>

+ </ol>

+ </li>

+ </ol>

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfWDK10">

+ <a href="#InstallationOfWDK10">Installation of the Windows Driver Kit version 2004</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Please download the Windows Driver Kit (WDK) version 2004 at: <br>

+ <a href="https://docs.microsoft.com/en-us/windows-hardware/drivers/other-wdk-downloads" target="_blank">https://docs.microsoft.com/en-us/windows-hardware/drivers/other-wdk-downloads</a>

+ </li>

+ <li>

+ Run the downloaded file as administrator and install the WDK with default settings

+ </li>

+ <li>

+ At the end of the installation you will be asked if you want to "install Windows Driver Kit Visual Studio extension". <br>

+ Please make sure, that this option is selected before closing the dialog.

+ </li>

+ <li>

+ A different setup will start automatically and will detect Visual Studio Professional 2019 as possible target for the extension. <br>

+ Please select it and proceed with the installation.

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="InstallationOfVisualBuildTools">

+ <a href="#InstallationOfVisualBuildTools">Installation of the Visual Studio build tools</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Visit the following Microsoft website and log in with a free Microsoft account: <br>

+ <a href="https://my.visualstudio.com/Downloads?q=visual%20studio%202019%20build%20tools" target="_blank">https://my.visualstudio.com/Downloads?q=visual%20studio%202019%20build%20tools</a>

+ </li>

+ <li>

+ Please download the latest version of “Build Tools for Visual Studio 2019” <br>

+ <img src="CompilingGuidelineWin/DownloadVSBuildTools.jpg" width="80%">

+ </li>

+ <li>

+ Run the downloaded file as administrator and go through the wizard. Select the following individual components for installation:

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ .NET

+ <ol style="list-style-type: upper-roman;">

+ NONE

+ </ol>

+ </li>

+ <li>

+ Cloud, database, and server

+ <ol style="list-style-type: upper-roman;">

+ NONE

+ </ol>

+ </li>

+ <li>

+ Code tools

+ <ol style="list-style-type: upper-roman;">

+ NONE

+ </ol>

+ </li>

+ <li>

+ Compilers, build tools, and runtimes

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ C++/CLI support for v142 build tools (Latest)

+ </li>

+ <li>

+ MSVC v142 - VS 2019 C++ ARM64 build tools (Latest)

+ </li>

+ <li>

+ MSVC v142 - VS 2019 C++ ARM64 Spectre-mitigated libs (Latest)

+ </li>

+ <li>

+ MSVC v142 - VS 2019 C++ x64/x86 build tools (Latest)

+ </li>

+ <li>

+ MSVC v142 - VS 2019 C++ x64/x86 Spectre-mitigated libs (Latest)

+ </li>

+ </ol>

+ </li>

+ <li>

+ Debugging and testing

+ <ol style="list-style-type: upper-roman;">

+ NONE

+ </ol>

+ </li>

+ <li>

+ Development activities

+ <ol style="list-style-type: upper-roman;">

+ NONE

+ </ol>

+ </li>

+ <li>

+ SDKs, libraries, and frameworks

+ <ol style="list-style-type: upper-roman;">

+ <li>

+ C++ ATL for latest v142 build tools (ARM64)

+ </li>

+ <li>

+ C++ ATL for latest v142 build tools (x86 & x64)

+ </li>

+ <li>

+ C++ ATL for latest v142 build tools with Spectre Mitigations (ARM64)

+ </li>

+ <li>

+ C++ ATL for latest v142 build tools with Spectre Mitigations (x86 & x64)

+ </li>

+ </ol>

+ </li>

+ </ol>

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="DownloadVeraCrypt">

+ <a href="#DownloadVeraCrypt">Download VeraCrypt Source Files</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Visit the VeraCrypt Github repository at: <br>

+ <a href="https://github.com/veracrypt/VeraCrypt" target="_blank">https://github.com/veracrypt/VeraCrypt</a>

+ </li>

+ <li>

+ Please click on the green button with the label "Code" and download the code. <br>

+ You can download the repository as zip file, but you may consider to use the git protocol in order to track changes.

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="CompileWin32X64">

+ <a href="#CompileWin32X64">Compile the Win32/x64 Versions of VeraCrypt</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Please open the file "src/VeraCrypt.sln" in Visual Studio <b>2010</b>

+ </li>

+ <li>

+ Please select "All|Win32" as active configuration <br>

+ <img src="CompilingGuidelineWin/VS2010Win32Config.jpg" width="80%">

+ </li>

+ <li>

+ Please click on "Build -> Build Solution" <br>

+ <img src="CompilingGuidelineWin/VS2010BuildSolution.jpg" width="40%">

+ </li>

+ <li>

+ The compiling process should end with warnings, but without errors. Some projects should be skipped.

+ </li>

+ <li>

+ Please select "All|x64" as active configuration <br>

+ <img src="CompilingGuidelineWin/VS2010X64Config.jpg" width="80%">

+ </li>

+ <li>

+ Please click on "Build -> Build Solution" <br>

+ <img src="CompilingGuidelineWin/VS2010BuildSolution.jpg" width="40%">

+ </li>

+ <li>

+ The compiling process should end with warnings, but without errors. Some projects should be skipped. <br>

+ Please close Visual Studio 2010 after the compiling process finished

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="CompileARM64">

+ <a href="#CompileARM64">Compile the ARM64 Version of VeraCrypt</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Please open the file "src/VeraCrypt_vs2019.sln" in Visual Studio <b>2019</b>

+ </li>

+ <li>

+ Please select "All|ARM64" as active configuration <br>

+ <img src="CompilingGuidelineWin/VS2019ARM64Config.jpg" width="80%">

+ </li>

+ <li>

+ Please click on "Build -> Build Solution" <br>

+ <img src="CompilingGuidelineWin/VS2019BuildSolution.jpg" width="40%">

+ </li>

+ <li>

+ The compiling process should end with warnings, but without errors. One project should be skipped. <br>

+ Please close Visual Studio 2019 after the compiling process finished

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="BuildVeraCryptExecutables">

+ <a href="#BuildVeraCryptExecutables">Build the VeraCrypt Executables</a>

+ <div class="texttohide">

+ <p>

+ <ol>

+ <li>

+ Please open a command line as administrator

+ </li>

+ <li>

+ Go into the folder "src/Signing/"

+ </li>

+ <li>

+ Run the script "sign_test.bat"

+ </li>

+ <li>

+ You will find the generated exectuables within the folder "src/Release/Setup Files"

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="ImportCertificates">

+ <a href="#ImportCertificates">Import the Certificates</a>

+ <div class="texttohide">

+ <p> With the sign_test.bat script you just signed the VeraCrypt executables. This is necessary, since Windows only accepts drivers, which are trusted by a signed Certificate Authority. <br>

+ Since you did not use the official VeraCrypt signing certificate to sign your code, but a public development version, you have to import and therefore trust the certificates used.

+ <ol>

+ <li>

+ Open the folder "src/Signing"

+ </li>

+ <li>

+ Import the following certificates to your Local Machine Certificate storage, by double clicking them:

+ <ul>

+ <li>GlobalSign_R3Cross.cer</li>

+ <li>GlobalSign_SHA256_EV_CodeSigning_CA.cer</li>

+ <li>TestCertificates/idrix_codeSign.pfx</li>

+ <li>TestCertificates/idrix_Sha256CodeSign.pfx</li>

+ <li>TestCertificates/idrix_SHA256TestRootCA.crt</li>

+ <li>TestCertificates/idrix_TestRootCA.crt</li>

+ </ul>

+ Note: If prompted, the password for .pfx certificates is <b>idrix</b>.

+ </li>

+ </ol>

+ </p>

+ </div>

+ </div>

+

+ <div class="textbox" id="KnownIssues">

+ <a href="#KnownIssues">Known Issues</a>

+ <div class="texttohide">

+ <p>

+ <ul>

+ <li>

+ <b>This distribution package is damaged</b> <br>

+ <img src="CompilingGuidelineWin/DistributionPackageDamaged.jpg" width="20%"> <br>

+ On Windows 10 or higher you might get the error message above. In order to avoid this, you will need to:<br>

+ <ul>

+ <li>Double-check the installation of the root certificate that issued the test code signing certificate in the "Local Machine Trusted Root Certification Authorities" store.</li>

+ <li>Compute SHA512 fingerprint of the test code signing certificate and update the gpbSha512CodeSignCertFingerprint array in the file "src/Common/Dlgcode.c" accordingly.</li>

+ </ul>

+ Please see <a href="https://sourceforge.net/p/veracrypt/discussion/technical/thread/83d5a2d6e8/#db12" target="_blank">https://sourceforge.net/p/veracrypt/discussion/technical/thread/83d5a2d6e8/#db12</a> for further details.<br>

+ <br>

+ Another approach is to disable the signature verification in the VeraCrypt code. This should be done only for testing purposes and not for production use:

+ <ol>

+ <li>

+ Open the file "src/Common/Dlgcode.c"

+ </li>

+ <li>

+ Look for the function "VerifyModuleSignature"

+ </li>

+ <li>

+ Replace the following lines: <br>

+ Find:<br>

+ <p style="font-family: 'Courier New', monospace;">

+ if (!IsOSAtLeast (WIN_10)) <br>

+ return TRUE;

+ </p> <br>

+ Replace:<br>

+ <p style="font-family: 'Courier New', monospace;">

+ return TRUE;

+ </p>

+ </li>

+ <li>

+ Compile the VeraCrypt code again

+ </li>

+ </ol>

+ </li>

+ <li>

+ <b>Driver Installation Failure during VeraCrypt Setup from Custom Builds</b> <br>

+ <img src="CompilingGuidelineWin/CertVerifyFails.jpg" width="20%"> <br>

+ Windows validates the signature for every driver which is going to be installed.<br>

+ For security reasons, Windows allows only drivers signed by Microsoft to load.<br>

+ So, when using a custom build:<br>

+ <ul>

+ <li>If you have not modified the VeraCrypt driver source code, you can use the Microsoft-signed drivers included in the VeraCrypt source code (under "src\Release\Setup Files").</li>

+ <li>If you have made modifications, <strong>you will need to boot Windows into "Test Mode"</strong>. This mode allows Windows to load drivers that aren't signed by Microsoft. However, even in "Test Mode", there are certain requirements for signatures, and failures can still occur due to reasons discussed below.</li>

+ </ul>

+ Potential Causes for Installation Failure under "Test Mode":

+ <ol>

+ <li>

+ <b>The certificate used for signing is not trusted by Windows</b><br>

+ You can verify if you are affected by checking the properties of the executable:

+ <ol>

+ <li>

+ Make a right click on the VeraCrypt Setup executable: "src/Release/Setup Files/VeraCrypt Setup 1.XX.exe"

+ </li>

+ <li>

+ Click on properties

+ </li>

+ <li>

+ Go to the top menu "Digital Signatures". Her you will find two signatures in the Signature list

+ </li>

+ Check both by double clicking on it. If the headline says "The certificate in the signature cannot be verified", the corresponding signing certificate was not imported correctly.<br>

+ Click on "View Certificate" and then on "Install Certificate..." to import the certificate to Local Machine certificate storage. For the Root certificates, you may need to choose "Place all certificates in the following store", and select the "Trusted Root Certification Authorities" store.<br>

+ <img src="CompilingGuidelineWin/CertificateCannotBeVerified.jpg" width="40%"> <br>

+ <li>

+ </ol>

+ </li>

+ <li>

+ <b>The driver was modified after the signing process.</b> <br>

+ In this case, please use the script "src/Signing/sign_test.bat" to sign your code again with the test certificates

+ </li>

+ </ol>

+ </li>

+ </ul>

+ </p>

+ </div>

+ </div>

+

+</div>

+</body></html>

+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

+<head>

+<meta http-equiv="content-type" content="text/html; charset=utf-8" />

+<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>

+<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>

+<meta name="keywords" content="encryption, security"/>

+<link href="styles.css" rel="stylesheet" type="text/css" />

+</head>

+<body>

+

+<div>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+</div>

+

+<div id="menu">

+ <ul>

+ <li><a href="Home.html">Home</a></li>

+ <li><a href="/code/">Source Code</a></li>

+ <li><a href="Downloads.html">Downloads</a></li>

+ <li><a class="active" href="Documentation.html">Documentation</a></li>

+ <li><a href="Donation.html">Donate</a></li>

+ <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>

+ </ul>

+</div>

+

+<div>

+<p>

+<a href="Documentation.html">Documentation</a>

+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

+<a href="Technical%20Details.html">Technical Details</a>

+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

+<a href="CompilingGuidelines.html">Building VeraCrypt From Source</a>

+</p></div>

+

+<div class="wikidoc">

+<h1>Building VeraCrypt From Source</h1>

+<p>In order to build VeraCrypt from the source code, you can follow these step-by-step guidelines:

+<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">

+<a href="CompilingGuidelineWin.html" style="text-align:left; color:#0080c0; text-decoration:none.html">Windows Build Guide</a>

+</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">

+<a href="CompilingGuidelineLinux.html" style="text-align:left; color:#0080c0; text-decoration:none.html">Linux Build Guide</a>

+</li></ul>

+</p>

+</div><div class="ClearBoth"></div></body></html>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

+<head>

+<meta http-equiv="content-type" content="text/html; charset=utf-8" />

+<title>VeraCrypt - Conversion Guide for Versions 1.26 and Later</title>

+<meta name="description" content="Guide on how to handle deprecated features and conversion of TrueCrypt volumes in VeraCrypt versions 1.26 and later."/>

+<meta name="keywords" content="VeraCrypt, TrueCrypt, Conversion, Encryption, Security"/>

+<link href="styles.css" rel="stylesheet" type="text/css" />

+</head>

+<body>

+

+<div>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+</div>

+

+<div id="menu">

+ <ul>

+ <li><a href="Home.html">Home</a></li>

+ <li><a href="/code/">Source Code</a></li>

+ <li><a href="Downloads.html">Downloads</a></li>

+ <li><a class="active" href="Documentation.html">Documentation</a></li>

+ <li><a href="Donation.html">Donate</a></li>

+ <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>

+ </ul>

+</div>

+

+<div>

+<p>

+<a href="Documentation.html">Documentation</a>

+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

+<a href="Conversion_Guide_VeraCrypt_1.26_and_Later.html">Conversion Guide for Versions 1.26 and Later</a>

+</p></div>

+

+<div class="wikidoc">

+<h1>Conversion Guide for VeraCrypt 1.26 and Later</h1>

+

+<h2>1. Introduction</h2>

+<p>Version 1.26 and newer of VeraCrypt have introduced significant changes by removing support for certain features. If you encounter issues while mounting volumes, this guide will help you understand and resolve them.</p>

+

+<h2>2. Deprecated Features in VeraCrypt 1.26 and Later</h2>

+<p>The following features have been deprecated:</p>

+<ul>

+<li>TrueCrypt Mode</li>

+<li>HMAC-RIPEMD-160 Hash Algorithm</li>

+<li>GOST89 Encryption Algorithm</li>

+</ul>

+<p>If you experience mounting errors with volumes created in VeraCrypt 1.25.9 or older, use VeraCrypt 1.25.9 to check if these deprecated features are in use. Highlight the volume and click on "Volume Properties" in the GUI to check.</p>

+

+<h2>3. Remediation Procedures Based on Version</h2>

+

+<h3>3.1 Scenario 1: Using VeraCrypt 1.25.9 or Older</h3>

+<p>If you are using or can upgrade to VeraCrypt 1.25.9, follow these steps:</p>

+<ul>

+<li>Convert TrueCrypt Volumes to VeraCrypt Volumes</li>

+<li>Change from Deprecated HMAC-RIPEMD-160 Hash Algorithm</li>

+<li>Recreate VeraCrypt Volume if Using GOST89 Encryption Algorithm</li>

+</ul>

+<p>Download the 1.25.9 version <a href="https://veracrypt.fr/en/Downloads_1.25.9.html">here</a>.</p>

+

+<h3>3.2 Scenario 2: Upgraded to VeraCrypt 1.26 or Newer</h3>

+<p>If you have already upgraded to VeraCrypt 1.26 or newer, follow these steps:</p>

+<ul>

+<li>Convert TrueCrypt Volumes to VeraCrypt Volumes</li>

+<li>Change from Deprecated HMAC-RIPEMD-160 Hash Algorithm</li>

+</ul>

+<p>If you are on Linux or Mac, temporarily downgrade to VeraCrypt 1.25.9. Windows users can use the VCPassChanger tool <a href="https://launchpad.net/veracrypt/trunk/1.25.9/+download/VCPassChanger_%28TrueCrypt_Convertion%29.zip">that can be downloaded from here</a>.</p>

+<ul>

+<li>Recreate VeraCrypt Volume if Using GOST89 Encryption Algorithm</li>

+</ul>

+All OSes temporarily downgrade to 1.25.9 version.

+<h2>4. Conversion and Remediation Procedures</h2>

+

+<h3>4.1 Converting TrueCrypt Volumes to VeraCrypt</h3>

+<p>TrueCrypt file containers and partitions created with TrueCrypt versions 6.x or 7.x can be converted to VeraCrypt using VeraCrypt 1.25.9 or the VCPassChanger tool on Windows. For more details, refer to the <a href="Converting%20TrueCrypt%20volumes%20and%20partitions.html">documentation</a>.</p>

+<p>After conversion, the file extension will remain as <code>.tc</code>. Manually change it to <code>.hc</code> if you want VeraCrypt 1.26 or newer to automatically recognize it.</p>

+

+<h3>4.2 Changing Deprecated HMAC-RIPEMD-160 Hash Algorithm</h3>

+<p>Use the "Set Header Key Derivation Algorithm" feature to change the HMAC-RIPEMD-160 hash algorithm to one supported in VeraCrypt 1.26. Refer to the <a href="Hash%20Algorithms.html">documentation</a> for more details.</p>

+

+<h3>4.3 Recreating VeraCrypt Volume if Using GOST89 Encryption Algorithm</h3>

+<p>If your volume uses the GOST89 encryption algorithm, you will need to copy your data elsewhere and recreate the volume using a supported encryption algorithm. More details are available in the <a href="Encryption%20Algorithms.html">encryption algorithm documentation</a>.</p>

+

+<h2>5. Important Notes</h2>

+<p><strong>Note to users who created volumes with VeraCrypt 1.17 or earlier:</strong></p>

+<blockquote>

+<p>To avoid revealing whether your volumes contain a hidden volume or not, or if you rely on plausible deniability, you must recreate both the outer and hidden volumes, including system encryption and hidden OS. Discard existing volumes created prior to VeraCrypt 1.18a.</p>

+</blockquote>

+

+<p>For more information, visit:</p>

+<ul>

+<li><a href="TrueCrypt%20Support.html">TrueCrypt Support</a></li>

+<li><a href="Converting%20TrueCrypt%20volumes%20and%20partitions.html">Converting TrueCrypt Volumes and Partitions</a></li>

+</ul>

+

+</div>

+

+<div class="ClearBoth"></div>

+</body>

+</html>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<p><strong>⚠️ Warning:</strong> <span style="color: red;">After conversion, ensure that the "TrueCrypt Mode" checkbox is not selected during the mount of the converted volume. Since it is no longer a TrueCrypt volume, mounting it with this option will lead to a mount failure.</span></p>

+<p><strong>⚠️ Important Notice:</strong> As of version 1.26, VeraCrypt has removed support for "TrueCrypt Mode." Consequently, the conversion of TrueCrypt volumes and partitions using this method is no longer possible. Please refer to <a href="Conversion_Guide_VeraCrypt_1.26_and_Later.html">this documentation page</a> for guidance on how to proceed with TrueCrypt volumes in VeraCrypt versions 1.26 and later.</p>

+<p>From version 1.0f up to and including version 1.25.9, TrueCrypt volumes and <strong>non-system</strong> partitions created with TrueCrypt versions 6.x and 7.x, starting with version 6.0 released on July 4th 2008, can be converted to VeraCrypt format using any of the following actions:</p>

+<p>If the TrueCrypt volume contains a hidden volume, it should also be converted using the same approach, by specifying the hidden volume password and/or keyfiles.</p>

+<p>🚨 After conversion of a file container, the file extension will remain as .tc. Manually change it to .hc if you want VeraCrypt 1.26 or newer to automatically recognize it.</p>

+<p>&ldquo;TrueCrypt Mode&rdquo; must be checked in the dialog as shown below:</p>

+<p>&nbsp;<img src="Converting TrueCrypt volumes and partitions_truecrypt_convertion.jpg" alt=""></p>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+ If you are not sure whether to enable or disable Quick Format, we recommend that you leave this option unchecked. Note that Quick Format can only be enabled when encrypting partitions/devices, except on Windows where it is also available when creating file containers.</p>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+ locations of recently accessed files, databases created by file indexing tools, etc.), or the data itself in an unencrypted form (temporary files, etc.), or unencrypted information about the filesystem residing in the VeraCrypt volume.</p>

+<p>Note that Windows automatically records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. For example, Windows uses a set of Registry keys known as “shellbags” to store the name, size, view, icon, and position of a folder when using Explorer.

+Each time you open a folder, this information is updated including the time and date of access. Windows Shellbags may be found in a few locations, depending on operating system version and user profile.

+On a Windows XP system, shellbags may be found under <strong>"HKEY_USERS\{USERID}\Software\Microsoft\Windows\Shell\"</strong> and <strong>"HKEY_USERS\{USERID}\Software\Microsoft\Windows\ShellNoRoam\"</strong>.

+On a Windows 7 system, shellbags may be found under <strong>"HEKY_USERS\{USERID}\Local Settings\Software\Microsoft\Windows\Shell\"</strong>. More information available at <a href="https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545" target="_blank">https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545</a>.

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<p><img src="Home_VeraCrypt_menu_Default_Mount_Parameters.png" alt="Menu Default Mount Parameters"></p>

+<p><img src="Home_VeraCrypt_Default_Mount_Parameters.png" alt="Default Mount Parameters Dialog"></p>

+<img src="Default Mount Parameters_VeraCrypt_password_using_default_parameters.png" alt="Mount Password Dialog using default values"></p>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>

+<li>Install any public-key encryption software that supports PGP signatures. For Windows, you can download <a href="http://www.gpg4win.org/" target="_blank">Gpg4win</a>. For more information, you can visit <a href="https://www.gnupg.org/">https://www.gnupg.org/</a>. </li>

+<li>Create a private key (for information on how to do so, please see the documentation for the public-key encryption software).</li>

+<li>Download our PGP public key from <strong>IDRIX</strong> website (<a href="https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc" target="_blank">https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc</a>) or from a trusted public key repository

+ (ID=0x680D16DE), and import the downloaded key to your keyring (for information on how to do so, please see the documentation for the public-key encryption software). Please check that its fingerprint is

+<strong>5069A233D55A0EEB174A5FC3821ACD02680D16DE</strong>.

+<ul>

+<li>For VeraCrypt version 1.22 and below, the verification must use the PGP public key available at <a href="https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key_2014.asc" target="_blank">https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key_2014.asc</a> or from a trusted public key repository

+ (ID=0x54DDD393), whose fingerprint is <strong>993B7D7E8E413809828F0F29EB559C7C54DDD393</strong>.

+</li>

+</ul>

+</li>

+<li>Sign the imported key with your private key to mark it as trusted (for information on how to do so, please see the documentation for the public-key encryption software).<br>

+</li>

+<li>Download the digital signature by downloading the <em>PGP Signature</em> of the file you want to verify (on the <a href="https://www.veracrypt.fr/en/Downloads.html">Downloads page</a>).

+</li>

+<li>Verify the downloaded signature (for information on how to do so, please see the documentation for the public-key encryption software).</li>

+</ol>

+<li>Check that the fingerprint of the public key is <strong>5069A233D55A0EEB174A5FC3821ACD02680D16DE</strong>:<strong>gpg --import --import-options show-only VeraCrypt_PGP_public_key.asc</strong> (for older gpg versions, type instead:

+<strong>gpg --with-fingerprint VeraCrypt_PGP_public_key.asc</strong>)</li><li>If the fingerprint is the expected one, import the public key: <strong>gpg --import VeraCrypt_PGP_public_key.asc</strong>

+</li><li>Verify the signature of the Linux setup archive (here for version 1.23): <strong>

+gpg --verify veracrypt-1.23-setup.tar.bz2.sig veracrypt-1.23-setup.tar.bz2</strong>