VeraCrypt

Documentation >> Miscellaneous >> Digital Signatures

Digital Signatures

Why Verify Digital Signatures

It might happen that a VeraCrypt installation package you download from our server was created or modified by an attacker. For example, the attacker could exploit a vulnerability in the server software we use and alter the installation packages stored on the server, or he/she could alter any of the files en route to you.

Therefore, you should always verify the integrity and authenticity of each VeraCrypt distribution package you download or otherwise obtain from any source. In other words, you should always make sure that the file was created by us and it was not altered by an attacker. One way to do so is to verify so-called digital signature(s) of the file.

Types of Digital Signatures We Use

We currently use two types of digital signatures:

Advantages of X.509 Signatures

X.509 signatures have the following advantages, in comparison to PGP signatures:

Advantages of PGP Signatures

PGP signatures have the following advantages, in comparison to X.509 signatures:

How to Verify X.509 Signatures

Please note that X.509 signatures are currently available only for the VeraCrypt self-extracting installation packages for Windows. An X.509 digital signature is embedded in each of those files along with the digital certificate of the VeraCrypt Foundation issued by a public certification authority. To verify the integrity and authenticity of a self-extracting installation package for Windows, follow these steps:

  1. Download the VeraCrypt self-extracting installation package.
  2. In the Windows Explorer, click the downloaded file (‘VeraCrypt Setup.exe’) with the right mouse button and select ‘Properties’ from the context menu.
  3. In the Properties dialog window, select the ‘Digital Signatures’ tab.
  4. On the ‘Digital Signatures’ tab, in the ‘Signature list’, double click the line saying "IDRIX" or "IDRIX SARL".
  5. The ‘Digital Signature Details’ dialog window should appear now. If you see the following sentence at the top of the dialog window, then the integrity and authenticity of the package have been successfully verified:

    "This digital signature is OK."

    If you do not see the above sentence, the file is very likely corrupted. Note: On some obsolete versions of Windows, some of the necessary certificates are missing, which causes the signature verification to fail.

How to Verify PGP Signatures

To verify a PGP signature, follow these steps:

  1. Install any public-key encryption software that supports PGP signatures. For Windows, you can download Gpg4win. For more information, you can visit https://www.gnupg.org/.
  2. Create a private key (for information on how to do so, please see the documentation for the public-key encryption software).
  3. Download our PGP public key from IDRIX website (https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc) or from a trusted public key repository (ID=0x54DDD393), and import the downloaded key to your keyring (for information on how to do so, please see the documentation for the public-key encryption software). Please check that its fingerprint is 993B7D7E8E413809828F0F29EB559C7C54DDD393.
  4. Sign the imported key with your private key to mark it as trusted (for information on how to do so, please see the documentation for the public-key encryption software).

    Note: If you skip this step and attempt to verify any of our PGP signatures, you will receive an error message stating that the signing key is invalid.
  5. Download the digital signature by downloading the PGP Signature of the file you want to verify (on the Downloads page).
  6. Verify the downloaded signature (for information on how to do so, please see the documentation for the public-key encryption software).

Under Linux, these steps can be achieved using the following commands:

.highlight .cpf { color: #888888 } /* Comment.PreprocFile */ .highlight .c1 { color: #888888 } /* Comment.Single */ .highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */ .highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .gr { color: #aa0000 } /* Generic.Error */ .highlight .gh { color: #333333 } /* Generic.Heading */ .highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */ .highlight .go { color: #888888 } /* Generic.Output */ .highlight .gp { color: #555555 } /* Generic.Prompt */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #666666 } /* Generic.Subheading */ .highlight .gt { color: #aa0000 } /* Generic.Traceback */ .highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */ .highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */ .highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */ .highlight .kp { color: #008800 } /* Keyword.Pseudo */ .highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */ .highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */ .highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */ .highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */ .highlight .na { color: #336699 } /* Name.Attribute */ .highlight .nb { color: #003388 } /* Name.Builtin */ .highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */ .highlight .no { color: #003366; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555555 } /* Name.Decorator */ .highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */ .highlight .nl { color: #336699; font-style: italic } /* Name.Label */ .highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #336699; font-weight: bold } /* Name.Property */ .highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */
/*
 Derived from source code of TrueCrypt 7.1a, which is
 Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
 by the TrueCrypt License 3.0.

 Modifications and additions to the original source code (contained in this file)
 and all other portions of this file are Copyright (c) 2013-2017 IDRIX
 and are governed by the Apache License 2.0 the full text of which is
 contained in the file License.txt included in VeraCrypt binary and source
 code distribution packages.
*/

#ifndef TC_HEADER_Main_UserInterface
#define TC_HEADER_Main_UserInterface

#include "System.h"
#include "Core/Core.h"
#include "Main.h"
#include "CommandLineInterface.h"
#include "FavoriteVolume.h"
#include "LanguageStrings.h"
#include "UserPreferences.h"
#include "UserInterfaceException.h"
#include "UserInterfaceType.h"

namespace VeraCrypt
{
	class UserInterface : public wxApp
	{
	public:
		virtual ~UserInterface ();

		virtual bool AskYesNo (const wxString &message, bool defaultYes = false, bool warning = false) const = 0;
		virtual void BackupVolumeHeaders (shared_ptr <VolumePath> volumePath) const = 0;
		virtual void BeginBusyState () const = 0;
		virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), int pim = 0, shared_ptr <Hash> currentHash = shared_ptr <Hash>(), bool truecryptMode = false, shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), int newPim = 0, shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const = 0;
		virtual void CheckRequirementsForMountingVolume () const;
		virtual void CloseExplorerWindows (shared_ptr <VolumeInfo> mountedVolume) const;
		virtual void CreateKeyfile (shared_ptr <FilePath> keyfilePath = shared_ptr <FilePath>()) const = 0;
		virtual void CreateVolume (shared_ptr <VolumeCreationOptions> options) const = 0;
		virtual void DeleteSecurityTokenKeyfiles () const = 0;
		virtual void DismountAllVolumes (bool ignoreOpenFiles = false, bool interactive = true) const;
		virtual void DismountVolume (shared_ptr <VolumeInfo> volume, bool ignoreOpenFiles = false, bool interactive = true) const;
		virtual void DismountVolumes (VolumeInfoList volumes, bool ignoreOpenFiles = false, bool interactive = true) const;
		virtual void DisplayVolumeProperties (const VolumeInfoList &volumes) const;
		virtual void DoShowError (const wxString &message) const = 0;
		virtual void DoShowInfo (const wxString &message) const = 0;
		virtual void DoShowString (const wxString &str) const = 0;
		virtual void DoShowWarning (const wxString &message) const = 0;
		virtual void EndBusyState () const = 0;
		static wxString ExceptionToMessage (const exception &ex);
		virtual void ExportSecurityTokenKeyfile () const = 0;
		virtual shared_ptr <GetStringFunctor> GetAdminPasswordRequestHandler () = 0;
		virtual const UserPreferences &GetPreferences () const { return Preferences; }
		virtual void ImportSecurityTokenKeyfiles () const = 0;
		virtual void Init ();
		virtual void InitSecurityTokenLibrary () const = 0;
		virtual void ListMountedVolumes (const VolumeInfoList &volumes) const;
		virtual void ListSecurityTokenKeyfiles () const = 0;
		virtual shared_ptr <VolumeInfo> MountVolume (MountOptions &options) const;
		virtual shared_ptr <VolumeInfo> MountVolumeThread (MountOptions &options) const { return Core->MountVolume (options);}
		virtual VolumeInfoList MountAllDeviceHostedVolumes (MountOptions &options) const;
		virtual VolumeInfoList MountAllFavoriteVolumes (MountOptions &options);
		virtual void OpenExplorerWindow (const DirectoryPath &path);
		virtual void RestoreVolumeHeaders (shared_ptr <VolumePath> volumePath) const = 0;
		virtual void SetPreferences (const UserPreferences &preferences);
		virtual void ShowError (const exception &ex) const;
		virtual void ShowError (const char *langStringId) const { DoShowError (LangString[langStringId]); }
		virtual void ShowError (const wxString &message) const { DoShowError (message); }
		virtual void ShowInfo (const exception &ex) const { DoShowInfo (ExceptionToMessage (ex)); }
		virtual void ShowInfo (const char *langStringId) const { DoShowInfo (LangString[langStringId]); }
		virtual void ShowInfo (const wxString &message) const { DoShowInfo (message); }
		virtual void ShowWarning (const exception &ex) const { DoShowWarning (ExceptionToMessage (ex)); }
		virtual void ShowWarning (const char *langStringId) const { DoShowWarning (LangString[langStringId]); }
		virtual void ShowString (const wxString &str) const { DoShowString (str); }
		virtual void ShowWarning (const wxString &message) const { DoShowWarning (message); }
		virtual wxString SizeToString (uint64 size) const;
		virtual wxString SpeedToString (uint64 speed) const;
		virtual void Test () const;
		virtual wxString TimeSpanToString (uint64 seconds) const;
		virtual bool VolumeHasUnrecommendedExtension (const VolumePath &path) const;
		virtual void Yield () const = 0;
		virtual WaitThreadUI* GetWaitThreadUI(WaitThreadRoutine *pRoutine) const { return new WaitThreadUI(pRoutine);}
		virtual wxDateTime VolumeTimeToDateTime (VolumeTime volumeTime) const { return wxDateTime ((time_t) (volumeTime / 1000ULL / 1000 / 10 - 134774ULL * 24 * 3600)); }
		virtual wxString VolumeTimeToString (VolumeTime volumeTime) const;
		virtual wxString VolumeTypeToString (VolumeType::Enum type, bool truecryptMode, VolumeProtection::Enum protection) const;

		Event PreferencesUpdatedEvent;

		struct BusyScope
		{
			BusyScope (const UserInterface *userInterface) : UI (userInterface) { UI->BeginBusyState (); }
			~BusyScope () { UI->EndBusyState (); }
			const UserInterface *UI;
		};

		static void ThrowException (Exception* ex);

	protected:
		UserInterface ();
		virtual bool OnExceptionInMainLoop () { throw; }
		virtual void OnUnhandledException ();
		virtual void OnVolumeMounted (EventArgs &args);
		virtual void OnWarning (EventArgs &args);
		virtual bool ProcessCommandLine ();

		static wxString ExceptionToString (const Exception &ex);
		static wxString ExceptionTypeToString (const std::type_info &ex);

		UserPreferences Preferences;
		UserInterfaceType::Enum InterfaceType;

	private:
		UserInterface (const UserInterface &);
		UserInterface &operator= (const UserInterface &);
	};
}

#endif // TC_HEADER_Main_UserInterface