This archive contains the source code of VeraCrypt. It is based on original TrueCrypt 7.1a with security enhancements and modifications. Important ========= You may use the source code contained in this archive only if you accept and agree to the license terms contained in the file 'License.txt', which is included in this archive. Note that the license specifies, for example, that a derived work must not be called 'TrueCrypt' or 'VeraCrypt' Contents ======== I. Windows Requirements for Building VeraCrypt for Windows. Instructions for Building VeraCrypt for Windows. Instructions for Signing and Packaging VeraCrypt for Windows. II. Linux and Mac OS X Requirements for Building VeraCrypt for Linux and Mac OS X. Instructions for Building VeraCrypt for Linux and Mac OS X. Mac OS X specifics III. FreeBSD IV. Third-Party Developers (Contributors) V. Legal Information VI. Further Information I. Windows ========== Requirements for Building VeraCrypt for Windows: ------------------------------------------------ - Microsoft Visual C++ 2010 SP1 (Professional Edition or compatible) - Microsoft Visual C++ 1.52 (available from MSDN Subscriber Downloads) - Microsoft Windows SDK for Windows 7.1 (configured for Visual C++ 2010) - Microsoft Windows SDK for Windows 8.1 (needed for SHA-256 code signing) - Microsoft Windows Driver Kit 7.1.0 (build 7600.16385.1) - NASM assembler 2.08 or compatible - YASM 1.3.0 or newer. - gzip compressor - upx packer (available at https://upx.github.io/) IMPORTANT: The 64-bit editions of Windows Vista and later versions of Windows, and in some cases (e.g. playback of HD DVD content) also the 32-bit editions, do not allow the VeraCrypt driver to run without an appropriate digital signature. Therefore, all .sys files in official VeraCrypt binary packages are digitally signed with the digital certificate of the IDRIX, which was issued by Thawte certification authority. At the end of each official .exe and .sys file, there are embedded digital signatures and all related certificates (i.e. all certificates in the relevant certification chain, such as the certification authority certificates, CA-MS cross-certificate, and the IDRIX certificate). Keep this in mind if you compile VeraCrypt and compare your binaries with the official binaries. If your binaries are unsigned, the sizes of the official binaries will usually be approximately 10 KiB greater than sizes of your binaries (there may be further differences if you use a different version of the compiler, or if you install a different or no service pack for Visual Studio, or different hotfixes for it, or if you use different versions of the required SDKs). Instructions for Building VeraCrypt for Windows: ------------------------------------------------ 1) Create an environment variable 'MSVC16_ROOT' pointing to the folder 'MSVC15' extracted from the Visual C++ 1.52 self-extracting package. Note: The 16-bit installer MSVC15\SETUP.EXE cannot be run on 64-bit Windows, but it is actually not necessary to run it. You only need to extract the folder 'MSVC15', which contains the 32-bit binaries required to build the VeraCrypt Boot Loader. 2) If you have installed the Windows Driver Development Kit in another directory than '%SYSTEMDRIVE%\WinDDK', create an environment variable 'WINDDK_ROOT' pointing to the DDK installation directory. 3) Open the solution file 'VeraCrypt.sln' in Microsoft Visual Studio 2010. 4) Select 'All' as the active solution configuration. 5) Build the solution. 6) If successful, there should be newly built VeraCrypt binaries in the 'Release' folder. Instructions for Signing and Packaging VeraCrypt for Windows: ------------------------------------------------------------- First, create an environment variable 'WSDK81' pointing to the Windows SDK for Windows 8.1 installation directory. The folder "Signing" contains a batch file (sign.bat) that will sign all VeraCrypt components using a code signing certificate present on the certificate store and also build the final installation setup. The batch file suppose that the code signing certificate is issued by Thawt. This is the case for IDRIX's certificate. If yours is issued by another CA, then you should put the Root and Intermediate certificates in the "Signing" folder and then modify sign.bat accordingly. VeraCrypt EFI Boot Loader: -------------------------- VeraCrypt source code contains pre-built EFI binaries under src\Boot\EFI. The source code of VeraCrypt EFI Boot Loader is licensed under LGPL and it is available at https://github.com/veracrypt/VeraCrypt-DCS. For build instructions, please refer to the file src\Boot\EFI\Readme.txt. II. Linux and Mac OS X ====================== Requirements for Building VeraCrypt for Linux and Mac OS X: ----------------------------------------------------------- - GNU Make - GNU C++ Compiler 4.0 or compatible - Apple Xcode (Mac OS X only) - YASM 1.3.0 or newer (Linux only, x86/x64 architecture only) - pkg-config - wxWidgets 3.0 shared library and header files installed or wxWidgets 3.0 library source code (available at https://www.wxwidgets.org) - FUSE library and header files (available at https://github.com/libfuse/libfuse and https://osxfuse.github.io/) Instructions for Building VeraCrypt for Linux and Mac OS X: ----------------------------------------------------------- 1) Change the current directory to the root of the VeraCrypt source code. 2) If you have no wxWidgets shared library installed, run the following command to configure the wxWidgets static library for VeraCrypt and to build it: $ make
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
<meta name="keywords" content="encryption, security"/>
<link href="styles.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div>
<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
</div>
<div id="menu">
<ul>
<li><a href="Home.html">Home</a></li>
<li><a href="/code/">Source Code</a></li>
<li><a href="Downloads.html">Downloads</a></li>
<li><a class="active" href="Documentation.html">Documentation</a></li>
<li><a href="Donation.html">Donate</a></li>
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Data%20Leaks.html">Data Leaks</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Hibernation%20File.html">Hibernation File</a>
</p></div>
<div class="wikidoc">
<div>
<h1>Hibernation File</h1>
<p>Note: The issue described below does not affect you if the system partition or system drive is encrypted<span>*
</span>(for more information, see the chapter <a href="System%20Encryption.html">
<em>System Encryption</em></a>) and if the hibernation file is located on one the partitions within the key scope of system encryption (which it typically is, by default), for example, on the partition where Windows is installed. When the computer hibernates,
data are encrypted on the fly before they are written to the hibernation file.</p>
<p>When a computer hibernates (or enters a power-saving mode), the content of its system memory is written to a so-called hibernation file on the hard drive. You can configure VeraCrypt (<em>Settings</em> >
<em>Preferences</em> > <em>Dismount all when: Entering power saving mode</em>) to automatically dismount all mounted VeraCrypt volumes, erase their master keys stored in RAM, and cached passwords (stored in RAM), if there are any, before a computer hibernates
(or enters a power-saving mode). However, keep in mind, that if you do not use system encryption (see the chapter
<a href="System%20Encryption.html"><em>System Encryption</em></a>), VeraCrypt still cannot reliably prevent the contents of sensitive files opened in RAM from being saved unencrypted to a hibernation file. Note that
when you open a file stored on a VeraCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM (and it may remain unencrypted in RAM until the computer is turned off).<br>
<br>
Note that when Windows enters Sleep mode, it may be actually configured to enter so-called Hybrid Sleep mode, which involves hibernation. Also note that the operating system may be configured to hibernate or enter the Hybrid Sleep mode when you click or select
"Shut down" (for more information, please see the documentation for your operating system).<br>
<br>
<strong>To prevent the issues described above</strong>, encrypt the system partition/drive (for information on how to do so, see the chapter
<a href="System%20Encryption.html"><em>System Encryption</em></a>) and make sure that the hibernation file is located on one of the partitions within the key scope of system encryption (which it typically is, by default),
for example, on the partition where Windows is installed. When the computer hibernates, data will be encrypted on the fly before they are written to the hibernation file.</p>
<p>Note: You may also want to consider creating a hidden operating system (for more information, see the section
<a href="Hidden%20Operating%20System.html">
<em>Hidden Operating System</em></a>)<span>.</span></p>
<p>Alternatively, if you cannot use system encryption, disable or prevent hibernation on your computer at least for each session during which you work with any sensitive data and during which you mount a VeraCrypt volume.</p>
<p><span>* </span>Disclaimer: As Windows XP and Windows 2003 do not provide any API for encryption of hibernation files, VeraCrypt has to modify undocumented components of Windows XP/2003 in order to allow users to encrypt hibernation files. Therefore, VeraCrypt
cannot guarantee that Windows XP/2003 hibernation files will always be encrypted. In response to our public complaint regarding the missing API, Microsoft began providing a public API for encryption of hibernation files on Windows Vista and later versions
of Windows. VeraCrypt has used this API and therefore is able to safely encrypt hibernation files under Windows Vista and later versions of Windows. Therefore, if you use Windows XP/2003 and want the hibernation file to be safely encrypted, we strongly recommend
that you upgrade to Windows Vista or later.</p>
</div>
</div><div class="ClearBoth"></div></body></html>