/* Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2017 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ #include #include #include #include #include "Tcdefs.h" #include "Keyfiles.h" #include "Crc.h" #include #include "Dlgcode.h" #include "Language.h" #include "SecurityToken.h" #include "Common/resource.h" #include "Platform/Finally.h" #include "Platform/ForEach.h" #ifdef TCMOUNT #include "Mount/Mount.h" #endif #include using namespace VeraCrypt; #define stat _stat #define S_IFDIR _S_IFDIR BOOL HiddenFilesPresentInKeyfilePath = FALSE; #ifdef TCMOUNT extern BOOL UsePreferences; #endif KeyFile *KeyFileAdd (KeyFile *firstKeyFile, KeyFile *keyFile) { KeyFile *kf = firstKeyFile; if (firstKeyFile != NULL) { while (kf->Next) kf = kf->Next; kf->Next = keyFile; } else firstKeyFile = keyFile; keyFile->Next = NULL; return firstKeyFile; } // Returns first keyfile, NULL if last keyfile was removed static KeyFile *KeyFileRemove (KeyFile *firstKeyFile, KeyFile *keyFile) { KeyFile *prevkf = NULL, *kf = firstKeyFile; if (firstKeyFile == NULL) return NULL; do { if (kf == keyFile) { if (prevkf == NULL) firstKeyFile = kf->Next; else prevkf->Next = kf->Next; burn (keyFile, sizeof(*keyFile)); // wipe free (keyFile); break; } prevkf = kf; } while (kf = kf->Next); return firstKeyFile; } void KeyFileRemoveAll (KeyFile **firstKeyFile) { KeyFile *kf = *firstKeyFile; while (kf != NULL) { KeyFile *d = kf; kf = kf->Next; burn (d, sizeof(*d)); // wipe free (d); } *firstKeyFile = NULL; } KeyFile *KeyFileClone (KeyFile *keyFile) { KeyFile *clone = NULL; if (keyFile == NULL) return NULL; clone = (KeyFile *) malloc (sizeof (KeyFile)); if (clone) { StringCbCopyW (clone->FileName, sizeof(clone->FileName), keyFile->FileName); clone->Next = NULL; } return clone; } void KeyFileCloneAll (KeyFile *firstKeyFile, KeyFile **outputKeyFile) { if (outputKeyFile) { KeyFile *cloneFirstKeyFile = KeyFileClone (firstKeyFile); KeyFile *kf; // free output only if different from input if (*outputKeyFile != firstKeyFile) KeyFileRemoveAll (outputKeyFile); if (firstKeyFile) { kf = firstKeyFile->Next; while (kf != NULL) { KeyFileAdd (cloneFirstKeyFile, KeyFileClone (kf)); kf = kf->Next; } *outputKeyFile = cloneFirstKeyFile; } } } static BOOL KeyFileProcess (unsigned __int8 *keyPool, KeyFile *keyFile) { FILE *f; unsigned __int8 buffer[64 * 1024]; unsigned __int32 crc = 0xffffffff; int writePos = 0; size_t bytesRead, totalRead = 0; int status = TRUE; HANDLE src; FILETIME ftCreationTime; FILETIME ftLastWriteTime; FILETIME ftLastAccessTime; BOOL bTimeStampValid = FALSE; /* Remember the last access time of the keyfile. It will be preserved in order to prevent an adversary from determining which file may have been used as keyfile. */ src = CreateFile (keyFile->FileName, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); if (src != INVALID_HANDLE_VALUE) { if (GetFileTime ((HANDLE) src, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime)) bTimeStampValid = TRUE; } finally_do_arg (HANDLE, src, { if (finally_arg != INVALID_HANDLE_VALUE) CloseHandle (finally_arg); }); f = _wfopen (keyFile->FileName, L"rb"); if (f == NULL) return FALSE; while ((bytesRead = fread (buffer, 1, sizeof (buffer), f)) > 0) { size_t i; if (ferror (f)) { status = FALSE; goto close; } for (i = 0; i < bytesRead; i++) { crc = UPDC32 (buffer[i], crc); keyPool[writePos++] += (unsigned __int8) (crc >> 24); keyPool[writePos++] += (unsigned __int8) (crc >> 16); keyPool[writePos++] += (unsigned __int8) (crc >> 8); keyPool[writePos++] += (unsigned __int8) crc; if (writePos >= KEYFILE_POOL_SIZE) writePos = 0; if (++totalRead >= KEYFILE_MAX_READ_LEN) goto close; } } if (ferror (f)) { status = FALSE; } else if (totalRead == 0) { status = FALSE; SetLastError (ERROR_HANDLE_EOF); } close: DWORD err = GetLastError(); fclose (f); if (bTimeStampValid && !IsFileOnReadOnlyFilesystem (keyFile->FileName)) { // Restore the keyfile timestamp SetFileTime (src, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime); } SetLastError (err); return status; } BOOL KeyFilesApply (HWND hwndDlg, Password *password, KeyFile *firstKeyFile, const wchar_t* volumeFileName) { BOOL status = TRUE; KeyFile kfSubStruct; KeyFile *kf; KeyFile *kfSub = &kfSubStruct; static unsigned __int8 keyPool [KEYFILE_POOL_SIZE]; size_t i; struct stat statStruct; wchar_t searchPath [TC_MAX_PATH*2]; struct _wfinddata_t fBuf; intptr_t searchHandle; HiddenFilesPresentInKeyfilePath = FALSE; if (firstKeyFile == NULL) return TRUE; VirtualLock (keyPool, sizeof (keyPool)); memset (keyPool, 0, sizeof (keyPool)); for (kf = firstKeyFile; kf != NULL; kf = kf->Next) { // Determine whether it's a security token path try { if (SecurityToken::IsKeyfilePathValid (kf->FileName)) { // Apply security token keyfile vector keyfileData; SecurityTokenKeyfilePath secPath (kf->FileName); SecurityToken::GetKeyfileData (SecurityTokenKeyfile (secPath), keyfileData); if (keyfileData.empty()) { SetLastError (ERROR_HANDLE_EOF); han
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
<meta name="keywords" content="encryption, security"/>
<link href="styles.css" rel="stylesheet" type="text/css" />
</head>
<body>

<div>                      
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
</div>

<div id="menu">
	<ul>
	  <li><a href="Home.html">Home</a></li>
	  <li><a href="/code/">Source Code</a></li>
	  <li><a href="Downloads.html">Downloads</a></li>
	  <li><a class="active" href="Documentation.html">Documentation</a></li>
	  <li><a href="Donation.html">Donate</a></li>
	  <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
	</ul>
</div>

<div>
<p>
<a href="Documentation.html">Documentation</a>           
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Miscellaneous.html">Miscellaneous</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Using%20VeraCrypt%20Without%20Administrator%20Privileges.html">Using Without Admin Rights</a>
</p></div>

<div class="wikidoc">
<div>
<h2>Using VeraCrypt Without Administrator Privileges</h2>
<p>In Windows, a user who does not have administrator privileges <em>can</em> use VeraCrypt, but only after a system administrator installs VeraCrypt on the system. The reason for that is that VeraCrypt needs a device driver to provide transparent on-the-fly
 encryption/decryption, and users without administrator privileges cannot install/start device drivers in Windows.<br>
<br>
After a system administrator installs VeraCrypt on the system, users without administrator privileges will be able to run VeraCrypt, mount/dismount any type of VeraCrypt volume, load/save data from/to it, and create file-hosted VeraCrypt volumes on the system.
 However, users without administrator privileges cannot encrypt/format partitions, cannot create NTFS volumes, cannot install/uninstall VeraCrypt, cannot change passwords/keyfiles for VeraCrypt partitions/devices, cannot backup/restore headers of VeraCrypt
 partitions/devices, and they cannot run VeraCrypt in &lsquo;portable&rsquo; mode.</p>
<div>
<table style="border-collapse:separate; border-spacing:0px; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif">
<tbody style="text-align:left">
<tr style="text-align:left">
<td style="text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; color:#ff0000; padding:15px; border:1px solid #000000">
Warning: No matter what kind of software you use, as regards personal privacy in most cases, it is
<em>not</em> safe to work with sensitive data under systems where you do not have administrator privileges, as the administrator can easily capture and copy your sensitive data, including passwords and keys.</td>
</tr>
</tbody>
</table>
<p>&nbsp;</p>
</div>
</div>
</div><div class="ClearBoth"></div></body></html>