Disk Encryption program DiskCryptor fork with UEFI and Windows 10 support

Martin Brinkmann
Feb 9, 2020
Software
|
14

A fork of the disk encryption program DiskCryptor for the Windows operating system is now available as a first beta version. The fork introduces support for UEFI/GPT and Microsoft's Windows 10 operating system.

I used DiskCryptor for quite some time back when the original version was still supported. You can check out my initial guide on encrypting partitions with DiskCryptor, and the tips article on getting the most out of it.

Development ended in 2014 and while the program did work fine for a while afterwards, it soon became apparent that this resulted in some features not being supported at all. The last version of DiskCryptor was released before the initial release of Windows 10, and that version did not support UEFI either.

Now comes the fork of the project and with it support for Windows 10 and UEFI. The first beta version of DiskCryptor 1.2 is now available on the developers GitHub page. Since it is a beta version, it is advised to create backups of important data before using the application. At best, it is advised to use it on test systems only until a stable version is released.

Here is the first new build of DiskCryptor since 2014 its a fork of the project and starting with version 1.2 It comes with a UEFI compatible boot-loader and various fixes to make it work with EFI installations on GPT disks.

Another issue that you will run into is that the current bootloader is not signed for secure boot which means that secure boot needs to be disabled to use it. Additionally, since the driver needed updating, it had to be signed and the developer had to use  a"leaked core signing certificate for that". The effect is that some antivirus services, e.g. from Microsoft, Avast, AVG, and TrendMicro, flag the application as potentially malicious.

Closing Words

I liked DiskCryptor a lot, even more so after the mysterious end of the encryption software TrueCrypt. I had to switch to a different program, VeraCrypt, after I ran into issues using DiskCryptor and the realization that development ended and that these issues would not be fixed.

The fork is in an early stage of development but the lead developer managed to address several issues, support for UEFI/GPT most important already. Some issues, concerning signing and secure boot need to be addressed before the first stable version is released.

Now You: do you encrypt your disks? (via Born)

Here are the changes in the first beta version:

New:

  • EFI bootloader
  • Shim bootloader to achieve secure boot compatibility (https://habr.com/ru/post/446238/)
  • Bootloader instalation routine for GPT partitions
  • Integrated EFI bootloader instalation in the CLI
  • Disk type display to bootloader instalation dialog
  • Integrated EFI bootloader instalation in the GUI

Changed:

  • Project moved to Visual Studio 2017, using win 7 sdk for compatybility
  • Error messages now provide an error string instead of a cryptic error code

Fixed:

  • Enabled GUI high DPI awareness
  • Fixed boot partitions not being properly detected
  • Fixed driver uninstall not being able to delete dcrypt.sys
Summary
Disk Encryption program DiskCryptor fork with UEFI and Windows 10 support
Article Name
Disk Encryption program DiskCryptor fork with UEFI and Windows 10 support
Description
A fork of the disk encryption program DiskCryptor for the Windows operating system is now available as a first beta version.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. at1 said on October 31, 2020 at 10:03 pm
    Reply

    The best about Diskcryptor is speed. veraCrypt, due to some legacy I/O (because of containers support) is very slow on new SSD drives. It can be 10x slower! DiskCryptor is only a bit slower than unencrypted.
    I can’t believe there are not many people supporting DiskCryptor

  2. LeBlanc said on February 12, 2020 at 11:15 pm
    Reply

    Microsoft holds a key to Bitlocker, right? Or, am I mistaken?

  3. Trey said on February 10, 2020 at 10:59 am
    Reply

    Bitlocker and Vera, depending on the situation.

  4. albert jeremy said on February 10, 2020 at 9:49 am
    Reply

    so troublesome..
    just use bitlocker.

  5. beemeup5 said on February 10, 2020 at 9:35 am
    Reply

    Encrypting boot drives with software is a hassle and it’s inelegant and slower.

    I would just get a self-encrypting drive and apply the ATA password in BIOS/UEFI. Encryption in hardware is lightning fast and aside from entering the password at boot everything else is transparent so you never have to think about it. If someone were to take out that drive and slave it on another machine, the drive would just acknowledge that it exists but otherwise reject every read and write command until the password is entered, and since it’s self-encrypting you can’t just forcefully scan the platters or nand chips for raw data like you would do when someone forgot the password to a non-self-encrypting drive.

    Sure aside from Intel many manufacturers initially botched their self-encryption implementation but that’s now patched through firmware updates. It’s just a shame there are not many easy-to-use programs which expose the ATA functions which have existed on drives for almost as long as hard drives have existed. Most operating systems should just be able to have the user input a HDD password when in the OS environment but alas there are not many ways to do this.

    1. DropZz said on February 10, 2020 at 11:28 am
      Reply

      “Encrypting boot drives with software is a hassle and it’s inelegant and slower.”

      Maybe consider Upgrading to a CPU that isn’t from 2005 and has AES-NI…

      “I would just get a self-encrypting drive and apply the ATA password in BIOS/UEFI.”

      https://www.ghacks.net/2018/11/07/microsoft-security-advisory-for-self-encrypting-drives/

      1. beemeup5 said on February 12, 2020 at 3:42 am
        Reply

        @DropZz

        Your reading comprehension needs improvement. First sentence of my third paragraph says:

        “Sure aside from Intel many manufacturers initially botched their self-encryption implementation but that’s now patched through firmware updates.”

  6. Erick Welke said on February 10, 2020 at 4:22 am
    Reply

    A good app

  7. Jeff said on February 9, 2020 at 5:21 pm
    Reply

    Can you do a disk performance benchmark of encrypted vs unencrypted disk?

  8. Addy T. said on February 9, 2020 at 10:51 am
    Reply

    I don’t encrypt my disk (I don’t even have a user account password), but I use Truecrypt (yes, the old Truecrypt) to protect a number of files, including health-related and financial documents. (It’s probably not needed to encrypt them – nobody care for my donations and insurance.)

    I have thought about switching to Veracrypt, but it’s not a priority issue. It’s not like the CIA is having a go at random people. Even if you had do deal with law enforcement– my hunch is that if you just use Linux and format a partition with ext4, they will be too dumb to read it. It would be certainly enough to prevent your wife/husband from reading your diary, if that’s an issue.

    Encryption software is, however, very important, especially for certain professions like doctors, lawyers and political journalists (the few actual political journalists that deserve that label). Even protecting your personal pictures is a completely reasonable use, despite people seem to think OneDrive and Google Drive are great ways to back them up. (Google “face recognition sexuality” if you think so.)

    1. Peterc said on February 9, 2020 at 9:31 pm
      Reply

      @Addy L.:

      “It’s not like the CIA is having a go at random people.”

      *Exactly*. It’s the *NSA* and *GCHQ* that are having a go at random people. ;-)

    2. ***** said on February 9, 2020 at 6:42 pm
      Reply

      I’ll just put this here:

      http://truecrypt.sourceforge.net/

      Oldie but goodie:
      http://w4r3zh4ck.blogspot.com/2012/12/advanced-encryption-anti-thief-anti.html

      P.S
      USE VeraCrypt And stop talking about what you “FEEL”.

      1. if said on February 12, 2020 at 5:10 pm
        Reply

        @Addy T.

        Your hunch is correct, albeit anecdotally with a broken boot. Likewise your use of the good old 7.1a, impenetrable in modern field testing, randomness is very advantageous in this area.

      2. Cor said on February 10, 2020 at 6:45 pm
        Reply

        TrueCrypt 7.2 (first link) isn’t considered safe to use. Check out https://github.com/truecrypt/truecrypt or https://github.com/AuditProject/truecrypt-verified-mirror for TrueCrypt 7.1a instead.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.