We design Mac hardware and software with advanced technologies that work together to run apps more securely, protect your data, and help keep you safe on the web. And with macOS Big Sur available as a free upgrade, it’s easy to get the most secure version of macOS for your Mac.*
AutoKrypt for Mac OS X v.9.09 AutoKrypt is an encryption software designed for automation that will automatically encrypt or decrypt files and folders. AutoKrypt's encryption methods include password based, public and private key, secret key, OpenPGP password, OpenPGP public and.; The Lemur Project v.5.1 The Lemur Project develops search engines, browser toolbars, text analysis tools,. Free download PGP PGP for Mac OS X. PGP® Whole Disk Encryption from Symantec provides organizations with comprehensive, high performance full disk encryption for all data (user files, swap files, system files, hidden files, etc. Nov 21, 2020 Free download PGP PGP for Mac OS X. PGP® Whole Disk Encryption from Symantec provides organizations with comprehensive, high performance full disk encryption for all data (user files, swap files, system files, hidden files, etc. Out of all the Encryption Software, FileVault 2 Considered as the best one for the Mac OS systems. Jan 29, 2020 Concealer is a file encryption program specifically for Apple Mac computers. Rather than encrypt all files on your harddrive, instead it provides an encrypted area for you to drag files into.
Apple M1 chip.
A shared architecture for security.
The Apple M1 chip with built-in Secure Enclave brings the same powerful security capabilities of iPhone to Mac — protecting your login password, automatically encrypting your data, and powering file-level encryption so you stay safe. And the Apple M1 chip keeps macOS secure while it’s running, just as iOS has protected iPhone for years.
Apple helps you keep your Mac secure with software updates.
The best way to keep your Mac secure is to run the latest software. When new updates are available, macOS sends you a notification — or you can opt in to have updates installed automatically when your Mac is not in use. macOS checks for new updates every day and starts applying them in the background, so it’s easier and faster than ever to always have the latest and safest version.
Protection starts at the core.
The technically sophisticated runtime protections in macOS work at the very core of your Mac to keep your system safe from malware. This starts with state-of-the-art antivirus software built in to block and remove malware. Technologies like XD (execute disable), ASLR (address space layout randomization), and SIP (system integrity protection) make it difficult for malware to do harm, and they ensure that processes with root permission cannot change critical system files.
Download apps safely from the Mac App Store. And the internet.
Now apps from both the App Store and the internet can be installed worry-free. App Review makes sure each app in the App Store is reviewed before it’s accepted. Gatekeeper on your Mac ensures that all apps from the internet have already been checked by Apple for known malicious code — before you run them the first time. If there’s ever a problem with an app, Apple can quickly stop new installations and even block the app from launching again.
Stay in control of what data apps can access.
Apps need your permission to access files in your Documents, Downloads, and Desktop folders as well as in iCloud Drive and external volumes. And you’ll be prompted before any app can access the camera or mic, capture keyboard activity, or take a photo or video of your screen.
FileVault 2 encrypts your data.
With FileVault 2, your data is safe and secure — even if your Mac falls into the wrong hands. FileVault 2 encrypts the entire drive on your Mac, protecting your data with XTS-AES 128 encryption. Mac computers built on the Apple M1 chip take data protection even further by using dedicated hardware to protect your login password and enabling file-level encryption, which developers can take advantage of — just as on iPhone.
Designed to protect your privacy.
Online privacy isn’t just something you should hope for — it’s something you should expect. That’s why Safari comes with powerful privacy protection technology built in, including Intelligent Tracking Prevention that identifies trackers and helps prevent them from profiling or following you across the web. A new weekly Privacy Report on your start page shows how Safari protects you as you browse over time. Or click the Privacy Report button in your Safari toolbar for an instant snapshot of the cross-site trackers Safari is actively preventing on that web page.
Automatic protections from intruders.
Safari uses iCloud Keychain to securely store your passwords across all your devices. If it ever detects a security concern, Password Monitoring will alert you. Safari also prevents suspicious websites from loading and warns you if they’re detected. And because it runs web pages in separate processes, any harmful code is confined to a single browser tab and can’t crash the whole browser or access your data.
Find your missing Mac with Find My.
The Find My app can help you locate a missing Mac — even if it’s offline or sleeping — by sending out Bluetooth signals that can be detected by nearby Apple devices. These devices then relay the detected location of your Mac to iCloud so you can locate it. It’s all anonymous and encrypted end-to-end so no one — including Apple — knows the identity of any reporting device or the location of your Mac. And it all happens silently using tiny bits of data that piggyback on existing network traffic. So there’s no need to worry about your battery life, your data usage, or your privacy being compromised.
Keep your Mac safe.
Even if it’s in the wrong hands.
All Mac systems built on the Apple M1 chip or with the Apple T2 Security Chip support Activation Lock, just like your iPhone or iPad. So if your Mac is ever misplaced or lost, the only person who can erase and reactivate it is you.
macOS Security
This document is not guaranteed to be error-free and is provided 'as is' without warranty of any kind. For more information, see Disclaimers.
I forgot my password – is there any way ('backdoor') to recover the files from my VeraCrypt volume?
We have not implemented any 'backdoor' in VeraCrypt (and will never implement any even if asked to do so by a government agency), because it would defeat the purpose of the software. VeraCrypt does not allow decryption of data without knowing the correct password or key. We cannot recover your data because we do not know and cannot determine the password you chose or the key you generated using VeraCrypt. The only way to recover your files is to try to 'crack' the password or the key, but it could take thousands or millions of years (depending on the length and quality of the password or keyfiles, on the software/hardware performance, algorithms, and other factors). If you find this hard to believe, consider the fact that VeraCrypt offers much stronger security than TrueCrypt and in 2010 even the FBI was not able to decrypt a VeraCrypt volume after a year of trying.
Is there a 'Quick Start Guide' or some tutorial for beginners?
Yes. The first chapter, Beginner's Tutorial, in the VeraCrypt User Guide contains screenshots and step-by-step instructions on how to create, mount, and use a VeraCrypt volume.
Can I encrypt a partition/drive where Windows is installed?
Yes, see the chapter System Encryption in the VeraCrypt User Guide.
Can I directly play a video (.avi, .mpg, etc.) stored on a VeraCrypt volume?
Yes, VeraCrypt-encrypted volumes are like normal disks. You provide the correct password (and/or keyfile) and mount (open) the VeraCrypt volume. When you double click the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, VeraCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) and the process repeats.
The same goes for video recording: Before a chunk of a video file is written to a VeraCrypt volume, VeraCrypt encrypts it in RAM and then writes it to the disk. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).
The same goes for video recording: Before a chunk of a video file is written to a VeraCrypt volume, VeraCrypt encrypts it in RAM and then writes it to the disk. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).
Yes, it will. We will never create a commercial version of VeraCrypt, as we believe in open-source and free security software.
Is it possible to donate to the VeraCrypt project?
Yes. From outside the US, you can click here. For US residents, you have to use this link instead. Because of Paypal restrictions on donations coming from the US, we have to create a specific link for donation coming from the US.
Why is VeraCrypt open-source? What are the advantages?
As the source code for VeraCrypt is publicly available, independent researchers can verify that the source code does not contain any security flaw or secret 'backdoor'. If the source code were not available, reviewers would need to reverse-engineer the executable files. However, analyzing and understanding such reverse-engineered code is so difficult that it is practically impossible to do (especially when the code is as large as the VeraCrypt code).
Remark: A similar problem also affects cryptographic hardware (for example, a self-encrypting storage device). It is very difficult to reverse-engineer it to verify that it does not contain any security flaw or secret 'backdoor'.
Remark: A similar problem also affects cryptographic hardware (for example, a self-encrypting storage device). It is very difficult to reverse-engineer it to verify that it does not contain any security flaw or secret 'backdoor'.
VeraCrypt is open-source, but has anybody actually reviewed the source code?
Yes. In fact, the source code is constantly being reviewed by many independent researchers and users. We know this because many bugs and several security issues have been discovered by independent researchers while reviewing the source code. Moreover, VeraCrypt is based on TrueCrypt which was independently audited by the Open Crypto Audit project and all the major issues discovered by this audit were fixed in VeraCrypt. The report of the audit can be found here. For a list of the issues that were fixed in VeraCrypt, you click here
As VeraCrypt is open-source software, independent researchers can verify that the source code does not contain any security flaw or secret 'backdoor'. Can they also verify that the official executable files were built from the published source code and contain no additional code?
Yes, they can. In addition to reviewing the source code, independent researchers can compile the source code and compare the resulting executable files with the official ones. They may find some differences (for example, timestamps or embedded digital signatures) but they can analyze the differences and verify that they do not form malicious code.
You have two options:
- Encrypt the entire USB flash drive. However, you will not be able run VeraCrypt from the USB flash drive.
Note: Windows does not support multiple partitions on USB flash drives. - Create a VeraCrypt file container on the USB flash drive (for information on how to do so, see the chapter Beginner's Tutorial, in the VeraCrypt User Guide). If you leave enough space on the USB flash drive (choose an appropriate size for the VeraCrypt container), you will also be able to store VeraCrypt on the USB flash drive (along with the container – not in the container) and you will be able to run VeraCrypt from the USB flash drive (see also the chapter Portable Mode in the VeraCrypt User Guide).
Does VeraCrypt also encrypt file names and folder names?
Yes. The entire file system within a VeraCrypt volume is encrypted (including file names, folder names, and contents of every file). This applies to both types of VeraCrypt volumes – i.e., to file containers (virtual VeraCrypt disks) and to VeraCrypt-encrypted partitions/devices.
Yes. Increase in encryption/decryption speed is directly proportional to the number of cores/processors your computer has. For more information, please see the chapter Parallelization in the documentation.
Can data be read from and written to an encrypted volume/drive as fast as if the drive was not encrypted?
Yes, since VeraCrypt uses pipelining and parallelization. For more information, please see the chapters Pipelining and Parallelization in the documentation.
Does VeraCrypt support hardware-accelerated encryption?
Yes. For more information, please see the chapter Hardware Acceleration in the documentation.
Is it possible to boot Windows installed in a hidden VeraCrypt volume?
Yes, it is. For more information, please see the section Hidden Operating System in the documentation.
Will I be able to mount my VeraCrypt volume (container) on any computer?
Yes, VeraCrypt volumes are independent of the operating system. You will be able to mount your VeraCrypt volume on any computer on which you can run VeraCrypt (see also the question 'Can I use VeraCrypt on Windows if I do not have administrator privileges?').
Can I unplug or turn off a hot-plug device (for example, a USB flash drive or USB hard drive) when there is a mounted VeraCrypt volume on it?
Before you unplug or turn off the device, you should always dismount the VeraCrypt volume in VeraCrypt first, and then perform the 'Eject' operation if available (right-click the device in the 'Computer' or 'My Computer' list), or use the 'Safely Remove Hardware' function (built in Windows, accessible via the taskbar notification area). Otherwise, data loss may occur.
See the section Hidden Operating System in the documentation.
See the chapter Plausible Deniability in the documentation.
Will I be able to mount my VeraCrypt partition/container after I reinstall or upgrade the operating system?
Yes, VeraCrypt volumes are independent of the operating system. However, you need to make sure your operating system installer does not format the partition where your VeraCrypt volume resides.
Note: If the system partition/drive is encrypted and you want to reinstall or upgrade Windows, you need to decrypt it first (select System > Permanently Decrypt System Partition/Drive). However, a running operating system can be updated (security patches, service packs, etc.) without any problems even when the system partition/drive is encrypted.
Note: If the system partition/drive is encrypted and you want to reinstall or upgrade Windows, you need to decrypt it first (select System > Permanently Decrypt System Partition/Drive). However, a running operating system can be updated (security patches, service packs, etc.) without any problems even when the system partition/drive is encrypted.
Can I upgrade from an older version of VeraCrypt to the latest version without any problems?
Generally, yes. However, before upgrading, please read the release notes for all versions of VeraCrypt that have been released since your version was released. If there are any known issues or incompatibilities related to upgrading from your version to a newer one, they will be listed in the release notes.
Can I upgrade VeraCrypt if the system partition/drive is encrypted or do I have to decrypt it first?
Generally, you can upgrade to the latest version without decrypting the system partition/drive (just run the VeraCrypt installer and it will automatically upgrade VeraCrypt on the system). However, before upgrading, please read the release notes for all versions of VeraCrypt that have been released since your version was released. If there are any known issues or incompatibilities related to upgrading from your version to a newer one, they will be listed in the release notes. Note that this FAQ answer is also valid for users of a hidden operating system. Also note that you cannot downgrade VeraCrypt if the system partition/drive is encrypted.
I use pre-boot authentication. Can I prevent a person (adversary) that is watching me start my computer from knowing that I use VeraCrypt?
Yes. To do so, boot the encrypted system, start VeraCrypt, select Settings > System Encryption, enable the option 'Do not show any texts in the pre-boot authentication screen' and click OK. Then, when you start the computer, no texts will be displayed by the VeraCrypt boot loader (not even when you enter the wrong password). The computer will appear to be 'frozen' while you can type your password. It is, however, important to note that if the adversary can analyze the content of the hard drive, he can still find out that it contains the VeraCrypt boot loader.
I use pre-boot authentication. Can I configure the VeraCrypt Boot Loader to display only a fake error message?
Yes. To do so, boot the encrypted system, start VeraCrypt, select Settings > System Encryption, enable the option 'Do not show any texts in the pre-boot authentication screen' and enter the fake error message in the corresponding field (for example, the 'Missing operating system' message, which is normally displayed by the Windows boot loader if it finds no Windows boot partition). It is, however, important to note that if the adversary can analyze the content of the hard drive, he can still find out that it contains the VeraCrypt boot loader.
Can I configure VeraCrypt to mount automatically whenever Windows starts a non-system VeraCrypt volume that uses the same password as my system partition/drive (i.e. my pre-boot authentication password)?
- Mount the volume (to the drive letter to which you want it to be mounted every time).
- Right-click the mounted volume in the drive list in the main VeraCrypt window and select 'Add to System Favorites'.
- The System Favorites Organizer window should appear now. In this window, enable the option 'Mount system favorite volumes when Windows starts' and click OK.
For more information, see the chapter System Favorite Volumes.
Can a volume be automatically mounted whenever I log on to Windows?
- Mount the volume (to the drive letter to which you want it to be mounted every time).
- Right-click the mounted volume in the drive list in the main VeraCrypt window and select 'Add to Favorites'.
- The Favorites Organizer window should appear now. In this window, enable the option 'Mount selected volume upon logon' and click OK.
Then, when you log on to Windows, you will be asked for the volume password (and/or keyfiles) and if it is correct, the volume will be mounted.
Alternatively, if the volumes are partition/device-hosted and if you do not need to mount them to particular drive letters every time, you can follow these steps:
Alternatively, if the volumes are partition/device-hosted and if you do not need to mount them to particular drive letters every time, you can follow these steps:
- Select Settings > Preferences. The Preferences window should appear now.
- In the section 'Actions to perform upon logon to Windows', enable the option 'Mount all devices-hosted VeraCrypt volumes' and click OK.
Note: VeraCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (Settings > 'System Encryption') and the volumes use the same password as the system partition/drive.
Can a volume be automatically mounted whenever its host device gets connected to the computer?
Yes. For example, if you have a VeraCrypt container on a USB flash drive and you want VeraCrypt to mount it automatically when you insert the USB flash drive into the USB port, follow these steps:
- Mount the volume (to the drive letter to which you want it to be mounted every time).
- Right-click the mounted volume in the drive list in the main VeraCrypt window and select 'Add to Favorites'.
- The Favorites Organizer window should appear now. In this window, enable the option 'Mount selected volume when its host device gets connected' and click OK.
Then, when you insert the USB flash drive into the USB port, you will be asked for the volume password (and/or keyfiles) (unless it is cached) and if it is correct, the volume will be mounted.
Note: VeraCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (Settings > 'System Encryption') and the volume uses the same password as the system partition/drive.
Note: VeraCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (Settings > 'System Encryption') and the volume uses the same password as the system partition/drive.
Can my pre-boot authentication password be cached so that I can use it mount non-system volumes during the session?
Yes. Select Settings > 'System Encryption' and enable the following option: 'Cache pre-boot authentication password in driver memory'.
Best Encryption Software 2017
I live in a country that violates basic human rights of its people. Is it possible to use VeraCrypt without leaving any 'traces' on unencrypted Windows?
Yes. This can be achieved by running VeraCrypt in portable mode under BartPE or in a similar environment. BartPE stands for 'Bart's Preinstalled Environment', which is essentially the Windows operating system prepared in a way that it can be entirely stored on and booted from a CD/DVD (registry, temporary files, etc., are stored in RAM – hard drive is not used at all and does not even have to be present). The freeware Bart's PE Builder can transform a Windows XP installation CD into a BartPE CD. Note that you do not even need any special VeraCrypt plug-in for BartPE. Follow these steps:
- Create a BartPE CD and boot it. (Note: You must perform each of the following steps from within BartPE.)
- Download the VeraCrypt self-extracting package to the RAM disk (which BartPE automatically creates).
Note: If the adversary can intercept data you send or receive over the Internet and you need to prevent the adversary from knowing you downloaded VeraCrypt, consider downloading it via I2P, Tor, or a similar anonymizing network. - Verify the digital signatures of the downloaded file (see this section of the documentation for more information).
- Run the downloaded file, and select Extract (instead of Install) on the second page of the VeraCrypt Setup wizard. Extract the contents to the RAM disk.
- Run the file VeraCrypt.exe from the RAM disk.
Note: You may also want to consider creating a hidden operating system (see the section Hidden Operating System in the documentation). See also the chapter Plausible Deniability.
Can I encrypt my system partition/drive if I don't have a US keyboard?
Can I save data to the decoy system partition without risking damage to the hidden system partition?
Yes. You can write data to the decoy system partition anytime without any risk that the hidden volume will get damaged (because the decoy system is not installed within the same partition as the hidden system). For more information, see the section Hidden Operating System in the documentation.
Can I use VeraCrypt on Windows if I do not have administrator privileges?
See the chapter 'Using VeraCrypt Without Administrator Privileges' in the documentation.
No.
How does VeraCrypt verify that the correct password was entered?
See the section Encryption Scheme (chapter Technical Details) in the documentation.
Can I encrypt a partition/drive without losing the data currently stored on it?
- If you want to encrypt an entire system drive (which may contain multiple partitions) or a system partition (in other words, if you want to encrypt a drive or partition where Windows is installed), you can do so provided that you use VeraCrypt 5.0 or later and that you use Windows XP or a later version of Windows (such as Windows 7) (select 'System' > 'Encrypt System Partition/Drive' and then follow the instructions in the wizard).
- If you want to encrypt a non-system partition in place, you can do so provided that it contains an NTFS filesystem, that you use VeraCrypt 6.1 or later, and that you use Windows Vista or a later version of Windows (for example, Windows 7) (click 'Create Volume' > 'Encrypt a non-system partition' > 'Standard volume' > 'Select Device' > 'Encrypt partition in place' and then follow the instructions in the wizard).
Can I run VeraCrypt if I don't install it?
Yes, see the chapter Portable Mode in the VeraCrypt User Guide.
Some encryption programs use TPM to prevent attacks. Will VeraCrypt use it too?
No. Those programs use TPM to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer, and the attacker needs you to use the computer after such an access. However, if any of these conditions is met, it is actually impossible to secure the computer (see below) and, therefore, you must stop using it (instead of relying on TPM).
If the attacker has administrator privileges, he can, for example, reset the TPM, capture the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer).
If the attacker can physically access the computer hardware (and you use it after such an access), he can, for example, attach a malicious component to it (such as a hardware keystroke logger) that will capture the password, the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer again).
The only thing that TPM is almost guaranteed to provide is a false sense of security (even the name itself, 'Trusted Platform Module', is misleading and creates a false sense of security). As for real security, TPM is actually redundant (and implementing redundant features is usually a way to create so-called bloatware).
For more information, please see the sections Physical Security and Malware in the documentation.
If the attacker has administrator privileges, he can, for example, reset the TPM, capture the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer).
If the attacker can physically access the computer hardware (and you use it after such an access), he can, for example, attach a malicious component to it (such as a hardware keystroke logger) that will capture the password, the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer again).
The only thing that TPM is almost guaranteed to provide is a false sense of security (even the name itself, 'Trusted Platform Module', is misleading and creates a false sense of security). As for real security, TPM is actually redundant (and implementing redundant features is usually a way to create so-called bloatware).
For more information, please see the sections Physical Security and Malware in the documentation.
Do I have to dismount VeraCrypt volumes before shutting down or restarting Windows?
No. VeraCrypt automatically dismounts all mounted VeraCrypt volumes on system shutdown/restart.
Which type of VeraCrypt volume is better – partition or file container?
File containers are normal files so you can work with them as with any normal files (file containers can be, for example, moved, renamed, and deleted the same way as normal files). Partitions/drives may be better as regards performance. Note that reading and writing to/from a file container may take significantly longer when the container is heavily fragmented. To solve this problem, defragment the file system in which the container is stored (when the VeraCrypt volume is dismounted).
What's the recommended way to back up a VeraCrypt volume?
See the chapter How to Back Up Securely in the documentation.
What will happen if I format a VeraCrypt partition?
See the question 'Is it possible to change the file system of an encrypted volume?'
Is it possible to change the file system of an encrypted volume?
Yes, when mounted, VeraCrypt volumes can be formatted as FAT12, FAT16, FAT32, NTFS, or any other file system. VeraCrypt volumes behave as standard disk devices so you can right-click the device icon (for example in the 'Computer' or 'My Computer' list) and select 'Format'. The actual volume contents will be lost. However, the whole volume will remain encrypted. If you format a VeraCrypt-encrypted partition when the VeraCrypt volume that the partition hosts is not mounted, then the volume will be destroyed, and the partition will not be encrypted anymore (it will be empty).
Is it possible to mount a VeraCrypt container that is stored on a CD or DVD?
Yes. However, if you need to mount a VeraCrypt volume that is stored on a read-only medium (such as a CD or DVD) under Windows 2000, the file system within the VeraCrypt volume must be FAT (Windows 2000 cannot mount an NTFS file system on read-only media).
Is it possible to change the password for a hidden volume?
Yes, the password change dialog works both for standard and hidden volumes. Just type the password for the hidden volume in the 'Current Password' field of the 'Volume Password Change' dialog.
Remark: VeraCrypt first attempts to decrypt the standard volume header and if it fails, it attempts to decrypt the area within the volume where the hidden volume header may be stored (if there is a hidden volume within). In case it is successful, the password change applies to the hidden volume. (Both attempts use the password typed in the 'Current Password' field.)
When I use HMAC-RIPEMD-160, is the size of the header encryption key only 160 bits?
No, VeraCrypt never uses an output of a hash function (nor of a HMAC algorithm) directly as an encryption key. See the section Header Key Derivation, Salt, and Iteration Count in the documentation for more information.
How do I burn a VeraCrypt container larger than 2 GB onto a DVD?
The DVD burning software you use should allow you to select the format of the DVD. If it does, select the UDF format (ISO format does not support files larger than 2 GB).
Can I use tools like chkdsk, Disk Defragmenter, etc. on the contents of a mounted VeraCrypt volume?
Yes, VeraCrypt volumes behave like real physical disk devices, so it is possible to use any filesystem checking/repairing/defragmenting tools on the contents of a mounted VeraCrypt volume.
Does VeraCrypt support 64-bit versions of Windows?
Yes, it does. Note: 64-bit versions of Windows load only drivers that are digitally signed with a digital certificate issued by a certification authority approved for issuing kernel-mode code signing certificates. VeraCrypt complies with this requirement (the VeraCrypt driver is digitally signed with the digital certificate of IDRIX, which was issued by the certification authority Thawte).
Can I mount my VeraCrypt volume under Windows, Mac OS X, and Linux?
Is there a list of all operating systems that VeraCrypt supports?
Yes, see the chapter Supported Operating Systems in the VeraCrypt User Guide.
Is it possible to install an application to a VeraCrypt volume and run it from there?
What will happen when a part of a VeraCrypt volume becomes corrupted?
In encrypted data, one corrupted bit usually corrupts the whole ciphertext block in which it occurred. The ciphertext block size used by VeraCrypt is 16 bytes (i.e., 128 bits). The mode of operation used by VeraCrypt ensures that if data corruption occurs within a block, the remaining blocks are not affected. See also the question 'What do I do when the encrypted filesystem on my VeraCrypt volume is corrupted?
What do I do when the encrypted filesystem on my VeraCrypt volume is corrupted?
File system within a VeraCrypt volume may become corrupted in the same way as any normal unencrypted file system. When that happens, you can use filesystem repair tools supplied with your operating system to fix it. In Windows, it is the 'chkdsk' tool. VeraCrypt provides an easy way to use this tool on a VeraCrypt volume: Right-click the mounted volume in the main VeraCrypt window (in the drive list) and from the context menu select 'Repair Filesystem'.
We use VeraCrypt in a corporate/enterprise environment. Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?
Yes. Note that there is no 'backdoor' implemented in VeraCrypt. However, there is a way to 'reset' volume passwords/keyfiles and pre-boot authentication passwords. After you create a volume, back up its header to a file (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can 'reset' the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header from the backup file (Tools -> Restore Volume Header).
Similarly, you can reset a pre-boot authentication password. To create a backup of the master key data (that will be stored on a VeraCrypt Rescue Disk and encrypted with your administrator password), select 'System' > 'Create Rescue Disk'. To set a user pre-boot authentication password, select 'System' > 'Change Password'. To restore your administrator password, boot the VeraCrypt Rescue Disk, select 'Repair Options' > 'Restore key data' and enter your administrator password.
Note: It is not required to burn each VeraCrypt Rescue Disk ISO image to a CD/DVD. You can maintain a central repository of ISO images for all workstations (rather than a repository of CDs/DVDs). For more information see the section Command Line Usage (option /noisocheck).
Similarly, you can reset a pre-boot authentication password. To create a backup of the master key data (that will be stored on a VeraCrypt Rescue Disk and encrypted with your administrator password), select 'System' > 'Create Rescue Disk'. To set a user pre-boot authentication password, select 'System' > 'Change Password'. To restore your administrator password, boot the VeraCrypt Rescue Disk, select 'Repair Options' > 'Restore key data' and enter your administrator password.
Note: It is not required to burn each VeraCrypt Rescue Disk ISO image to a CD/DVD. You can maintain a central repository of ISO images for all workstations (rather than a repository of CDs/DVDs). For more information see the section Command Line Usage (option /noisocheck).
Can our commercial company use VeraCrypt free of charge?
Provided that you comply with the terms and conditions of the VeraCrypt License, you can install and run VeraCrypt free of charge on an arbitrary number of your computers.
We share a volume over a network. Is there a way to have the network share automatically restored when the system is restarted?
Please see the chapter 'Sharing over Network' in the VeraCrypt User Guide.
It is possible to access a single VeraCrypt volume simultaneously from multiple operating systems (for example, a volume shared over a network)?
Please see the chapter 'Sharing over Network' in the VeraCrypt User Guide.
Can a user access his or her VeraCrypt volume via a network?
Please see the chapter 'Sharing over Network' in the VeraCrypt User Guide.
I encrypted a non-system partition, but its original drive letter is still visible in the 'My Computer' list. When I double click this drive letter, Windows asks if I want to format the drive. Is there a way to hide or free this drive letter?
- Right-click the 'Computer' (or 'My Computer') icon on your desktop or in the Start Menu and select Manage. The 'Computer Management' window should appear.
- From the list on the left, select 'Disk Management' (within the Storage sub-tree).
- Right-click the encrypted partition/device and select Change Drive Letter and Paths.
- Click Remove.
- If Windows prompts you to confirm the action, click Yes.
When I plug in my encrypted USB flash drive, Windows asks me if I want to format it. Is there a way to prevent that?
Yes, but you will need to remove the drive letter assigned to the device. For information on how to do so, see the question 'I encrypted a non-system partition, but its original drive letter is still visible in the 'My Computer' list.'
How do I remove or undo encryption if I do not need it anymore? How do I permanently decrypt a volume?
Please see the section 'How to Remove Encryption' in the VeraCrypt User Guide.
Encryption Software Mac Os X Freeware Games
What will change when I enable the option 'Mount volumes as removable media'?
Please see the section 'Volume Mounted as Removable Medium' in the VeraCrypt User Guide.
Is the online documentation available for download as a single file?
Yes, the documentation is contained in the file VeraCrypt User Guide.pdf that is included in all official VeraCrypt distribution packages. Note that you do not have to install VeraCrypt to obtain the PDF documentation. Just run the self-extracting installation package and then select Extract (instead of Install) on the second page of the VeraCrypt Setup wizard. Also note that when you do install VeraCrypt, the PDF documentation is automatically copied to the folder to which VeraCrypt is installed, and is accessible via the VeraCrypt user interface (by pressing F1 or choosing Help > User's Guide).
Do I have to 'wipe' free space and/or files on a VeraCrypt volume?
Remark: to 'wipe' = to securely erase; to overwrite sensitive data in order to render them unrecoverable.
If you believe that an adversary will be able to decrypt the volume (for example that he will make you reveal the password), then the answer is yes. Otherwise, it is not necessary, because the volume is entirely encrypted.
If you believe that an adversary will be able to decrypt the volume (for example that he will make you reveal the password), then the answer is yes. Otherwise, it is not necessary, because the volume is entirely encrypted.
How does VeraCrypt know which encryption algorithm my VeraCrypt volume has been encrypted with?
Please see the section Encryption Scheme (chapter Technical Details) in the documentation.
I haven't found any answer to my question in the FAQ – what should I do?
Please search the VeraCrypt documentation and website.