LibreCrypt: Open-Source disk encryption for Windows
The latest version of this document can be found at the LibreCrypt project site
LibreCrypt comes complete with command line software which may be used to decrypt encrypted containers (provided the correct decryption key is known).
This software is designed to fulfil two main objectives:
In addition it provides an extra insurance that data will be recoverable, because it is written in the portable C language, and uses minimal OS calls, it is less likely to need modification with later versions of Windows.
Functionally, this software has one task: to decrypt the encrypted partition area of container files and to write out the plaintext version for examination.
This software is considerably easier to understand than the kernel mode drivers, and does not require the Microsoft SDK/DDK to be present. As a result, any competent software engineer should be able to confirm that data is being encrypted correctly by the LibreCrypt software. This makes it possible to review and test the cryptographic code in isolation and verify both that it is identical to that used by the source libraries, and that it correctly implements the algorithm.
This software is not intended for general public use, but by those who understand and can write C. In order to use it, modifications to the source code will most probably be required (to change the decryption keys used, if nothing else). For this purpose, the command line decryption utilities are not released in binary form, only as source code which must be compiled by the user.
Each of the command line decryption utilities is designed to operate in the following manner:
Please note:
At time of writing, although a separate command line decryption utility to decode a container's CDB/keyfiles has not been implemented, the LibreCrypt GUI does incorporate this functionality allowing developers to extract all of the information required contained within a CDB/keyfile. (Note: For obvious reasons, this requires the container's password and all other details that are required to use the CDB are known - it is simply not possible to decrypt this information otherwise)