LibreCrypt: Open-Source disk encryption for Windows

Technical Details: LibreCrypt Volumes and Keyfiles

A LibreCrypt container (regardless of whether its stored in a file or partition) consists of two things:

* A critical data block (CDB) * An encrypted partition image

The CDB may either form part of the volume, in which case it is prepended to the encrypted partition image, or it may be stored as a separate file, in which case it is referred to as a "keyfile".

Users may create any number of keyfiles for any given volume. To create a new keyfile, the user must supply either:

* An existing keyfile, and its password, etc * A volume file which has a CDB

together with its password, salt length, etc. The keyfile or volume CDB supplied will then be read in, decrypted, and re-encrypted with a new password, salt length, etc (all supplied by the user) before being written out as the new keyfile.

A full definition of the contents of a CDB/keyfile is supplied in this documentation.

• A LibreCrypt container keyfile is nothing more than a CDB, the "volume details block" of which contains the encryption details used for securing the volume it relates to
• A volume may have one or more keyfiles, in which case they all share the same data stored within their respective "volume details block", but each one is encrypted with a different user password, salt, random padding, etc - making each keyfile unique.
• Keyfiles are encrypted with the same cypher/hash that the encrypted partition image they relate to is encrypted with.