LibreCrypt: Open-Source disk encryption for Windows
LibreCrypt/LibreCrypt Explorer comes in a number of parts:
Test Apps
A number of command line decryption utilities, also written in C.
This is a description for Delphi newbies of the basic steps involved in compiling the LibreCrypt GUI.
To build the GUI, the following software is required:
Delphi (Embarcadero Delphi XE2 or later, is recommended. Earlier/later versions may possibly be used, but are untested)
The SDeanUtilsXE package, included in the project source.
The FastMM memory manager, from (http://sourceforge.net/projects/fastmm/](http://sourceforge.net/projects/fastmm/). This wipes memory after use. The binary release of this software was built with Embarcadero Delphi XE2.
Open the SDeanUtilsXE package
Open the LibreCrypt project, "LibreCrypt.dproj" under .\src\PC\gui\main
If you have the dxgettext software installed (see above), ensure that the compiler directive "_DXGETTEXT" is set. Otherwise, make sure that this compiler directive is not set.
Build the project.
You should now find a file called "LibreCrypt.exe" in the directory '.\bin\PC'
You have now successfully built the GUI frontend
If required, the compiler definition "FREEOTFE_TIME_CDB_DUMP" may be set, in which case the time taken to dump a CDB ("Tools | Critical data block | Dump to human readable file...") will be shown after the dump completes.
It is not necessary to do a full install of dxgettext to build with i18n support. Instead you can just add the file gnugettext.pas to the project. In order to update any translations, however dxgettext must be installed.
After any changes to the strings in the GUI, the translation files (.po) should be updated, and compiled into .mo files.
The process for updating translations is:
* Extract the default.po file from the source or executable.
* Remove any strings that need not be translated
* Update or create each locale .po file with the translations
* Compile the .po files into .mo files.
Extracting the strings from the sources is preferred. Updating or creating the .po files is done by the translators. For the convenience of translators, the English .po file is distributed with the executable, although it is not used. The ignore.po file should also be regenerated if there are a lot of changes to the source - see the msgmkignore command
"c:\Program Files (x86)\dxgettext\dxgettext.exe" -r -b src/PC/gui/ --delphi -o bin/PC/locale/en/LC_MESSAGES
This assumes that dxgettext is installed at c:\Program Files (x86)\dxgettext\
Note that the relative paths use a forward slash as a path separater
This command will give warnings for code like : _(self.Caption)
- however these can be ignored as these strings will be found in the .dfm"c:\Program Files (x86)\dxgettext\dxgettext.exe" bin/PC/LibreCrypt.exe -o bin/PC/locale/en/LC_MESSAGES
This assumes that dxgettext is installed at c:\Program Files (x86)\dxgettext\
Note that the relative paths use a forward slash as a path separater"c:\Program Files (x86)\dxgettext\msgremove.exe" bin/PC/locale/en/LC_MESSAGES/full.po -i src/PC/gui/translation/ignore.po -o bin/PC/locale/en/LC_MESSAGES/default.po
"c:\Program Files (x86)\dxgettext\msgfmt.exe" src/PC/gui/translation/de/default.po -o bin/PC/locale/de/LC_MESSAGES/default.mo
This assumes that dxgettext is installed at c:\Program Files (x86)\dxgettext\
Note that the relative paths use a forward slash as a path separater
It is also possible to do this from Windows Explorer - see (translations)[translations.md].
There is a bat file under 'tools' - update_mo_files.bat
- that compiles all the .mo files. The kernel mode drivers implement the actual hash, encryption/decryption and main FreeOTFE drivers.
To build these drivers, the following software is required:
The binary release of this software was built with Microsoft Visual Studio 2010 Professional Edition.
At time of writing, the MS Windows SDK can be downloaded from the Microsoft WWW site. The MS Windows DDK (also called the 'WDK') is available as a download cd image, and can be ordered from the Microsoft WWW site as a free CD, for the cost of delivery.
If you are unable to source the exact versions listed above, earlier versions may well be substituted, although I cannot guarantee success. Later versions should operate correctly. This list describes the environment used to build the release version of LibreCrypt. The versions used are:
Visual Studio | 2010 Professional |
Windows Driver Development Kit (WinDDK) | 7600.16385.1 |
lib tomcrypt | 1.17 |
Gladman library | downloaded on 04/12/05 |
Twofish library | Version 1.00 April 1998 |
dxgettext | GNU gettext for Delphi, C++ Builder and Kylix 1.2 beta |
The following list comprehensively describes the configuration used to build the binary release of LibreCrypt. Feel free to adjust according to taste - a number of the options listed are not necessary, and are only included for completeness...
Put a copy of "vcvarsall.bat" into one of the directories in your path
Configure the VS editor:
Install the MS Windows SDK with the following options:
Then install the debugging tools for windows
Do not register environment variables (we'll use "Setenv.bat" from the command line)
Install the MS Windows DDK with the following options:
Install in C:\WINDDK\3790
Edit "setup_env_common.bat" (located under src\drivers\Common\bin), and ensure that the following variables are set appropriately: Variables in bold will probably need to be manually changed, depending on the user's setup
Variable | Description | Default value |
---|---|---|
FREEOTFECPU | The target platform to build the drivers for. Set to either x86 or amd64, only necesary if buildallamd and buildallx86 are not used | amd64 |
FREEOTFE_DEBUG | Build type flag; set to 1 for debug build, or 0 for release | 0 |
FREEOTFE_TARGET | Target OS to build for; e.g. WXP/W2K/WNET; note that W2K builds will not operate correctly under Windows XP (e.g. when formatting a volume) | WXP |
PROJECT_DRIVE | The drive on which you have stored the LibreCrypt source | <The drive the config batch file is stored on> |
PROJECT_DIR | The full drive and path where the "drivers" directory is located | <see file> |
BINOUTPUT_DIR | The path where the built drivers will be copied to. This directory will automatically be created if it does not already exist. | /<"bin" directory at the same level as the main "src" directory>/ |
VCVARSALL | The full path and filename to Visual Studio's VCVARSALL.BAT (or vcvar32.bat, if building with an old version) | "C:\PROGRA~2\Microsoft Visual Studio 10.0\VC\vcvarsall.bat" |
MSSDK_DIR | The directory in which you installed the Microsoft SDK. Set to 0 if not needed (e.b. Visual Studio 8.0 and later) | C:\MSSDK |
MSDDK_DIR | The directory in which you installed the MS DDK | C:\Apps\WinDDK\7600.16385.1 |
Edit "setup_env_driver.bat" (in the same directory), and ensure that "SETENV.BAT" is called with the parameters appropriate to the type of build you wish to create, and that "FREEOTFE_OUTPUT_DIR" is set to the appropriate directory under the source directories where the build executable places the files it creates (this shouldn't be needed as it will happen automatically if the above are configured correctly)
Some of the FreeOTFE drivers (the hash/encryptions drivers in particular) are dependant on certain 3rd party software being installed. LibreCrypt's source code comes complete with 3rd party included in GitHUb under the"src\3rd_party" directory and should be preconfigured, ready for use.
Alternatively, you may wish to download this 3rd party source from the original authors in order to verify the integrity of this software. For this reason, details of where this software was obtained from are included in the above directory.
Please note that should choose the latter option, it is important that you review the individual driver notes (see separate driver directories; "_notes.txt" files) to ensure that this software is configured correctly. Additionally, you may well have to modify the "my_build_sys.bat" files, directing them to the location where you installed said 3rd party source code, as the build process requires that certain files are copied over into the LibreCrypt src directories. (Annoying, but this is a requirement of the MS "build.exe" command)
The LibTomCrypt source in particular had minor configuration changes to tomcrypt_cfg.h and tomcrypt_custom.h; please compare the original source (a copy of its release ZIP file is stored under src\3rd_party\libtomcrypt) with the modified version (uncompressed in a directory under this one)
Either:
or:
1. Run: ...\src\PC\drivers\build_ALL.bat
or:
1. Edit the file `.\src\PC\drivers\Common\bin\setup_env_common.bat`, you will need to update these lines:
* `set VCVARSALL="C:\PROGRA~2\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"`
this should be set to point to 'vcvarsall.bat', in '8.3' filename form
* `set PROJECT_DRIVE=P:`
The drive where the source code is, alternatively a 'subst' command can be used to point p: the project directory (e.g. the source should be under P:\src\)
* `set PROJECT_BASE_DIR=%PROJECT_DRIVE%\`
set this to the project directory
* `set MSDDK_DIR=C:\Apps\WinDDK\7600.16385.1`
The DDK dir
1. and either
2.
3. Run: `.\src\PC\drivers\build_all_amd.bat`
3. open a new DOS command box and run `.\src\PC\drivers\build_all_x86.bat`
or
2.
3. Enter each of the separate driver directories in turn and launch each project's "my\_build\_sys.bat"
In either case, the binaries are built into the `.bin\PC\<platform>\` directory.
After reaching this stage, you should have successfully built your own version of the LibreCrypt drivers
Notes:
This is a description for Delphi newbies of how to compile the LibreCrypt Explorer GUI.
To build the GUI, the following software is required:
The binary release of this software was built with Embarcadero Delphi XE2.
With the package SDeanUtilsXE
Note: Some components in this package are forms containing others in the same package. So, if you open a form in the package before installing it, you may see a message saying 'Field X does not have a corresponding component. Remove the declaration?'. If you do, click 'Cancel', clicking 'yes' will result in the component being deleted from the '.pas' file.
i18n is done using dxgettext, compatible with GNU gettext. Unfortunately the project was hosted on Berlios.de, which is now closed as a hosting site, and the project appears abondoned. An older version of the project was hosted on sourceforge. Fortunately a patch was submited to the sourceforge forum, containing the latest code. In order to build the source with i18n support, only a file gnugettext.pas is needed. For convenience this is part of the github project. To retrive this, download dxgettext.7z from TODO and extract the file from the .\dxgettext\dxgettext\sample\ directory. To run the other functions of dxgettext, viz extracting srings from the project and building .mo files:
To build the DLLs used by LibreCrypt Explorer:
.\src\PDA\
using Visual Studio 2010The binaries built are put into the directories .\bin\PC\DLLs\<config>\<platform>\
.
Note: The development of the command line decryption utilities has ceased. This functionality has been superceded with the development of LibreCrypt Explorer and the test projects
To build the command line decryption utilities, the following software is required:
A C compiler (Visual Studio 2010 was used to write and test this software) Please follow the following steps:
Install and configure up the build environment, as described as per building the backend drivers, you may omit the SDK and DDK. * Modify the software as appropriate for your test * Please see the command line decryption utility documentation
Launch the relevant "my_build_exe.bat" file
The executable should be built in the same directory.
Note: These are not included in the release and are for testing purposes Note: These are work in progress
To build the command line Test Apps, the following software is required:
A C compiler (Visual Studio 2010 was used to write and test this software) Please follow the following steps:
Install and configure up the build environment, as described as per building the backend drivers, you may omit the SDK and DDK. * Open the test project(s) under .\src\PDA\TEST_PROJS* * Please see the command line test app documentation or
The executable should be built in the same directory. These executables are built using the same code as the DLLs but with different preprocessor directives, they are used for testing the drivers and DLLs.
All the projects have been built under a directory "P:\", but whereever possible relative paths have been used. In case of errors run the command subst p: <path to project directory>
and retry
To sign the LibreCrypt binary files (.exe, .dll and .sys files), the procedure is pretty much as described at: Pantaray Research web site
At present, LibreCrypt is signed using a self-signed certificate; the full procedure used is as follows:
Create a private certificate:
makecert.exe -sv tdk.pvk -n "E=tdk@doxbox.eu,CN=Sarah Dean" tdk.cer
this should create two files: tdk.pvk and tdk.cer
Create a test software publisher certificate (SPC):
cert2spc.exe tdk.cer tdk.spc
to create tdk.spc. (This file would normally be supplied by a CA, if purchased)
Create a personal information file
pvk2pfx -pvk tdk.pvk -spc tdk.spc -pfx tdk.pfx -f /pi <pvk password> /po <pfx password>
Where:
<pfx password> is the password you wish to use for securing the new .pfx file
Sign each of binary files:
signtool.exe sign /f tdk.pfx /p <pfx password> /v /t http://timestamp.verisign.com/scripts/timstamp.dll <filename>
Where: <pfx password> is the password used when generating the .pfx file with pvk2pfx
The URL specified is a time stamping service (Verisign's in this case).
When building the C code, FreeOTFEPlatform.h automatically #defines one of the following:
depending on what is being built.
This header file should be #included at the start of every file which uses any of these defines. (Yes, this is obvious - but easily overlooked!)