LibreCrypt: Open-Source disk encryption for Windows
LibreCrypt doesn't create any registry entries for itself unless the user chooses to associate ".vol" files with the application, in which case only those registry entries which are required to associate the LibreCrypt executable with the filename extension are created. All user options and settings are stored in a ".ini" file, unless the user explicitly configures them to be stored in the registry.
In addition to this, MS Windows does create a registry entry for each LibreCrypt driver used. This is inevitable; all transparent encryption systems running under MS Windows are required to do this in order to function correctly.
The following detail the registry entries are typically created by MS Windows:
Registry key: HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services*<driver name>*
These keys may have the following values under them:
Value | Type | Meaning |
---|---|---|
ErrorControl |
Although no files are copied to your computers hard drive when using portable mode, because part of the manner in which MS Windows manages device drivers, Windows still writes certain details about the portable mode drivers to the registry. Specifically, the full path and filename of the drivers used together with other basic information on the drivers as detailed above.
When portable mode is stopped, most of this information is deleted by Windows automatically. However:
It is not possible to securely delete the relevant registry entries without "going behind Windows' back" - not exactly recommended when working with kernel mode device drivers!
It should be noted that this applies equally to *all* disk encryption systems that support any kind of "portable mode".
Should it be a concern that an attacker may discover which LibreCrypt drivers were being used, it is suggested that you either: