 |
 |
 |
 |
 |
 |
Container File Format |
- BestCrypt v.7 for Windows 95/98/ME/NT/2000/XP
- BestCrypt v.6 for Windows 95/98/ME/NT/2000
- BestCrypt for Linux
BestCrypt container file consists of three sections:
512-byte fixed header with public information |
Key Generator-dependent encrypted information |
- Hidden Sector (first 512 bytes).
It is used by the BestCrypt software to verify integrity and check size of the container file without opening it for access. Hidden sector does not contain any sensitive information. BestCrypt disk driver does not use the Hidden Sector data at all.
Hidden Sector format is derived from MS-DOS/FAT Bios Parameter Block and Boot Record structures. Thus, Hidden Sector is backward-compatible with all versions of BestCrypt (including BestCrypt for DOS).
The following C-style text shows an exact format of the Hidden Sector:
#define HIDDEN_SECTOR_SIZE 512 #define DESCRIPTION_SIZE 66 #define CHECKSUM_SIZE 8 typedef struct _BPB { WORD sectSize; BYTE sectPerCluster; WORD reservedSectors; BYTE NumberOfFat; WORD maxRootDirEntry; WORD totalSectors; BYTE mediaDesc; WORD sectorsPerFat; WORD sectorsPerTrack; WORD numberOfHeads; DWORD hiddenSectors; DWORD totalSectorsLong; } BPB; // The same as the DOS Bios Parameter Block typedef struct _BootRecord { BYTE jmpCode[3]; char OEMid[8]; struct BPB bpb; BYTE driveNo; BYTE reserved; BYTE extBootSign; DWORD serialNumber; char volumeLabel[11]; char FatType[8]; } BootRecord; // The same as DOS Boot Record structure for FAT12 and FAT16 typedef struct _HiddenSector { struct BootRecord bootRecord; char description[ DESCRIPTION_SIZE ]; // Description of the file-container WORD extent; // 0 (reserved for future) WORD version; // 0 (reserved for future) BYTE reserved[ HIDDEN_SECTOR_SIZE - sizeof( struct BootRecord ) - DESCRIPTION_SIZE - // sizeof(description) sizeof( WORD ) - // sizeof(extent) sizeof( WORD ) - // sizeof(version) sizeof( DWORD ) - // sizeof(dwKeySize) sizeof( DWORD ) - // sizeof(dwDataOffset) sizeof( DWORD ) - // sizeof(fileSystemId) sizeof( DWORD ) - // sizeof(algorithmId) sizeof( DWORD ) - // sizeof(keyGenId) CHECKSUM_SIZE ]; DWORD dwKeySize; // Key Data Block size. DWORD dwDataOffset; // Encrypted Data offset from the beginning of file in bytes DWORD fileSystemId; // Driver will mark container during formating DWORD algorithmId; // Encryption Algorithm identifier DWORD keyGenId; // Key Generation identifier char CheckSum[ CHECKSUM_SIZE ]; // Not used in version 6 of BestCrypt } HiddenSector; - Key Data Block.
Structure of the block is defined by the Key Generator module of BestCrypt and it is completely opaque for other modules of the software. BestCrypt software modules are aware only about size of the Key Data Block.
Knowing the size and location of the Key Data Block inside container file, the BestCrypt can read the Block from the file and pass it to the appropriate Key Generator. Getting the Block, it is a deal of the Key Generator how to use the data inside the Block. (For example, look at the KGSHA Key Generator source codes to get information about the Key Data Block structure used in the module. Other Key Generators may have their own format of the Key Data Block structure.)
Structure of the Key Data Block is available in the KGSHA Key Generation source codes (see the KBLOCK.H file).
- Encrypted image of the BestCrypt virtual drive.
When operating system sends request to read N-th sector from the virtual drive, the BestCrypt disk driver performs the following:
- calculates offset for the sectors data inside that part of the
file-container (sector size of the BestCrypt drive is 512 bytes):
Offset = N * 512 + size of Hidden Sector + size of Key Data Block; - reads encrypted data from the file container using the calculated Offset;
- calls Encryption Algorithm module to decrypt the data;
- returns the data to the operating system.
- calculates offset for the sectors data inside that part of the
file-container (sector size of the BestCrypt drive is 512 bytes):
| |
|
|
|
|
|
 |