FreeOTFE logo FreeOTFE
Free disk encryption software for PCs and PDAs
(PDA version of WWW site)


Technical Details: FreeOTFE Volumes and Keyfiles

A FreeOTFE volume (regardless of whether its stored in a file or partition) consists of two things:

  1. A critical data block (CDB)
  2. An encrypted partition image
The CDB may either form part of the volume, in which case it is prepended to the encrypted partition image, or it may be stored as a separate file, in which case it is referred to as a "keyfile".
Users may create any number of keyfiles for any given volume. To create a new keyfile, the user must supply either:
  1. An existing keyfile, and its password, etc
  2. A volume file which has a CDB
together with its password, salt length, etc. The keyfile or volume CDB supplied will then be read in, decrypted, and re-encrypted with a new password, salt length, etc (all supplied by the user) before being written out as the new keyfile.

A full definition of the contents of a CDB/keyfile is supplied in this documentation.

Notes:

  • A FreeOTFE keyfile is nothing more than a CDB, the "volume details block" of which contains the encryption details used for securing the volume it relates to
  • A volume may have one or more keyfiles, in which case they all share the same data stored within their respective "volume details block", but each one is encrypted with a different user password, salt, random padding, etc - making each keyfile unique.
  • Keyfiles are encrypted with the same cypher/hash that the encrypted partition image they relate to is encrypted with.