FreeOTFE logo FreeOTFE
Free disk encryption software for PCs and PDAs
(PDA version of WWW site)

Installation and Upgrading from a Previous Version: PC version

NOTE: Windows Vista x64 (64 bit) users only should also read the additional information for Windows Vista x64 users section, in order to configure their system before use

As with the PDA version, if you wish to use FreeOTFE in portable mode, you do not have to carry out the installation described below; simply copy the binary (".exe" and ".sys") files to wherever you would like them stored, and doubleclick on "FreeOTFE.exe" (i.e. the file with the combination lock icon). From there, you can then start using FreeOTFE in Portable Mode.

Alternatively, if you would like to carry out a full installation, which will allow non-administrator users to mount and use FreeOTFE volumes, follow either of the automatic or manuall installation instructions detailed below.


Automatic installation

Download the "installer" version of FreeOTFE, and run the executable.

After prompting you for some simple details, FreeOTFE will be automatically installed on your PC.

If you are using the 64 bit version of Windows Vista (Vista x64), you will have to reboot your PC after the automatic installation is complete.


Manual installation

  1. Login to your computer as administrator (if appropriate) - installation of the device drivers requires administrator privileges to create the registry entries, etc
  2. Copy "FreeOTFE.exe" to where you would like it installed. Create shortcuts to this file if required.
  3. Launch "FreeOTFE.exe". You will be prompted that the system could not connect to the main FreeOTFE driver - ignore this error for now as you have not yet installed the main FreeOTFE driver.
  4. Select "File | Drivers...". If you are running under Windows Vista, you will see the standard UAC consent/credential dialog at this point because you are about to install a device driver, which requires Administrator privileges. Authorise FreeOTFE to continue by clicking "Allow" or entering your Administrator's password to continue.
  5. Install each of the ".sys" files included with the release in turn, as follows:
    1. Click the "Install..." button
    2. Select the ".sys" file to be installed from the release, and click "OK". (This should copy the driver file into your <windows>\system32\drivers dir, and setup a few registry entries)
    3. Select the driver's name which should now appear in the list of installed drivers, and click "Start". (This should start the driver selected)
    4. Change the driver's startup option to "At system startup" and click "Update"
  6. Click the "Close" button
These steps will install and setup a FreeOTFE in a minimalist installation. With these steps complete, you may now use FreeOTFE to create and mount FreeOTFE and Linux encrypted volumes.

The drivers installed are configured such that they do not automatically startup when your system boots. Once you are happy that FreeOTFE is stable enough, you may return to the driver management dialog, select each driver in turn, and set them to start automatically at system startup.

Note: In order to use FreeOTFE, you must have the following drivers installed, and running as the bare minimum for FreeOTFE to operate correctly:
  1. The main "FreeOTFE" driver
  2. At least one hash driver ("FreeOTFEHash...")
  3. At least one cypher driver ("FreeOTFECypher...")
A number of the cyphers (e.g. RC6 and Twofish) have multiple drivers; these reflect different implementations (e.g. FreeOTFE comes with three Twofish implementations; one based on the libtomcrypt library, one based on the optimised reference implementation, and one based on Brian Gladman's implementation). Each of these drivers provides pretty much the same functionality, it's just the implementation that differs.  Were multiple drivers are provided for the same cypher, you only need to install one of them. You can mix drivers based on different implementations (e.g. install the Gladman version of Twofish, while installing the libtomcrypt version of AES). Installing all of the drivers them is harmless, but does mean that you'll be prompted which one to use during mounting a volume, if more than one can be used to encrypt/decrypt that volume.

Upgrading from a Previous Version

Because of slight changes within the FreeOTFE driver API, you must ensure that you completely uninstall your existing FreeOTFE installation before installing and using the latest FreeOTFE. Please see the section on uninstalling for details on how to do this.
Special Notes if Upgrading from v2.00
Although the FreeOTFE drivers are backwardly compatible, v2.00 of the main FreeOTFE driver cannot correctly use LRW or XTS encrypted volumes. Such volumes may be mounted with the v2.00 driver, but their contents will not be usable.
Special Notes if Upgrading from v00.00.02
With the possible exception of those volumes which were generated using the "NULL" hash algorithm (which was only intended for testing purposes), the latest version of FreeOTFE should be backward compatible with existing volume files and you should experience no problems with mounting and using them.

You will notice that when mounting volumes, you are presented with more options than with your previous version of FreeOTFE. For the purposes of mounting older volumes, these additional controls can be ignored except for the "salt length" option. Newer versions of FreeOTFE default this value to 256 bits, and you may well have to change this to the previous default of 128 bits.

When mounting FreeOTFE volumes, FreeOTFE will attempt to mount using the latest CDB format, only falling back and attempting to mount using the older CDB format if this fails.

Although FreeOTFE is backward compatible with existing volumes, it is very highly recommended that you update your volume files to ensure that they use the new CDB format, as this will allow you to take advantage of the numerous security improvements that the latest version provides. The easiest way to update your volume files to the new CDB format is to simply change their passwords by selecting "Tools | Change volume/keyfile password/details...".

IMPORTANT: If you created any ".les" (Linux Encryption Settings) files, please double check the next time you reload them, and ensure that your settings are correct. Changes due to ongoing development may cause some settings to change; to fix, simply confirm your settings are correct, and save them out again.