The software described in this guide is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WinAbility Software Corporation. WinAbility Software Corporation may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from WinAbility Software Corporation, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

NO WARRANTY

The technical information in this document is provided AS-IS and WinAbility Software Corporation makes no warranty as to its accuracy or use. Any use of the information contained herein is at the risk of the user. This document may include technical or other inaccuracies or typographical errors.

Copyright Notice

© 2023 WinAbility Software Corporation. All rights reserved.

Trademarks

WinAbility, WinAbility.Com, WinAbility Encryption Driver, and "The Way Software Should Be!" are either registered trademarks or trademarks of WinAbility Software Corporation and/or its suppliers in the U.S.A. and/or other countries. Other product and company names mentioned in this document may be the trademarks or registered trademarks of their respective owners and are hereby acknowledged.

WinAbility Encryption Driver (Driver) is a collection of software modules that implement various cryptographic algorithms and provide an API designed to be used by software applications to perform encryption and decryption of data, as well as other related functions. The Driver is designed to be used with the Windows operating system, starting with Windows XP and Windows Server 2003.

WinAbility Encryption Driver is included and used in the software product USBCrypt.

WinAbility Encryption Driver implements the support for creating the general purpose encrypted files and related password and encryption key management functionality. In particular, it allows for creating and managing the encrypted containers with the file systems inside (the Virtual Encrypted Disks).

WinAbility Encryption Driver contains a kernel driver (32- and 64- bit) that implements the functionality necessary to provide support for the Virtual Encrypted Disks. It also contains the user-mode module (again, 32- and 64-bit) that provides an API that allows the applications to create, start, stop, and perform other related operations with the Virtual Encrypted Disks. It also includes a service process that may help the system administrators manage the Driver and the Virtual Encrypted Disks.

In addition to the encryption algorithms, the Driver also implements several supporting algorithms, including a cryptographically strong pseudo-random data generator, a password hashing and key derivation algorithms, etc.

WinAbility Encryption Driver is currently a closed-source software. However, a review-only license to the source code of the Driver may be purchased by the interested parties, please contact us for the details.

Note: The purpose of this document is to provide a brief, high-level overview of the Driver. It is not intended to offer a complete and thorough description of all the technical details of the Driver.

The installation and operation of WinAbility Encryption Driver software is supported on the versions of Windows that are fully supported by Microsoft. At the time of this writing, the supported versions of Windows are:

  • Windows 11
  • Windows 10
  • Windows 8.1
  • Windows Server 2019 (with Desktop experience)
  • Windows Server 2016 (with Desktop experience)
  • Windows Server 2012 R2 (with Desktop experience)

Both the 32-bit and x64 editions of Windows are supported. Note that Windows Vista x64 and Windows Server 2008 x64 are NOT SUPPORTED. The reason is that Microsoft chose not to update  these versions to support the SHA256 digital signatures in the kernel mode, and without such support such systems cannot use the WinAbility Encryption Driver kernel driver.

IMPORTANT: For each supported version of Windows, all available service packs and Windows updates must be installed. If your computer is not set to install updates automatically, use Windows Update to check for available updates and install them. WinAbility Encryption Driver may not work properly if the latest updates are not installed.

WinAbility Encryption Driver may work with some of the older versions of Windows, such as Windows XP, Vista, or Windows Server 2003 or 2008, but we do not support such configurations. You are advised to thoroughly test the software on the unsupported versions of Windows prior to purchasing it, to make sure it operates according to your requirements "out of the box".

WinAbility Encryption Driver is NOT compatible with Windows RT, Windows 95, 98, Me, Windows NT, Windows 2000, or any older version of Windows. WinAbility Encryption Driver is NOT compatible with Linux, OS X, or other operating systems that are not based on Windows.

WinAbility Encryption Driver (Driver) contains the implementation of the following cryptographic algorithms:

Advanced Encryption Standard (AES)

The implementation of the AES algorithm uses the source code in assembler language by Dr. Gladman . It conforms to the specification of the NIST document FIPS 197. The implementation supports the 128-, 192-, and 256-bit key lengths.

The Twofish cipher

The implementation of the Twofish algorithm conforms to its description by Bruce Schneier . The implementation supports the 128-, 192-, and 256-bit key lengths.

The cascade ciphers

The Driver allows for combining two of the standard encryption algorithms described above, each using an independent encryption key, into a cascade  algorithm, that effectively creates a combined encryption algorithm with the key lengths between 256 and 512 bits.

Secure Hash Algorithm (SHA)

The Driver implements the SHA2 and SHA3 algorithms (with the digest sizes 256, 384, and 512 bits), as per the specifications in the documents NIST FIPS 180-3 and FIPS 202.

The Whirlpool hash algorithm

The Driver implements this 512-bit hash algorithm according to its description by Paulo S. L. M. Barreto .

The legacy hash algorithms

The Driver contains the implementations of the SHA1 and MD5 hash algorithms, to allow for their availability for the legacy protocols, when required. However, these algorithms are not used in other constructions within the Driver itself.

The ECB and CBC encryption modes

The Driver implements the ECB and CBC encryption modes as per the specifications of the NIST document SP 800-38 A.

The XTS encryption modes

The Driver implements the XTS encryption mode conforming to the NIST document SP 800-38 E.

The CMAC algorithm

The Driver implements the CMAC (OMAC) algorithm according to the NIST document SP 800-38B.

The HMAC algorithm

The Driver implements the HMAC algorithm according to the NIST document FIPS 198 A.

The PBKDF2 algorithm

The Driver implements the PBKDF2 (Password-Based Key Derivation Function ) algorithm.

The CTR-DRBG pseudo-random data generator

The Driver implements the CTR-DRBG algorithm as described in the NIST publication SP 800-90 section 10.2.1. An option is also available to use the pseudo-random data generator as a random data generator by collecting the entropy from the movements of the computer mouse and timing the keystrokes of the keyboard in the background, as well as using several volatile system parameters.

WinAbility Encryption Driver (Driver) implements a pseudo-random data generator in accordance with the NIST publication SP 800-90 section 10.2.1

When the application is used by the user interactively, the Driver offers an option to use the movements of the computer mouse and timings the keystrokes of the keyboard in the background, as well as several volatile system parameters, as the entropy source to seed the pseudo-random generator and generate practically random output.

The output of the random data generator is used when creating the encryption keys and initialization vectors, as required by the encryption algorithms, as well as in other functions that require random or pseudo-random input.

WinAbility Encryption Driver (Driver) implements the PBKDF2  (Password-Based Key Derivation Function) algorithm. This algorithm uses a hash function to derive key material from the password chosen by the user.

The Driver currently uses the following hash functions for the key derivation:

  • SHA3-512  (Secure Hash Algorithm 3 with 512 bits of output)

  • SHA2-512  (Secure Hash Algorithm 2 with 512 bits of output)

  • SHA2-COMBO (Secure Hash Algorithm 2 with 512 bits of output combined with the Wirlpool hash algorithm)

    This combination algorithm first obtains the outputs from the algorithms SHA2-512  and Whirlpool , each producing an independent 512-bit digest. (The two independent hash functions are used to avoid dependence on one specific hash function.) The two outputs from these hash functions are than XORed together, byte for byte, to produce a combined 512-bit value. The process can be represented as the following pseudo-code function:

    	function SHA2_COMBO( var input )
    	{
    		var hash1 = SHA2_512( input );
    		var hash2 = WHIRLPOOL( input );
    		var digest = (hash1 XOR hash2 );
    
    		return digest;
    	}
    

Generation of the encryption key from the intermediate hash value of the password

When the user enters a password, the application obtains its plain-text representation in the UNICODE format. Such binary representation of the user's password is then used as the input to the SHA2-COMBO function (descrived above). The 512-bit output is then used as an input to the SHA2-256 function. The resulting 256-bit hash value is then used as the intermediate hash value of the password. If the user has selected the option to remember the password for the duration of the current computer session, this intermediate hash value (rather than the plain test form) of the password is stored in the computer memory.

The 256-bit intermediate hash value obtained in the previous step is used together with the salt value from the volume descriptor key structure as the input to the PBKDF2 algorithm, that is executed repeatedly (2048 iterations with the SHA2-512 or SHA2-COMBO hash functions, or 8192 iterations with the SHA3-512 hash function, for each portion of the key material) until the required quantity of the key material is generated. For example, for the AES-128 encryption in the CBC mode, the Driver generates 256 bits of the key material, of which the first 128 bits are used as the encryption key, and the remaining 128 bits are used as the initial initialization vector.

Each Virtual Encrypted Disk contains the encrypted data as well as the envelope that holds the encryption keys and other information necessary for successful decryption and re-encryption of the data. The encrypted data can be stored as one large file or be split in several files. The envelope can also be stored in the same file as encrypted data, or in a separate file.

The encrypted data

This is the actual user or application data that the Driver encrypts and decrypts as necessary. The data is split in 512-byte sectors, and each sector is encrypted with a single run of the cipher in the encryption mode selected by the user.

The envelope

The envelope contains the following information:

Offset (in bytes)Size (bytes)Description
0 512 Volume descriptor key
512 512 Reserved (random bytes)
1024 1024 Volume descriptor

Volume descriptor key

The Volume descriptor key area contains a CIPHER_CONTEXT_RAW structure (described below) that contains the encryption key and other information necessary to decrypt Volume descriptor. The Volume descriptor key area itself is encrypted with the key derived from the user password.

Volume descriptor

The Volume descriptor area contains a VOLUME_DESCRIPTOR_RAW structure that contains the encryption key and other information necessary to decrypt the encrypted data.

The VOLUME_DESCRIPTOR_RAW structure

	struct VOLUME_DESCRIPTOR_RAW
	{
		VOLUME_DESCRIPTOR	volume_descriptor;

		BYTE			random[ 1024 - sizeof(VOLUME_DESCRIPTOR) - sizeof( MAC_VALUE ) ];

		MAC_VALUE		mac;
	};

The volume_descriptor member is described below. The random member is filled with random bytes when the Virtual Encrypted Disk is first created. The mac value contains the result of the calculation with the OMAC algorithm of the volume_descriptor and random members. The entire VOLUME_DESCRIPTOR_RAW structure is encrypted with the Volume descriptor key. The mac value is calculated before the encryption. When the VOLUME_DESCRIPTOR_RAW is decrypted, the mac value is checked to verify the integrity of the remaining data of the structure.

The VOLUME_DESCRIPTOR structure

The VOLUME_DESCRIPTOR structure contains the encryption key and other information required by the driver to successfully "start" (a.k.a. "mount") the encrypted data that contains a file system volume. This structure contains the following members:

	struct VOLUME_DESCRIPTOR
	{
		UINT16			wSize;			// = sizeof(VOLUME_DESCRIPTOR)

		UINT16			nDriverBuildMin;

		UINT16			nVolumeVersion;

		UINT16			wVolumeFlags;

		UINT128			volume_id;		

		CIPHER_CONTEXT		volume_key;

		UINT64			uxSegmentSize;		// 0 if all in one file, or size of each segment in Bytes!

		UINT64			uxReserved0;		// 0

	};

The nDriverBuildMin member contains the minimum build number of the driver that is required to start this volume. The nVolumeVersion member is the version number of the VOLUME_DESCRIPTOR structure and currently has the value 1.

The wVolumeFlags member can be 0 if encrypted data follows the envelope in the same physical file, or 1 if encrypted data is stored in one or more physical files, separate from the envelope.

The volume_id member is a randomly generated 128-bit value that may be used to identify the volume that this specific instance of the structure describes.

The volume_key member contains the encryption key and other information required for the encryption and decryption of the encrypted data.

The uxSegmentSize member is 0 if all encrypted data is stored within one file, or the size of the largest segment, if the encrypted data is stored in several file segments.

The CIPHER_CONTEXT_RAW structure

The CIPHER_CONTEXT_RAW structure is used in several places of Virtual Encrypted Disk and is used to store the encryption key, as well as other information necessary for an encryption algorithm to successfully encrypt and decrypt data. The CIPHER_CONTEXT_RAW structure contains the following members:

	struct CIPHER_CONTEXT_RAW
	{
		CONTAINER_ID		id;

		PASSWORD_SALT		salt;

		CIPHER_CONTEXT_EX	cipher_context_ex;
	};

The id member a randomly generated 128-bit number that may be used as a unique identifier of the data associated with a specific instance of this structure. The salt member a randomly generated 128-bit number that is used as the "salt" value during the key derivation procedure, if this structure is used to describe a key generated from the user's password.

The CIPHER_CONTEXT_EX structure

The CIPHER_CONTEXT_EX structure contains the following members:

	struct CIPHER_CONTEXT_EX
	{
		CIPHER_CONTEXT	cipher_context;

		BYTE		random[ 512 - 
					sizeof( CONTAINER_ID ) - 
					sizeof( PASSWORD_SALT ) - 
					sizeof( CIPHER_CONTEXT ) - 
					sizeof( MAC_VALUE ) ];

		MAC_VALUE	mac;
	};

The mac value contains the result of the calculation with the OMAC algorithm of the cipher_context and random areas, to be able to check the integrity of the structure.

The CIPHER_CONTEXT structure

The CIPHER_CONTEXT structure contains the following members:

	struct CIPHER_CONTEXT
	{
		CIPHER_DESCRIPTOR	cipher_descriptor;

		BYTE			key[ BITS(2048) ];
	};

The CIPHER_DESCRIPTOR structure

The CIPHER_DESCRIPTOR structure contains the following members:

	struct CIPHER_DESCRIPTOR
	{
		UINT16		wSize;		// = sizeof( CIPHER_DESCRIPTOR )
		UINT16		wReserved0;	// 0

		UINT32		dwFlags;	// 0 for now

		UINT32		idCipher;	
		UINT32		dwReserved1;	// 0

		UINT32		idMode;		
		UINT32		dwReserved2;	// 0

		UINT64		uxDataOffset;	
		UINT64		uxDataSize;	
	};

The idCipher member specifies the encryption algorithm; it can currently take one of the following values:

Encryption algorithm Value (decimal)
AES-128 65793
AES-192 131329
AES-256 196865
TWOFISH-128 66305
TWOFISH-192 131841
TWOFISH-256 197377

The idMode member specifies the encryption mode; it can currently take one of the following values:

Encryption mode Value (decimal)
CBC 516
XTS 1284

The uxDataOffset and uxDataSize are optional and may specify the location of the data encrypted with the cipher described by this instance of the CIPHER_DESCRIPTOR structure; they could both be 0 if that location can be determined from other information.

The key member of the CIPHER_CONTEXT structure contains the key material that is necessary for the cipher to perform the encryption and decryption of the data. For example, if the cipher is AES-128 and the encryption mode is CBC, then the first 128 bits of the key member are used as the encryption key, and the next 128 bits are used as the initial initialization vector. The remaining (unused) bits of the key member are set to random values when the CIPHER_CONTEXT structure is first created.