Operation Manual

ManualsBrandsVeraCrypt ManualsSoftware1.16

151

152

153

154

155

156

157

158

159

160

149

VeraCrypt Volume Format Specification

Offset

(bytes)

Size

(bytes)

Encryption

Status

Description

Unencrypted

‡

Salt

Encrypted

ASCII string “VERA”

Encrypted

Volume header format version (2)

Encrypted

Minimum program version required to open the volume

Encrypted

CRC-32 checksum of the (decrypted) bytes 256–511

Encrypted

Reserved (must contain zeroes)

Encrypted

Size of hidden volume (set to zero in non-hidden volumes)

100

Encrypted

Size of volume

108

Encrypted

Byte offset of the start of the master key scope

116

Encrypted

Size of the encrypted area within the master key scope

124

Encrypted

Flag bits (bit 0 set: system encryption; bit 1 set: non-system

in-place-encrypted volume; bits 2-31 are reserved)

128

Encrypted

Sector size (in bytes)

132

120

Encrypted

Reserved (must contain zeroes)

252

Encrypted

CRC-32 checksum of the (decrypted) bytes 64–251

256

Var.

Encrypted

Concatenated primary and secondary master keys

512

65024

Encrypted

Reserved (for system encryption, this item is omitted

††

)

65536

Encrypted /

Area for hidden volume header (if there is no hidden volume

Unencrypted

‡

within the volume, this area contains random data

). For

system encryption, this item is omitted.

††

See bytes 0–65535.

131072

Var.

Encrypted

Data area (master key scope). For system encryption, offset

may be different (depending on offset of system partition).

S–131072

†

65536

Encrypted /

Backup header (encrypted with a different header key derived

Unencrypted

‡

using a different salt). For system encryption, this item is

omitted.

††

See bytes 0–65535.

S–65536

65536

Encrypted /

Backup header for hidden volume (encrypted with a different

Unencrypted

‡

header key derived using a different salt). If there is no hidden

volume within the volume, this area contains random data.

For

system encryption, this item is omitted.

††

See bytes 0–65535.

The encrypted areas of the volume header are encrypted in XTS mode using the primary and secondary header keys. For more

information, see the section Encryption Scheme and the section Header Key Derivation, Salt, and Iteration Count.

†

S denotes the size of the volume host (in bytes).

‡

Note that the salt does not need to be encrypted, as it does not have to be kept secret [7] (salt is a sequence of random values).

Multiple concatenated master keys are stored here when the volume is encrypted using a cascade of ciphers (secondary master keys

are used for XTS mode).

See below in this section for information on the method used to fill free volume space with random data when the volume is

created.

††

Here, the meaning of "system encryption" does not include a hidden volume containing a hidden operating system.