Manualshelf

Operation Manual

ManualsBrandsVeraCrypt ManualsSoftware1.16
41424344454647484950
47
are normally stored). If it fails and if there is a partition behind the active partition, the VeraCrypt
Boot Loader (even if there is actually no hidden volume on the drive) automatically tries to decrypt
(using the same entered password again) the area of the first partition behind the active partition
*
where the encrypted header of a possible hidden volume might be stored. Note that VeraCrypt
never knows if there is a hidden volume in advance (the hidden volume header cannot be
identified, as it appears to consist entirely of random data). If the header is successfully decrypted
(for information on how VeraCrypt determines that it was successfully decrypted, see the section
Encryption Scheme), the information about the size of the hidden volume is retrieved from the
decrypted header (which is still stored in RAM), and the hidden volume is mounted (its size also
determines its offset). For further technical details, see the section Encryption Scheme in the
chapter Technical Details.
When running, the hidden operating system appears to be installed on the same partition as the
original operating system (the decoy system). However, in reality, it is installed within the partition
behind it (in a hidden volume). All read/write operations are transparently redirected from the
system partition to the hidden volume. Neither the operating system nor applications will know that
data written to and read from the system partition is actually written to and read from the partition
behind it (from/to a hidden volume). Any such data is encrypted and decrypted on the fly as usual
(with an encryption key different from the one that is used for the decoy operating system).
Note that there will also be a third password the one for the outer volume. It is not a pre-boot
authentication password, but a regular VeraCrypt volume password. It can be safely disclosed to
anyone forcing you to reveal the password for the encrypted partition where the hidden volume
(containing the hidden operating system) resides. Thus, the existence of the hidden volume (and of
the hidden operating system) will remain secret. If you are not sure you understand how this is
possible, or what an outer volume is, please read the section Hidden Volume. The outer volume
should contain some sensitive-looking files that you actually do not want to hide.
To summarize, there will be three passwords in total. Two of them can be revealed to an attacker
(for the decoy system and for the outer volume). The third password, for the hidden system, must
remain secret.
Example Layout of System Drive Containing Hidden Operating System
*
If the size of the active partition is less than 256 MB, then the data is read from the second partition behind the active
one (Windows 7 and later, by default, do not boot from the partition on which they are installed).