上次,我向您展示了如何使用VeraCrypt在您的计算机上设置加密卷。今天,我们将更进一步,向您展示如何在普通加密卷中插入隐藏的加密区域。脑筋急转弯,对吧?
但我为什么要隐藏部分(Hidden Section)?
除了有趣的一面(fun aspect)(谁不喜欢秘密通道?),还有一种叫做“似是而非的否认”的东西。它是这样的。
假设您有一个非常可疑的父母或配偶(parent or spouse)
,他们知道您有一个加密文件夹。他们确信你那里有一些真正可怕的东西,你否认它,他们强迫你打开文件夹来证明它。
在普通文件夹中,解密会立即显示内容。但是如果你有一个只有你知道的隐藏部分呢?然后,您可以打开文件夹向该人展示一些无害且无聊的文件,但真正敏感的内容将在隐藏部分中——没有人会更聪明。
打造你自己的纳尼亚式秘密通道(Make Your Own Narnia-Like Secret Passageway)
所以让我们再次启动VeraCrypt,让我们看看如何做到这一点。
首先,单击“创建卷(“Create Volume)”。
单击第一个选项-“创建加密文件容器(Create an encrypted file-container)”,然后单击“下一步(Next)”。
上次,我们做了第一个选项。今天,我们将点击第二个(number two)门——“隐藏的 VeraCrypt 卷(Hidden VeraCrypt volume)”。该描述为您提供了我喜欢称之为“Mafia torture/extortion 保险单(insurance policy)”的内容。
下一部分为您提供了两个选项。
- 创建一个带有自己隐藏部分的新 VeraCrypt 卷。
- 将隐藏部分添加到已存在的卷中。
我假设这是您第一次这样做,所以我将使用“正常模式(Normal mode)”以使事情变得更简单。
第一步是创建“外部” VeraCrypt 卷(” VeraCrypt volume)(将保存所有无辜文件的常规卷)。(regular one)因此,单击“选择文件(Select File)”并导航(” and navigate)到您希望该文件夹所在的位置。加上给它一个名字。
如有必要,可以稍后更改位置和名称。(location and name)
现在为外部卷设置“(outer volume)加密选项(Encryption Options)” 。除非您有任何特殊原因,否则默认选项非常好。
现在设置外卷(outer volume)的大小。请记住(Remember),隐藏部分的大小需要放在其中,因此外部卷(outer volume)
需要空间用于存放无辜文件和隐藏空间以及敏感文件。
由于一旦创建卷就无法更改此空间,因此您需要认真考虑需要多少空间。最好谨慎行事并走高一点。
由于这只是本文的临时卷,之后会被删除,所以我做了 1GB。
现在是密码。忘记密钥文件和PIM 选项(PIM option)。输入密码后,点击“(click “)显示密码(Display Password)”检查是否输入正确。
接下来是生成加密密钥(encryption keys)。在屏幕上随意移动鼠标,观察底部的栏从红色变为绿色。
当栏为绿色时,单击“格式化(Format)”。
您现在将被告知打开外部卷(outer volume)并将您的无辜文件复制到里面。尚未创建隐藏部分。(section hasn)接下来就是。
所以我进入外卷(outer volume),将一些 PDF 的技术文章复制到其中。
现在回到之前的VeraCrypt 窗口并单击“(VeraCrypt window and click “)下一步(Next)”开始构建您的隐藏卷(hidden volume)。
和以前一样,为隐藏卷选择加密选项。同样(Again),除非您真的必须这样做,否则请保持原样。
根据外卷(outer volume)的大小,VeraCrypt计算出隐藏卷的最大大小不能超过 882MB。所以决定大小并(size and enter)在提供的空间中输入。
接下来的两个屏幕将要求您设置密码并生成加密密钥,就像您对外部卷(outer volume)所做的那样。
关于隐藏卷的密码 -(volume –)它必须与外部卷的密码完全不同。您稍后会看到原因,但如果您选择相同的密码,隐藏卷将不起作用。( it must be a completely different password
to the one for the outer volume. You will see why later but if you choose the
same password, the hidden volume will not work.)
当这一切都完成后,你就会看到这个。
现在退出安装向导(installation wizard)。您的带有隐藏门的加密卷已准备好摇滚。
打开它(Opening It Up)
在 VeraCrypt 主窗口中:
- 选择要安装卷的驱动器号。(drive letter)
- 单击“选择文件(Select File)”导航并选择该卷。
- 点击“挂载文件(Mount File)”,弹出密码窗口。
为什么需要两个密码(Why You Needed Two Passwords)
好的,假设黑手党(Mafia)有你,你被迫放弃加密的VeraCrypt 文件夹(VeraCrypt folder)的密码。真正有罪的东西在你的隐藏卷中,而赞美
唐(Don)的东西在普通文件夹中。
你做什么工作?你给他们常规文件夹的密码。然后VeraCrypt(VeraCrypt)会看到您想要常规文件,而这就是所有人都能看到的。
但是,如果您安全并且想要查看
有罪的东西(incriminating stuff)(例如您的Bonnie Tyler 粉丝(Bonnie Tyler fan)俱乐部ID 卡(ID card)),请输入隐藏卷的密码(type in the password for the hidden volume)。
然后VeraCrypt(VeraCrypt)将忽略普通文件夹,而只安装隐藏卷。
在本系列的第三部分(part three)中,我们将使用
VeraCrypt来加密您的整个硬盘。希望(Hopefully)我能做到这一点,而不会在此过程中出现蓝屏(Blue Screen)死机(Death)。
How To Add a Hidden Area Inside An Encrypted VeraCrypt Volume
Last time, I showed уou how to set up an encrypted volume on your computer using VeraCrypt. Today, we are going to go a step further and show you how to insert a hidden encrypted area inside an ordinary encrypted volume. Mind-bending, right?
But Why Would I Want a Hidden Section?
Apart from the fun aspect of it (who doesn’t like
secret passageways?), there is also something called “plausible deniability.”
It goes something like this.
Let’s say you have a very suspicious parent or spouse
who knows you have an encrypted folder. They are convinced you have something
truly terrible in there, you deny it, and they pressure you to open the folder
to prove it.
In an ordinary folder, decrypting it will immediately
reveal the contents. But what if you had a hidden section which only you knew
about? Then you can open the folder to show the person some innocuous and
boring files, but the really sensitive stuff would be in the hidden section –
and nobody would be any the wiser.
Make Your Own Narnia-Like Secret Passageway
So let’s fire up VeraCrypt again and let’s take a look at how to do this.
First, click “Create Volume”.
Click on the first option – “Create an encrypted file-container” and then “Next”.
Last time, we did the first option. Today, we are going to click on door number two – “Hidden VeraCrypt volume”. The description gives you what I like to call the “Mafia torture/extortion insurance policy”.
The next section gives you two options.
- To create a new VeraCrypt
volume complete with its own hidden section.
- To add a hidden section to
an already-existing volume.
I am going to assume this is your first time doing this so I will go with “Normal mode” to make things simpler.
The first step is to create the “outer” VeraCrypt volume (the regular one which will hold all the innocent files). So click “Select File” and navigate to where you want that folder to go. Plus give it a name.
The location and name can be changed later if
necessary.
Now set the “Encryption Options” for the outer volume. Unless you have any special reason why, the default options are perfectly fine.
Now set the size of the outer volume. Remember, the
size of your hidden section needs to go inside of this, so the outer volume
needs space for the innocent files AND the hidden space with the sensitive
files.
Since this space cannot be changed once the volume has
been created, you need to have a serious think about how much space you will
need. Better to err on the side of caution and go a bit higher.
Since this is just a temporary volume for this
article, which will get deleted afterwards, I did 1GB.
Now the password. Forget the keyfiles and PIM option. After you have entered the password, click “Display Password” to check that you have typed it in properly.
Next up is to generate the encryption keys. Move your
mouse around the screen randomly and watch the bar at the bottom go from red to
green.
When the bar is green, click “Format”.
You will now be told to open the outer volume and copy
your innocent files inside. The hidden section hasn’t been created yet. That
comes next.
So I went into the outer volume and copied some PDF’s
of tech articles into it.
Now go back to the previous VeraCrypt window and click “Next” to start building your hidden volume.
As before, choose the encryption options for the
hidden volume. Again, unless you really have to, leave these as they are.
Based on the size of the outer volume, VeraCrypt has
calculated that the maximum size of the hidden volume can be no more than just
under 882MB. So decide on the size and enter it in the space provided.
The next two screens will ask you to set a password
and generate your encryption keys as you did with the outer volume.
With regards to the password for the hidden volume – it must be a completely different password
to the one for the outer volume. You will see why later but if you choose the
same password, the hidden volume will not work.
When that is all done, you will then see this.
Now exit the installation wizard. Your encrypted
volume with hidden door is ready to rock and roll.
Opening It Up
In the main VeraCrypt window :
- Choose a drive letter where you want to mount the volume.
- Click “Select File” to navigate and choose that volume.
- Click “Mount File” to bring up the password window.
Why You Needed Two Passwords
OK let’s say the Mafia has you and you are being
forced to give up the password to your encrypted VeraCrypt folder. The really
incriminating stuff is in your hidden volume while the stuff that praises the
Don is in the regular folder.
What do you do? You give them the password to the
regular folder. VeraCrypt then sees you want the regular files and that’s all
anyone sees.
But if you are safe and you want to view the
incriminating stuff (your Bonnie Tyler fan club ID card for example), type in the password for the hidden volume.
VeraCrypt will then disregard the normal folder and only mount the hidden
volume instead.
In part three of this series, we will be using
VeraCrypt to encrypt your entire hard-drive. Hopefully I can manage that
without getting a Blue Screen of Death in the process.