Comodo Disk Encryption User Guide

www.comodo.com

1

2

3

4

5

6

7

8

Comodo Disk Encryption User Guide | © 2009 Comodo Security Solutions Inc. | All rights reserved 1

COMODO Disk Encryption

User Guide

Table of Contents

Creating Trust Online ®

Comodo Security Solutions

525 Washington Blvd.

Jersey City, NJ 07310

United States.

http://www.comodo.com/

www.comodo.com

Table of Contents 1 COMODO Disk Encryption – Introduction......................................................................................3

2 Installing COMODO Disk Encryption..............................................................................................5

3 Starting COMODO Disk Encryption .............................................................................................10

4 The Main Interface .........................................................................................................................12

4.1 Physical Drives.......................................................................................................................................................13

4.2 Virtual Drives..........................................................................................................................................................21

4.2.1 Creating and Mounting Virtual Drives ............................................................................................................22

4.2.2 Handling Virtual Drives...................................................................................................................................30

5 Encrypting a Drive .........................................................................................................................34

6 Decrypting a Drive..........................................................................................................................39

7 The Tools Menu ..............................................................................................................................43

7.1 Settings...................................................................................................................................................................43

7.2 Taking a Copy of Your USB Key.............................................................................................................................47

7.3 Add Encrypted Partition .........................................................................................................................................49

7.4 Backup/Restore Encryption Settings......................................................................................................................51

8 Help..................................................................................................................................................59

8.1 Content...................................................................................................................................................................59

8.2 Support...................................................................................................................................................................60

8.3 Product Updates.....................................................................................................................................................61

8.4 About......................................................................................................................................................................62

9 Uninstalling Comodo Disk Encryption.........................................................................................63

Appendix – 1 Cipher Algorithms - A Brief Overview ......................................................................65

About Comodo....................................................................................................................................69



www.comodo.com

1 COMODO Disk Encryption – Introduction

What is COMODO Disk Encryption?

Comodo Disk Encryption protects your sensitive information by enabling you to encrypt any drive on your system using several algorithms.

Comodo Disk Encryption offers two varieties of data protection:

• You can encrypt any drive partition that contains information to be secured, with different encryption settings, i.e. using different hashing and encryption algorithms. Even the root partitions can be encrypted.

• You can also mount encrypted virtual partitions in your hard drive and save your information in them securely.

The encryption can be carried out with different authentication types adding additional layer of security.

• Password Authentication – Set a password of your choice as authentication key to encrypt the required drives. The password must be entered whenever the system is started to enable assessing the encrypted drives.

• USB memory key Authentication - Configure a USB memory as authentication key to encrypt the required drives. This key must be plugged-in in the system whenever the system is started to enable assessing the encrypted drives.

• Authentication with both Password and USB memory key - Combination of both password and USB keys for authentication. This is a highly secure practice that meets the classic two factor authentication criteria of 'something you own' plus 'something you know'.

What's best about it is that all encryption/decryption processes are performed on the fly with no reboot needed.

Why would you need such a product?

• because you want to be the sole person that is able to start a specific computer;

• because you don't what your data to be accessed while you are away;

• because if your computer gets stolen none will be able to access your data;

• because when you share the computer with someone else you want to have a partition just for you;

• because when necessary, all you have to do to make your data unrecoverable is to destroy the USB key

This guide is intended to take the user through the installation, configuration and use of Comodo Disk Encryption.



www.comodo.com

System Requirements

Comodo Disk Encryption - 32 bit: Comodo Disk Encryption - 64 bit:Operating SystemsWindows Vista - 32 bit Windows XP - 32 bitWindows 2000 Windows Server 2003 - 32 bit

32 MB RAM6 MB Hard Disk Space

Operating SystemsWindows Vista - 64 bitWindows XP - 64 bitWindows Server 2003 - 64 bit

32 MB RAM6 MB Hard Disk Space



www.comodo.com

2 Installing COMODO Disk Encryption

Before you install Comodo Disk Encryption, please make sure to quit all other Windows programs. You must also be a member of the administrator group to run this installer. After downloading the Comodo Disk Encryption setup file to your

local hard drive, double click on Setup.exe to start the installation wizard.

Step 1 : A Welcome screen appears. Click Next.

Step 2: End User License Agreement - In order to finalize installation, you must first read and accept the license agreement:



www.comodo.com

Click I ACCEPT if you accept to EULA and to continue with the installation. If you don't want to continue the installation, click I DECLINE and exit the installation.

Step 3: Choose destination folder - By default, Comodo Disk Encryption will be installed in C:Program Files\Comodo\Comodo Disk Encryption.

If you want to install the application in the default folder, click Next. If you want to install the application in a different folder, click Browse, navigate to your desired folder and click Next.

Step 4: Ready to Install - A Ready to Install dialog is displayed. If you want o proceed with the installation with the settings you have made earlier, click Install. If you want to review any settings made, click Back.



www.comodo.com

Step 5: Setup progress - A setup status dialog box is displayed. You will see a progress bar indicating that files are being installed.

Step 6: Product Activation - The product Activation dialog is displayed. Comodo Disk Encryption is activated at free of cost for lifetime usage. If you wish to sign up for news about Comodo products then enter your email address in the space provided and select Sign me up for news about Comodo products. This is optional. Click Next.



www.comodo.com

.Step 7: Free Activation Progress - Wait till your request is processed.

Step 8: Finish - A Finish dialog is displayed indicating the successful completion of installation. For the installation to take effect, the system has to be restarted.Please save any unsaved data and click Finish to restart the system. If you want to restart the system at a later time, uncheck Restart the computer and click Finish.



www.comodo.com

Note: The installation will take effect only on the next restart of the computer.



www.comodo.com

3 Starting COMODO Disk Encryption

You can access Comodo Disk Encryption through the Windows Start Menu, the task bar tray icon or through the desktop shortcut.

1. Start Menu

After downloading and installing a Comodo Disk Encryption, the setup procedure creates an entry in the 'Programs' section of Windows Start Menu. You can start Comodo Disk Encryption by hitting the 'Start' button and navigating to : Start - Programs - Comodo - Disk Encryption.

2. Tray Icon

Alternatively, double clicking on the tray icon will also start the Disk Encryption main interface.

The tray icon is created during the setup procedure and can be seen in the lower right hand side of the Windows task bar.

Right clicking on the tray icon , also allows you quick access to the following:



www.comodo.com

Settings About

3. Desktop Shortcut

Users can also start Comodo Disk Encryption by double-clicking on the desktop shortcut created during installation:



www.comodo.com

4 The Main Interface

The main interface of Comodo Disk Encryption has four main function areas:

• Disk Encryption menu bar;

• Drives Navigation Panel;

• Disk Information Panel ;

• Disk Encryption Status Bar.

Disk Encryption Menu Bar

The Menu bar provides access to 'File', 'Tools', 'Help' menus of Comodo Disk Encryption.

Drives Navigation Panel

The Drives Navigation Panel displays all local and virtual drives that are present on the system. Right clicking on any drive allows the user to run tasks and edit settings relating to that drive.

Drives - Clicking on this tab shows the Physical Drives panel. This panel displays the logical partitions of the physical disk drive(s) mounted in your system. This panel allows you to encrypt, decrypt, edit encryption settings etc. of the selected drive by right clicking on the drive. This panel is displayed by default whenever the Comodo Disk Encryption is accessed. See Physical Drives for more details.



www.comodo.com

Virtual Drives - Clicking on this tab opens the Virtual Drives Panel. The panel displays the virtual drives mounted in your system and allows you to create/mount, remove/unmount virtual drives, edit encryption settings etc. See Virtual Drives for more details.

Disk Information Panel

The Disk Information Panel displays the following information of the selected drive in the Drives Navigation Panel.

• File System: Shows the type of file system used on the disk highlighted in the Drives Navigation Panel. Examples of Windows file systems are FAT, FAT32 and NTFS.

• Free Space: Free space available on the highlighted disk. • Total Size: Total size of the highlighted disk. • Encryption: Shows the status of disk's encryption - AES (type of encryption algorithm, which is

used to encrypt)/Not Encrypted.

Disk Encryption Status Bar

This area shows any status messages regarding the Disk Encryption application. Any program errors will be shown in this area. If the program is running smoothly then the standard message is 'All systems are up and running'.

4.1 Physical DrivesThe Drives panel displays the logical partitions of the Hard Disk Drive mounted in your system. This panel is displayed by default whenever the application is accessed. You can also view this panel by clicking on the Drives tab.



www.comodo.com

The Drives panel allows you to:

• Encrypt a drive partition;

• Decrypt an encrypted drive partition;

• Edit encryption settings of an encrypted drive partition;

• Change password set up for encryption;

• Browse a drive;

• View the properties of a drive; and

• Remove an Encrypted Partition by right clicking on the drive icon.

Encrypt - Clicking the Encrypt option opens the Disk Encryption Wizard. See Encrypting a Drive for more details.

Decrypt - Clicking the Decrypt Option opens the Disk Encryption Wizard for decrypting a drive. This is enabled when the selected drive is previously encrypted. See Decrypting a Drive for more details.

Edit Settings - Clicking the Edit Settings option opens the Disk Encryption Wizard for changing the encryption settings for the selected drive. This is enabled when the selected drive is previously encrypted. You can change the hash algorithm and Encryption algorithm of the previously encrypted drive using this option.



www.comodo.com

To Edit Encryption Settings

1. Right click on the selected drive and click Edit Settings. The Disk Encryption Wizard for changing the encryption settings appears.

2. Click Next. The Encryption Settings dialog appears.

3. Type the password setup while encrypting the drive, in the Current Password text box. If you have chosen USB Key only authentication type, you need not type the password.

4. Choose the Hash Algorithm and Encryption algorithm from the respective drop-down boxes (the existing algorithms used are displayed by default). If you want to include the free space in the selected drive for



www.comodo.com

encryption, uncheck Ignore disk free space. Else leave it checked. Ignoring empty disk space will significantly accelerate the encryption and decryption processes on large disk drives.

5. Click Next. The Finish dialog appears.

6. Select the USB drive to be used as the USB key from the drop-down box and click Finish. If you have chosen Password only authentication type, you need not select the USB drive. A confirmation dialog appears. Click Yes.

7. Click Finish.

The application will encrypt the selected drive with the new settings. This may take some time depending on the size of your disk. Do not power-off the system till the process is completed.

Change Password- Clicking the Change Password option opens the Disk Encryption Wizard for changing the password setup for encryption. This is enabled when the selected drive is previously encrypted. You can even switch between the authentication types - Password only, USB key only or both Password and USB key.



www.comodo.com

To change the password

1. Right click on the selected drive and click Change Password. The Disk Encryption Wizard for changing the password appears.

2. Select the authentication type. i.e. Password check box, USB stick check box or both Password and USB stick check boxes and Click Next.

The Encryption Settings dialog appears. If you have chosen USB stick only option, this step is skipped and the process moves to step 6.



www.comodo.com

4. Type the New password and retype it in the respective text boxes. If you want to include the free space in the selected drive for encryption, uncheck Ignore disk free space. Else leave it checked. Ignoring empty disk space will significantly accelerate the encryption and decryption processes on large disk drives.

5. Click Next.

The Finish dialog appears.

6. Select the USB drive to be used as the USB key from the drop-down box and click Finish. If you have chosen Password only authentication type, you need not select the USB drive.

A confirmation dialog appears.

5. Click Yes.

The application will re-encrypt the selected drive with the new password. This may take some time depending on the size of your disk. Do not power-off the system till the process is completed. The encryption progress is indicated at the progress bar and the remaining time for completion of encryption is displayed above the bar.

Browse - Clicking the Browse option opens the Windows Explorer window of the selected drive. This option is active for both encrypted and unencrypted drives.



www.comodo.com

Properties - Clicking the Properties option opens the properties dialog of the selected drive. This option is active for both encrypted and unencrypted drives.

Remove Encrypted Partition - Clicking the Remove Encrypted Partition option allows you to remove the selected drive from the drives list in the Drives Navigation panel, meaning the selected drive is hidden in the list . This is active only for a previously encrypted disk. You can add the drive again into the list by navigating through Tools > Add Encrypted Partition and selecting the drive.

To remove an encrypted partition from the list

1. Right click on the drive and click Remove Encrypted Partition.



www.comodo.com

A confirmation dialog appears.

2. Click Yes. The drive will be removed from the list.



www.comodo.com

4.2 Virtual DrivesA Virtual drive is a drive partition, emulating an optical disk or a hard drive partition. You can create:

• Virtual Memory drives , which reside in the system memory, enable very fast read write access but last only till the system is turned-off;

• Virtual File drives, which reside in your hard disk.

A virtual drive letter can also be assigned for a virtual drive and this will resemble a hard drive partition in My Computer Explorer window. CDs/DVDs are often mounted as encrypted disk images using disk image emulation software, creating virtual CD/DVD in your hard drive. Mounting the disk image allows reading of the content of the CD or DVD from the disk image on the hard drive rather than on the disk itself. It also allows users to run software as if the registered copy of the disk were in the disk drive itself.

Comodo Disk Encryption allows you to create/mount and remove/unmount Virtual Drives in your system.

To access Virtual Drives panel, click on the Virtual Drives tab in the main interface.

This panel allows you to create/mount, remove/demount, edit encryption settings etc. of the virtual drives in your system.



www.comodo.com

For more details on the creating and handling virtual drives, click the links below:

• Creating and Mounting Virtual Drives

• Handling Virtual Drives .

4.2.1 Creating and Mounting Virtual Drives

Comodo Disk Encryption allows you to create/mount and remove/unmount Virtual Drives in your system.

To access Virtual Drives panel, click on the Virtual Drives tab in the main interface.

To create a virtual disk or to mount an existing disk

1. Right click on the empty space inside the window. An option 'Mount' is displayed. 2. Click on the 'Mount'. The Virtual Disk Encryption Wizard opens.



www.comodo.com

From this wizard:

• You can create a new encrypted virtual drive and store in a location in your hard drive This drive can be used to store secure files; and

• You can also mount an existing encrypted virtual drive, but unmounted previously.

To create a new virtual drive

1. Select Create New Virtual Drive in the Virtual Disk Encryption Wizard and click Next. The Disk Properties Dialog appears to configure the properties of the drive to be created.



www.comodo.com

2. Enter the size of the disk (in MB) (Minimum 5 MB ) you want to create and click Next. The Encryption Settings dialog appears to specify the encryption settings.

3. Type and retype a password to be setup as a key for encryption in the respective boxes. 4. Select a Hash Algorithm and Encryption algorithm from the respective drop-down boxes and click Next. For

details on algorithms, refer Appendix 1.

Also you can change the Encryption settings later, by right clicking on the virtual drive and selecting the Edit option.



www.comodo.com

In the Store Location dialog that appears next, You can create a Memory Drive or a File Drive.

Memory Drive – The memory drive is created in the system memory, i.e. a portion of RAM is set up to act as a hard drive partition. The memory drive has fast read/write access. Because of the volatile nature of the system memory, the memory drive will last only till the system is powered-off. Memory drives can be used while working with a decrypted copy of an encrypted document and to hold larger files like image files for shorter period of times, e.g. when working on several images using image editing softwares. Click here for more details on creating a Memory Drive.

File Drive – The file drive is created as single file at any location of your choice in your hard drive. This file acts as a disk image, resembling a separate hard drive partition. You can set any drive letter of your choice to this virtual drive partition and encrypt with any hash and encryption algorithms. The virtual drive will be displayed as a hard drive partition in My Computer Explorer window. You can format this drive and store your data to be protected in it for permanent storage. Click here for more details on creating a File Drive.

To create a Memory Drive

1. Click on the Memory Drive in the Store Location dialog and click Next.

2. Select a drive letter for the virtual memory drive to be created from the Letter drop-down box and click Next. The Finish dialog appears.



www.comodo.com

Also, you can change the drive letter and/or set the virtual drive as Read Only later, by right clicking on the virtual drive and selecting Change Letter option.

3. Click the Finish button. A virtual memory drive is created and is displayed in the Virtual Drives panel of the main interface. This drive will also appear in the My Computer Windows Explorer window. You have to Format the disk, before storing any data in it.

To Create a File Drive

1. Click on the File Drive in the Store Location dialog and click Next. A Save Location dialog appears.

.



www.comodo.com

2. Type the path of the location where you want to save the virtual drive or click Browse, navigate to the desired location in your hard drive, give a file name in the Save As dialog, click Save and click Next. The Drive letter dialog appears. Also, you can change the drive letter later by right clicking on the virtual drive and selecting Change Letter option.

3. Select a drive letter for the virtual file drive to be created from the Letter drop-down box and click Next. The Finish dialog appears.



www.comodo.com

4. Click the Finish button. A virtual file drive is created and is displayed in the Virtual Drives panel of the main interface. This drive will also appear in the My Computer Windows Explorer window. You have to Format the disk, before storing any data in it.

To mount an Encrypted Virtual Drive

1. Select Mount Existing Virtual Drive in the Virtual Disk Encryption Wizard and click Next. The Open Location Dialog appears to choose the file stored previously as encrypted virtual drive.

2. Type the file name with path in the File text box or click Browse. Navigate to the file and click Open dialog box.



www.comodo.com

3. Type a Password used as key, for mounting the drive, in the Password text box and click Next. The Drive letter dialog box appears.

4. Select the drive letter from the Letter drop-down box. If you want the drive to be created as a Read Only drive (i.e. the files stored are protected from editing), select Read Only check box, else leave it unchecked and click Next. The Finish dialog appears.

5. Click the Finish button. A virtual file drive is created and is displayed in the Virtual Drives panel of the main interface. This drive will also appear in the My Computer Windows Explorer window. The drive will contain the data as contained in the previously unmounted drive.



www.comodo.com

Important Note: Every time you start Windows and start Comodo Disk Encryption, you will be prompted to enter the password for mounting the virtual drive. The virtual drive will be mounted only after entering the correct password.

4.2.2 Handling Virtual Drives

The Virtual Drives panel also allows to create/mount, remove/unmount virtual drives in your system. Apart from that you can also :

• Edit Encryption settings;

• Change the drive letter;

• Browse; and

• Open Properties dialog; of the mounted virtual drive by right clicking on the drive icon.

Mount - Clicking the Mount option opens the Virtual Disk Encryption Wizard for creating a new virtual drive or mounting an existing virtual drive. For more details click here.

Unmount - Clicking the Unmount Option opens a remove confirmation dialog.



www.comodo.com

To remove/unmount the selected virtual drive, click Yes. The unmounted virtual disk can be remounted later using the Mount Existing Virtual Drive option in the Virtual Disk Encryption Wizard. For more details click here.

If you want to permanently delete the selected virtual drive, select Delete the virtual disk permanently and click Yes.

Important Note: The permanently deleted virtual disk cannot be remounted.

Edit - Clicking the Edit option opens the Change Encryption Settings dialog. You can change the password, Hash algorithm and Encryption algorithm in this dialog.

To Edit Encryption Settings

1. Type the current password in the Current Password text box. 2. Type the new password and retype it in the respective text boxes. 3. Choose the Hash Algorithm and Encryption algorithm from the respective drop-down boxes (the existing

algorithms used are displayed by default). 4. Click Change.

Note: You cannot change the encryption settings for virtual memory drive.



www.comodo.com

Change Letter - Clicking the Change Letter option opens the Change Drive Letter dialog. This option allows you to change the drive letter of the selected virtual drive. Also you can set the virtual drive into Read Only in this dialog. The current drive letter is displayed.

To change the drive letter

1. Select a new drive letter from the New Drive Letter drop-down box . 2. Type the current Password. 3. If you want to set the virtual drive as Read Only, select the Read Only option, else leave it unchecked. Setting a

drive as 'Read Only' makes the drive write protected and does not allow editing the contents in it. This is useful when you want to store data which should be protected from alterations, even by mistake.

4. Click Change.

Browse - Clicking the Browse option opens the Windows Explorer window of the selected virtual drive.Properties - Clicking the Properties option opens the properties dialog of the selected virtual drive.



www.comodo.com



www.comodo.com

5 Encrypting a Drive

Comodo Disk Encryption allows you encrypt required drive partition using any of several algorithms. Encrypting a drive protects the confidential information stored in it from being accessed by others.

Comodo Disk Encryption enables you to encrypt the drive partition selected by you using different authentication types. they are:

• Password Authentication - You can use a password of your choice as authentication key to encrypt the required drive. You can use different hashing and encryption algorithms for encrypting different drives, but you can use a single password for encrypting different drives in your system. This password is necessary to access the drive, decrypt the drive, change the encryption settings etc. The password must be entered whenever Windows is started to enable assessing the encrypted drives.

• USB memory key Authentication - You can use a USB memory as a key to encrypt the required drive. You can use different hashing and encryption algorithms for encrypting different drives, but you can use a single key for encrypting different drives in your system. This key is necessary to access the drive, decrypt the drive, change the encryption settings etc. This key must be plugged-in in the system whenever Windows is started to enable assessing the encrypted drives.

Note: The USB memory will be configured as a key for encrypting the drives in your system. This fob should not contain any information you wish to keep. Once it has been used to store encryption settings it will have no other function than to act as a key for your encrypted drives.

• Authentication with both Password and USB memory key - You can use a password and USB key as a combination as authentication for encrypting your drive. Both the password and the USB key are required to decrypt the drive, change the encryption settings etc. The USB key must be plugged-in in the system whenever Windows is started to enable assessing the encrypted drives. Encrypting a drive using both password and USB stick is a highly secure practice that meets the classic two factor authentication criteria of 'something you own' plus 'something you know'.

You can choose any one of these, according to your requirement. But you have to use the same authentication type for encrypting different drives in your system.

To encrypt a drive

1. Right click on the required drive in the Drives navigation panel and click on the Encrypt option.



www.comodo.com

The Disk Encryption Wizard opens.



www.comodo.com

2. Select the authentication type from Password only, USB Stick only or both Password and USB Stick, by selecting the respective check boxes and click Next. The encryption Settings dialog opens.

• If Password is selected, then you are required to enter the password that was set up during the encryption process during system start-up in order to access the encrypted drive.

• If USB key authentication is selected then you must have the USB key inserted in the machine during system start-up and at all times during the session in order for the drive to be accessible. If the USB key is not present, then drive cannot be used.

• If both Password and USB key are selected, the USB key must be present AND you also have to enter the setup password in order to access the encrypted drive. Encrypting a drive using both password and USB stick is a highly secure practice that meets the classic two factor authentication criteria of 'something you own' plus 'something you know'.

3. If you have chosen Password only or both Password and USB Stick authentication types,Type a new password and retype the password in the respective text boxes. The password must contain at least four characters. Remember to use the same password to encrypt other drives in your system. If you have chosen USB key only authentication type, you need not enter the password.

4. Select Hash algorithm and Encryption Algorithm for encrypting the selected drive, from the respective drop-down boxes. Comodo Disk Encryption provides you with possibility use different hash and encryption algorithms. Each has its own advantages in terms of performance, several variations of collision resistance, how well its security has been studied professionally, etc.



www.comodo.com

Hash Algorithms

Encryption Algorithms

Hash Algorithm:

Whirlpool 512-bit/strongest SHA1 160-bit / strongSHA256 256-bit / strongMD5 128-bit / strong RIPEMD160 160-bit / strong

Encryption Algorithm:AES 128-bit / strongest Serpent 128, 192 or 256-bit / very strongBlowfish 64-bit block / strong3DES 168-bit / strongTwofish 128-bit block/ strong

5. If you want to include the free space in the selected drive for encryption, uncheck Ignore disk free space. Else leave it checked. Ignoring empty disk space will significantly accelerate the encryption and decryption processes on large disk drives.

6. Click Next. The Finish Dialog appears.

7. If you have chosen USB key only or both Password and USB Stick authentication types,Select the USB drive to be configured as the key from the drop-down box. If you have chosen Password only authentication type, you need not select the USB drive.



www.comodo.com

8. Click Finish. A confirmation dialog appears. Click Yes.

The application will encrypt the selected drive. This may take some time depending on the size of your disk. Do not power-off the system till the process is completed. The encryption progress is indicated at the progress bar and the remaining time for completion of encryption is displayed above the bar.



www.comodo.com

6 Decrypting a Drive

Decrypting an encrypted drive partition brings back the drive to its original (unencrypted) form, so that the drive becomes accessible by anyone. The protection offered by encrypting the drive is disabled.

To decrypt an encrypted drive partition

Note: Make sure that the USB memory key is inserted into the USB slot of your system before decrypting a drive partition which was encrypted using USB key or both Password and USB key authentication types.

1. Right click on the encrypted drive in the Drives panel and click the Decrypt option.

The Disk Encryption wizard opens for decrypting the selected drive.



www.comodo.com

2. Click Next. The Encryption dialog opens for the input of current password, if the drive has been encrypted with Password or both Password and USB key authentication types. If the disk has been encrypted using the USB key authentication type, this step is skipped.

3. Type the password correctly in the Current Password text box and click Next. The Finish dialog appears.



www.comodo.com

4. Click Finish. A confirmation dialog appears. Click Yes.

The application starts decrypting the selected drive. This may take some time depending on the size of your disk. Do not power-off the system till the process is completed. The decryption progress is indicated at the progress bar and the remaining time for completion of decryption is displayed above the bar.



www.comodo.com



www.comodo.com

7 The Tools Menu

The Tools menu in Comodo Disk Encryption allows you to configure miscellaneous settings concerning the overall behavior of the application.

These Tools menu options can be accessed by clicking on the Tools in the menu bar.

Click on the following links for detailed description on each option.

• Settings

• Backup USB Key

• Add Encrypted Partition

• Backup/Restore Encryption Settings

7.1 Settings

The Settings panel allows you to configure the miscellaneous settings concerning the overall behavior of Comodo Disk Encryption application.

To open the Settings panel

• On the Tools menu, click Settings.



www.comodo.com

You can configure for the following in the Settings panel:

• Enable password protection;

• Enable prompt for boot time password;

• Automatically start application with Windows;

• Show the tray icon in the Windows task bar;

• Show splash screen while the application starts;

• Automatically check for updates.

Enable password protection - This option is for protecting the configuration settings you have made for the Comodo Disk Encryption application. If you enable password protection, this Settings panel can be accessed only on input of the correct password.

To enable password protection for the settings panel

1. Select Enable password protection. The password setting dialog opens.



www.comodo.com

2. Type a password of your choice (should be of minimum four characters) in the Password text box and retype it in the Confirm Password text box. (This password can be different from the password you use for authenticating the encryption of drives)

3. Click OK.

The password is set . You will be prompted to enter this password every time you try to access this Settings panel. You can change the password later by clicking on the Password button that appears beside Enable password protection option.

Enable prompt for boot time password - The disks encrypted using Password authentication type or both Password and USB key authentication type cannot be accessed unless the password you have set during encrypting a drive, is entered on system start-up. If you want you system to display a prompt message to alert you to enter the password during system start-up, enable this option. This option is activated if at least one of your drives is encrypted.



www.comodo.com

If you have unchecked this option, no prompt will be displayed during system start-up, but the system waits for you to enter the password. If you type the password and press Enter, the system starts normally and you can access the encrypted drive. If you do not type the password or type a wrong password and press enter, the system will start-up but you cannot access the encrypted drive. If the OS drive is encrypted, the system will start only on input of the correct password.

To enable prompt for password during system start-up

1. Select Enable prompt for boot time password option. 2. In the text box beside the option, enter a Prompt message that should appear during system start-up. The default

text message is Enter the password: . You can change it into message of your choice. E.g. Type the password for Comodo Disk Encryption or Enter the password for accessing encrypted drives.

Automatically start application with Windows - Enabling this option starts Comodo Disk Encryption every time during system start-up automatically. You can also start the application by clicking Start > All Programs > Comodo > Disk Encryption.

Show the tray icon in the Windows task bar - This option stays selected by default. This ensures that the system tray icon is displayed in the task bar, for easy access. If you uncheck this option, the tray icon is not shown in the task bar. You can still start the application by clicking Start > All Programs > Comodo > Disk Encryption.

Show splash screen while the application starts - This option stays selected by default. A splash screen representing Comodo Disk Encryption will be displayed whenever the application is started manually. If you uncheck this option, the screen is not displayed and the application is started directly.

Automatically check for updates - Enabling this option makes the application to connect to Comodo server and check for product updates every time the application is started. If any updates are available, you will be prompted to download and install the updates. You can also manually check for updates.

To manually check for updates

1. Click on the Check now button in the Settings panel. The Updater Wizard opens.



www.comodo.com

2. Click Start. The updater starts checking the availability of product updates. If any updates are available, you will be prompted to download and install the updates.

7.2 Taking a Copy of Your USB KeyComodo Disk Encryption allows you to have a spare USB key, for you to access the drives encrypted with USB key authentication type, in case the original USB key is lost. You can prepare a spare USB key in advance and keep it safe, to avoid the situation where you are prevented from accessing important information stored in an encrypted drive, just because you have lost your original key.

To prepare a Spare USB key

1. Insert the original USB key in a USB slot in you system. 2. Insert a blank formatted USB memory into another spare USB slot in your system.

Note: The USB memory will be configured as a key for encrypting the drives in your system. This fob should not contain any information you wish to keep. Once it has been used to store encryption settings it will have no other function than to act as a key for your encrypted drives.

3. Start Comodo Disk Encryption application and click Tools > Copy USB key.



www.comodo.com

The Copy USB key dialog appears.

4. Select the Source USB Key (drive letter of the original key) and the destination USB key (drive letter of the USB memory, which you want to create as spare key ) from the respective drop-down boxes and click Backup.

A warning dialog appears.



www.comodo.com

5. Click Yes. The encryption configurations in the original USB memory drive will be copied to the spare USB memory and the completion dialog will appear.

6. Click OK.

The Spare USB memory can now be used as an authentication key to access your encrypted drives.

7.3 Add Encrypted Partition The Add Encrypted Partition option in the Tools menu allows you to restore the partition encrypted previously and removed from the list of the drives in the Drives navigation panel. This option is active only if any of the previously encrypted drive is removed from the Drives list in the Drives navigation panel. See Physical Drives > Removing Encrypted Partition for more details on removing a drive from the list. You can also access this option by right clicking on the empty space in the Drives Navigation panel.

To add a removed encrypted partition into the drive list

1. On the Tools menu, click Add Encrypted partition or right click on the empty space in the Drives Navigation panel and click Add Encrypted partition. The Disk Encryption Wizard for adding a removed drive opens.



www.comodo.com

2. Select the Authentication type you set while encrypting, select the drive you wish to add from the drop-down list and click Next. The Encryption Settings dialog appears.

3. Type the correct password, select the Hash algorithm and Encryption algorithm used for encrypting the selected drive and click Next. The Finish dialog appears.

Note: If you have selected USB key only authentication type during encryption, you need not type the password in this step.



www.comodo.com

4. Click Finish. The drive will be restored in the list.

7.4 Backup/Restore Encryption Settings

The Backup/Restore Encryption Settings option in the Tools menu allows you to preserve the encryption settings like password, USB key information of the encrypted drives, as a backup in a secure location within your system. The backed up encryption settings can be restored at any time, to avoid the situation where you are prevented from accessing important information stored in an encrypted drive, just because you have forgot the password and/or lost your original USB key. You can even rebuild a duplicate USB key from the Backup.

To open the Backup/Restore wizard, click Backup/Restore Encryption Settings on the Tools menu. The Backup/Restore wizard can also be accessed from the Start menu. Click Start > All Programs > Comodo > Disk Encryption > BackupRestore.

Click the links below for detailed descriptions on backing up and restoring the encryption settings.

• Creating a Backup of Encryption Settings

• Restoring the Encryption Settings



www.comodo.com

Creating a Backup of Encryption Settings

Note: Before taking a backup, make sure that you have inserted the original USB key in the slot if you have chosen USB stick only or both Password and USB Stick option while encrypting the drive.

To Backup the Encryption Settings

1. On the Tools menu, click Backup/Restore Encryption Settings. The Backup/Restore wizard opens.

2. Select Backup encryption settings and click Next.



www.comodo.com

3. Select the encrypted drive for which you want to backup the encryption settings from the Drive Letter drop-down menu and click Next. (Only the encrypted drives are listed in the drop-down).

4. In the next dialog, type the password used for authentication (If you have chosen Password only or both Password and USB Stick during encryption) and/or select the drive letter of the original USB key plugged to the system (If you have chosen USB stick only or both Password and USB Stick during encryption).

5. Click Browse to select a secure location in your hard drive to store the backup file. A dialog appears to prompt you to choose a safe location in your hard drive.

6. Click OK. The browser window opens.



www.comodo.com

7. Select the drive/folder where you want to save the backup file containing the encryption settings and type a file name for the backup. (Select a file name so that others cannot decipher this as a backup of the encryption settings.)

8. Click Save. The encryption wizard with your input details is displayed.



www.comodo.com

9. Click Next. The encryption settings are stored in the file you specified and the completion dialog is displayed.

Restoring the Encryption Settings

Note: Before restoring encryption settings,, make sure that you have inserted a blank formatted USB memory in the slot in order to rebuild the USB key, if you have used USB option during encryption.

To Restore the Encryption Settings

1. On the Tools menu, click Backup/Restore Encryption Settings. The Backup/Restore wizard opens.

2. Select Restore encryption settings and click Next.



www.comodo.com

3. Click Browse and browse to the location where you have stored the backup file and click Open.

The wizard appears with the file path.



www.comodo.com

4. Click Next.

5. The next dialog reveals your Password. If you have to re-create the USB key, select the drive letter of the blank USB plugged to your system from the Drive letter drop-down menu and click Create Key Now.

6. Click Next. The Restoration Complete dialog appears.



www.comodo.com



www.comodo.com

8 Help

The Help menu allows you to access different options which aid you in using Comodo Disk Encryption.

Click on the links below to get details on options in the Help menu.

• Content;

• Support;

• Product Updates;

• About.

8.1 Content

Clicking the Content option in the Help menu opens the in-built Help guide. Each functionality of Comodo Disk Encryption, has its own dedicated page containing detailed descriptions of it in the help guide.



www.comodo.com

8.2 Support

The fastest way to get further assistance on Comodo Disk Encryption is by posting your question Comodo Forums, a message board exclusively created for our users to discuss anything related to our products.

To access Comodo Forum

• On the Help menu, click Support option.

This will open the website at http://forums.comodo.com. Registration is free and you'll benefit from the expert contributions of developers and fellow users alike.



http://forums.comodo.com/

www.comodo.com

Online Knowledge Base

We also have an online knowledge base and support ticketing system at http://support.comodo.com. Registration is free.

8.3 Product UpdatesThe Product Updates option in the Help menu allows you to manually check for the availability of the updated version of Comodo Disk Encryption from the Comodo server. You can also configure the application to check for updates automatically by accessing the Settings panel.

To manually check for updates

1. On the Help menu, click Product updates option. The Updater Wizard opens.



http://support.comodo.com/

www.comodo.com

2. Click Start. The updater starts checking the availability of product updates. If any updates are available, you will be prompted to download and install the updates.

8.4 About

The About option in the Help menu displays the version information of Comodo Disk Encryption installed in your system.

To open About dialog

1. On the Help menu, click About option.



www.comodo.com

9 Uninstalling Comodo Disk Encryption

To uninstall Disk Encryption:

• Click Start > Settings > Control Panel

• In the Control Panel, double-click Add/Remove Programs

• In the list of currently installed programs, click Disk Encryption

• Click the 'Change/Remove' button.

OR

• Click Start > Programs > Comodo > Disk Encryption > Uninstall Disk Encryption

• A dialog box will appear to confirm that you want to un-install Disk Encryption. Click Yes.

• Wait till the Windows configures the uninstallation.

A Progress bar will be displayed indicating the files deletion.



www.comodo.com

On completion, You will be prompted to restart the system for the uninstallation to take effect.

• Click Yes to restart the computer and finalize the uninstallation. If you wish to restart the system at a later time, click NO. But the uninstallation will be finalized only on restarting the system.



www.comodo.com

Appendix – 1 Cipher Algorithms - A Brief Overview

Different algorithms are used for encryption, but all of them have certain common elements. There are several classes of algorithms, in Comodo Disk Encryption are used the strongest types. At it's most simple level, encrypting your data prevents it from being stolen, modified or accessed by unauthorized persons.

The only person with the ability to view the data is the person in possession of the encryption key that was used to encrypt it. In the case of Comodo Disk Encryption, this key, and other crucial encryption settings, can be stored on the USB drive that must be inserted in your machine at boot up and/or within your system with a password which is to be entered during boot-up. With the USB inserted/password entered, CDE is able to load the key and decrypt your drive, making it available for use. If you do not insert the USB / do not enter the password at start up, the drive will not be useable by anyone - including thieves and hackers. If (as Comodo strongly advise) you select encryption algorithms of 128 bits and above, then you will be creating a drive so secure that it is computationally infeasible that it could be decrypted and accessed by unauthorized persons.

To generate this secret USB key, CDE uses a keyed-Hash Message Authentication Code (HMAC or KHMAC). This is a type of message authentication code which is figured out using a specific algorithm: combination of cryptographic hash function with a secret key. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, on the size and quality of the key and the size of the hash output length in bits.

To encrypt data CDE uses symmetric algorithms, they represented by stream ciphers and block ciphers. Stream ciphers encrypt the bits of the data one at a time, and block ciphers take a number of bits and encrypt them as a single unit.



www.comodo.com

During Encryption, You are:

1. Inserting the USB memory; 2. Selecting the Hash and Encryption algorithms to

be used.

Since KHMAC is used, the selected hash algorithm generates a secret key and stores it in the USB memory. The hash algorithm, in combination with the selected encryption algorithm, encrypts the contents of the disk.

The higher the bit encryption of the algorithm, the more secure it is. The trade off is that the higher the encryption level also means slower encryption and decryption speeds. In most cases, however, it is not recommended to use an encryption level lower than 128 bit. 256 encryption can be used by enterprise level users that require the very highest security levels.

What bit cipher to choose? It depends on your goals:

• 40-bit ciphers are unsafe and don't require special equipment to be broken. Anybody with a personal computer can break them.

• 56-bit ciphers (notably DES) are acceptable for home use only. Government agencies have the ability to break such ciphers in the real time.

• 128-bit ciphers are very strong. Breaking such a cipher with "brute-force" key search is not feasible due to the immense time and hardware that would be necessary to accomplish the task. In almost all cases, encrypting with a 128 bit cipher is a perfect mix of security and speed of encryption.



www.comodo.com

Algorithms

Hash AlgorithmsAlgorithm Key length /

Encryption Level / Fast

Brief Description Recommendation

Whirlpool 512-bit / strongest

WHIRLPOOL is a hash function designed by Vincent Rijmen and Paulo S. L. M. Barreto that operates on messages less than 2^256 bits in length, and produces a message digest of 512 bits.

Recommended for enterprises.

SHA1 (Secure Hash Algorithm 1)

160-bit / strong

For computing a condensed representation of a message or a data file. When a message of any length < 2^64 bits is input, the SHA-1 produces a 160-bit output called a message digest.

Suitable for both domestic and exportable use.

SHA256 (longer version of SHA-1, with slight difference)

256-bit / strong

For computing a condensed representation of a message or a data file. When a message of any length < 2^64 bits is input, the SHA-1 produces a 256-bit output called a message digest.

Suitable for both domestic and exportable use.

MD5 (Message-Digest algorithm 5)

128-bit / strong

The MD5 algorithm takes as input a message of arbitrary length and produces as output a 128-bit message digest of the input.

Ideal for domestic use.

RIPEMD160 (RACE Integrity Primitives Evaluation Message Digest)

160-bit / strong

RIPEMD-160 is a 160-bit cryptographic hash function with a 160-bit hash result.

Ideal for both domestic and exportable use.



www.comodo.com

Encryption Algorithms

Algorithm Block Size / Encryption level / Speed

Brief Description Recommendation

AES (Advanced Encryption Standard )

128 bits/ Strongest

Also known as Rijndael. This cipher is used for encryption by default.


Serpent 128, 192 or 256 bits / Very Strong / Fast

128, 192, 256-bit block cipher. Designed by Ross Anderson, Eli Biham and Lars Knudsen as a candidate for the Advanced Encryption Standard.


Blowfish 64-bit block / variable key length: 32 bits to 448 bits/ Strong/Fast

Symmetric block cipher. It is a Feistel network, iterating a simple encryption function 16 times. The block size is 64 bits, and the key can be any length up to 448 bits. Designed by Bruce Schneier.

Ideal for both domestic and exportable use. Much faster than DES and IDEA.

3DES (Triple - Data Encryption Standard)

168-bit block/ Strong/ Fast

Probably the most widely known block cipher with 192-bit block size that uses 168-bit keys. No considerable weaknesses have been found.

Only recommended for domestic use when the prospect of attack vectors or the consequences of attack are deemed, by the user, to be not significant. Some businesses may consider using 3DES if CDE is part of a layered security system and they wish to take advantage of the fast encryption/decryption speed.

Twofish 128-bit block/ 28-, 192-, or 256-bit key/ strong/ very fast

Symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits.

A widely used and recommended choice for most cases.



www.comodo.com

About Comodo

The Comodo companies provide the infrastructure that is essential in enabling e-merchants, other Internet-connected companies, software companies, and individual consumers to interact and conduct business via the Internet safely and securely. The Comodo companies offer PKI SSL, Code Signing, Content Verification and E-Mail Certificates; award winning PC security software; vulnerability scanning services for PCI Compliance; secure e-mail and fax services.

Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and has over 10,000,000 installations of desktop security products.

For additional information on Comodo - visit http://www.comodo.com/


Comodo Security Solutions, Inc

525 Washington Blvd.

Jersey City, NJ 07310

United States.

Tel: +1 888 266 6361

Email: [email protected]

Comodo CA Limited

3rd Floor, 26 Office Village, Exchange Quay,

Trafford Road, Salford,

Greater Manchester M5 3EQ,

United Kingdom.

Tel : +44 (0) 161 874 7070

Fax : +44 (0) 161 877 7025


mailto:[email protected]


Comodo Disk Encryption User Guide

Documents

Transcript of Comodo Disk Encryption User Guide