From DiskCryptor wiki
Jump to: navigation, search

DiskCryptor console version command switches

Beginning from the DiskCryptor version 0.3, in addition to the graphical user interface (GUI), the program also has the command line interface dccon.exe, allowing for the control of most of the program's functions. On execution of dccon.exe file without parameters, the program lists a brief description of the available commands:

Usage: dccon [key] [param]

 -enum                           Enum all volume devices in system
 -info [dev]                     Display information about device
 -version                        Display DiskCryptor version
 -benchmark                      Encryption benchmark
 -config                         Change program configuration
 -keygen [file]                  Make 64 bytes random keyfile
 -bsod                           Erase all keys in memory and generate BSOD

 -addpass [param]                Add password to password cache
    -p  [password]               Get password from command line
    -kf [keyfiles path]          Use keyfiles
 -clean                          Wipe cached passwords in memory

 -mount [dev] [param]            Mount encrypted device
    -mp [mount point]            Add volume mount point
    -p  [password]               Get password from command line
    -kf [keyfiles path]          Use keyfiles
 -mountall [param]               Mount all encrypted devices
    -p  [password]               Get password from command line
    -kf [keyfiles path]          Use keyfiles
 -unmount [dev] [param]          Unmount encrypted device
    -f                           Force unmount with close all opened files
    -dp                          Delete volume mount point
 -unmountall                     Force unmount all devices

 -encrypt [dev] [param]          Encrypt volume device
    -p  [password]               Get password from command line
    -kf [keyfiles path]          Use keyfiles
             ======  Cipher settings:   ======
    -a                           AES cipher
    -t                           Twofish cipher
    -s                           Serpent cipher
    -at                          AES-Twofish ciphers chain
    -ts                          Twofish-Serpent ciphers chain
    -sa                          Serpent-AES ciphers chain
    -ats                         AES-Twofish-Serpent ciphers chain
             ======  Original data wipe settings:  ======
    -dod_e                       US DoD 5220.22-M (8-306./E)          (3 passes)
    -dod                         US DoD 5220.22-M (8-306./E, C and E) (7 passes)
    -g                           Gutmann mode                         (35 passes)
 -decrypt [dev] [param]          Decrypt volume device
    -p  [password]               Get password from command line
    -kf [keyfiles path]          Use keyfiles
 -reencrypt [dev] [param]        Re-encrypt device with new parameters, parameters are equal to -encrypt
 -format [dev] [param]           Format volume device with encryption, parameters are equal to -encrypt
    -q                           Quick format
    -fat                         Format to FAT file system
    -fat32                       Format to FAT32 file system
    -exfat                       Format to exFAT file system
    -ntfs                        Format to NTFS file system
    -raw                         File system does not needed
 -enciso [src] [dst] [param]     Encrypt .iso image, parameters are equal to -encrypt
    -src                         Source file
    -dst                         Destination file

 -chpass [dev] [param]           Change volume password
    -op  [password]              Get old password from command line
    -np  [password]              Get new password from command line
    -okf [keyfiles path]         Old keyfiles
    -nkf [keyfiles path]         New keyfiles
 -backup [dev] [file] [param]    Backup volume header to file
    -p  [password]               Get password from command line
    -kf [keyfiles path]          Use keyfiles
 -restore [dev] [file] [param]   Restore volume header from file
    -p  [password]               Get password from command line
    -kf [keyfiles path]          Use keyfiles

 -boot [action]
    -enum                        Enumerate all HDDs
    -config  [hdd/file]          Change bootloader configuration
    -setmbr  [hdd] [opt]         Setup bootloader to HDD master boot record
    -updmbr  [hdd]               Update bootloader on HDD master boot record
    -delmbr  [hdd]               Delete bootloader from HDD master boot record
    -setpar  [root par] [opt]    Setup bootloader to bootable partition
    -makeiso [file] [opt]        Make bootloader image (.iso)
    -makepxe [file] [opt]        Make bootloader image for PXE network booting
       -small                    Use small bootloader, only with AES

Disk and partition naming conventions

Some of the commands require user to specify a disk or a partition, to which they are going to be applied. A disk partition can be specified either by a sequence number, or by a mounting point. There is a sequence number for any partition, even if it does not have a mounting point, and it looks like this, – pt0, pt1... pt[n]. The mounting point of a partition, is either the letter of the disk, or its full path (when mounting a partition to NTFS directory). To list the partitions, you can launch the program with the -enum switch.

The commands for working with the bootloader, require specification of a physical disk instead of a partition. Disks are being named as hd0, hd1... hd[n], and you can see their list by executing program with the -boot enum switch.

Program component installation/removal switches

Command Action
-version Displays program version.
-install Installs DiskCryptor driver in the system.
-remove Removes DiskCryptor driver from the system.
-update Updates DiskCryptor driver to a newer version.

Commands for operations with disk partitions

In order to execute these commands, the DiskCryptor driver must be installed. Driver installation or update can be performed with the commands listed in the previous switch group.

Command Action
-enum Displays information about all supported disk partitions.
-info [device] Displays information about a partition.
-mount [device] Prompts for a password and mounts an encrypted partition.
-mountall Attempts to mount all encrypted partitions, passwords to which reside in the memory. If no partitions were possible to mount, then a password is prompted to be entered, and the program tries to mount partitions again.
-unmount [device] [-f] Dismounts the mounted partition. The "-f" key allows to dismount a partition even if it has open or in use files.
-unmountall Forcibly dismounts all mounted partitions. All open files will be forced to close.
-encrypt [device] [wipe mode] [key params] Encrypts an unencrypted partition. The "wipe mode" parameter allows to utilize safe data wipe algorithms, to destroy the original contents of the partition, in order to prevent the data recovery using magnetic force microscopy.
-decrypt [device] [enc params] Decrypts an encrypted partition. Partition has to be mounted when executing this command.
-chpass [device] [enc params] Changes the password of an encrypted partition. Partition has to be mounted when executing this command.
-reencrypt [device] [enc params] Performs re-encryption of all data, including the change of master key. Allows to change an encryption algorithm.
-format [device] [params] [enc params] Creates an empty encrypted partition. To specify a file system, please use keys -raw, -fat, -fat32, -exfat and -ntfs. Key -q performs quick format, without filling the whole partition with random numbers. Appropriate to apply when formatting a partition that was previously encrypted with DiskCryptor.
-backup [device] [file] [enc params] Creates a backup copy of partition's functionary information for its recovery in case of damage or accidental formatting.
-restore [device] [file] [enc params] Restores partition's functionary information from a backup copy.
-enciso [src] [dst] [params] Encrypts CD/DVD .iso image. This command allows for creation of encrypted optical disk media.

enc params — standard set of encryption settings that includes the following switches:

Command Action
-p [password] Allows to set password from command line.
Windows does not allow to set unconditioned symbols in command line. If your password has the following special symbols - ", > , <, then please use interactive mode to enter your password.
-kf [keyfiles path] Allows to use key files.
-op [password] Enter old password from command line. (only -chpass).
-np [password] Enter new password from command line. (only -chpass).
-okf [keyfiles path] Enter old key file from command line. (only -chpass).
-nkf [keyfiles path] Enter new key file from command line. (only -chpass).

Functionary commands

Command Action
-clean Wipes cached passwords from driver's memory.
-addpass Add password to the passwords cache, for automatic mount purpose.
-benchmark Performs a speed test of cryptographic functions.
-config Evokes program configuration menu.
-bsod Wipes all passwords and keys from memory, and performs an emergency termination of system's operation.
All unsaved data will be lost. Please use this command with caution.
-keygen [file] Generates a random 64 byte key file.

Commands for operations with bootloader

To be able to boot Windows from an encrypted partition, you need to install DiskCryptor's bootloader. When encrypting the boot or system partitions, the program will offer to automatically install bootloader with a default configuration. By default, the bootloader is being installed on HDD, that has last been used to boot the system from. Please note, that a system is not necessarily located on a boot HDD, which can be the case with multi-boot configurations. It is possible to install bootloader on HDD, CD/DVD and USB disks. The switches of this group of commands are accessible without installing the program.

Command Action
-boot -enum Displays information about physical disks.
-boot -setmbr [hdd] Installs bootloader on HDD with a default configuration.
-boot -delmbr [hdd] Removes bootloader from HDD.
-boot -updmbr [hdd] Updates bootloader to a newer version with all settings kept intact.
-boot -setpar [partition root] Installs bootloader on an external device. The command works with USB disks. In case if device is not formatted as bootable, then the program will offer to format it. As a parameter, the command accepts the letter of a partition or the path to its mounting point.
-boot -makeiso [file] Creates an .iso image for booting from a CD/DVD disk.
-boot -makepxe [file] Creates an image for network boot via PXE.
-boot -config [hdd/file] Evokes bootloader configuration menu. As a parameter, it is possible to point to physical disks, partition letters (only for external devices) or a path to the bootloader image file.

Disk Speed test utility commands

The diskspeed.exe utility is provided for testing read/write speed of disk partitions. The testing can be performed either in a linear read mode, or in an sequential read/write mode. First mode corresponds to the speed of working with partition, when copying large files. And the second mode outputs the speed, corresponding to operations performed with a large number of small files.

diskspeed [disk] [type] [-b] [block size]
  disk  - determine disk for test speed
  type  - test type
    -r  - linear read test
    -rw - chunked read/write test
  -b    - test block size in KBytes (optional)

Examples of use:

diskspeed c: -r
diskspeed c: -rw -b 1024
Language: English  • Deutsch • русский