DiskCryptor console version command switches
Beginning from the DiskCryptor version 0.3, in addition to the graphical user interface (GUI), the program also has the command line interface
dccon.exe, allowing for the control of most of the program's functions. On execution of
dccon.exe file without parameters, the program lists a brief description of the available commands:
Usage: dccon [key] [param] ________________________________________________________________________________ -enum Enum all volume devices in system -info [dev] Display information about device -version Display DiskCryptor version -benchmark Encryption benchmark -config Change program configuration -keygen [file] Make 64 bytes random keyfile -bsod Erase all keys in memory and generate BSOD ________________________________________________________________________________ -addpass [param] Add password to password cache -p [password] Get password from command line -kf [keyfiles path] Use keyfiles -clean Wipe cached passwords in memory ________________________________________________________________________________ -mount [dev] [param] Mount encrypted device -mp [mount point] Add volume mount point -p [password] Get password from command line -kf [keyfiles path] Use keyfiles -mountall [param] Mount all encrypted devices -p [password] Get password from command line -kf [keyfiles path] Use keyfiles -unmount [dev] [param] Unmount encrypted device -f Force unmount with close all opened files -dp Delete volume mount point -unmountall Force unmount all devices ________________________________________________________________________________ -encrypt [dev] [param] Encrypt volume device -p [password] Get password from command line -kf [keyfiles path] Use keyfiles ====== Cipher settings: ====== -a AES cipher -t Twofish cipher -s Serpent cipher -at AES-Twofish ciphers chain -ts Twofish-Serpent ciphers chain -sa Serpent-AES ciphers chain -ats AES-Twofish-Serpent ciphers chain ====== Original data wipe settings: ====== -dod_e US DoD 5220.22-M (8-306./E) (3 passes) -dod US DoD 5220.22-M (8-306./E, C and E) (7 passes) -g Gutmann mode (35 passes) -decrypt [dev] [param] Decrypt volume device -p [password] Get password from command line -kf [keyfiles path] Use keyfiles -reencrypt [dev] [param] Re-encrypt device with new parameters, parameters are equal to -encrypt -format [dev] [param] Format volume device with encryption, parameters are equal to -encrypt -q Quick format -fat Format to FAT file system -fat32 Format to FAT32 file system -exfat Format to exFAT file system -ntfs Format to NTFS file system -raw File system does not needed -enciso [src] [dst] [param] Encrypt .iso image, parameters are equal to -encrypt -src Source file -dst Destination file ________________________________________________________________________________ -chpass [dev] [param] Change volume password -op [password] Get old password from command line -np [password] Get new password from command line -okf [keyfiles path] Old keyfiles -nkf [keyfiles path] New keyfiles -backup [dev] [file] [param] Backup volume header to file -p [password] Get password from command line -kf [keyfiles path] Use keyfiles -restore [dev] [file] [param] Restore volume header from file -p [password] Get password from command line -kf [keyfiles path] Use keyfiles ________________________________________________________________________________ -boot [action] -enum Enumerate all HDDs -config [hdd/file] Change bootloader configuration -setmbr [hdd] [opt] Setup bootloader to HDD master boot record -updmbr [hdd] Update bootloader on HDD master boot record -delmbr [hdd] Delete bootloader from HDD master boot record -setpar [root par] [opt] Setup bootloader to bootable partition -makeiso [file] [opt] Make bootloader image (.iso) -makepxe [file] [opt] Make bootloader image for PXE network booting -small Use small bootloader, only with AES
Disk and partition naming conventions
Some of the commands require user to specify a disk or a partition, to which they are going to be applied. A disk partition can be specified either by a sequence number, or by a mounting point. There is a sequence number for any partition, even if it does not have a mounting point, and it looks like this, –
pt0, pt1... pt[n]. The mounting point of a partition, is either the letter of the disk, or its full path (when mounting a partition to NTFS directory). To list the partitions, you can launch the program with the
The commands for working with the bootloader, require specification of a physical disk instead of a partition. Disks are being named as
hd0, hd1... hd[n], and you can see their list by executing program with the
-boot enum switch.
Program component installation/removal switches
|-version||Displays program version.|
|-install||Installs DiskCryptor driver in the system.|
|-remove||Removes DiskCryptor driver from the system.|
|-update||Updates DiskCryptor driver to a newer version.|
Commands for operations with disk partitions
In order to execute these commands, the DiskCryptor driver must be installed. Driver installation or update can be performed with the commands listed in the previous switch group.
|-enum||Displays information about all supported disk partitions.|
|-info [device]||Displays information about a partition.|
|-mount [device]||Prompts for a password and mounts an encrypted partition.|
|-mountall||Attempts to mount all encrypted partitions, passwords to which reside in the memory. If no partitions were possible to mount, then a password is prompted to be entered, and the program tries to mount partitions again.|
|-unmount [device] [-f]||Dismounts the mounted partition. The "-f" key allows to dismount a partition even if it has open or in use files.|
|-unmountall||Forcibly dismounts all mounted partitions. All open files will be forced to close.|
|-encrypt [device] [wipe mode] [key params]||Encrypts an unencrypted partition. The "wipe mode" parameter allows to utilize safe data wipe algorithms, to destroy the original contents of the partition, in order to prevent the data recovery using magnetic force microscopy.|
|-decrypt [device] [enc params]||Decrypts an encrypted partition. Partition has to be mounted when executing this command.|
|-chpass [device] [enc params]||Changes the password of an encrypted partition. Partition has to be mounted when executing this command.|
|-reencrypt [device] [enc params]||Performs re-encryption of all data, including the change of master key. Allows to change an encryption algorithm.|
|-format [device] [params] [enc params]||Creates an empty encrypted partition. To specify a file system, please use keys -raw, -fat, -fat32, -exfat and -ntfs. Key -q performs quick format, without filling the whole partition with random numbers. Appropriate to apply when formatting a partition that was previously encrypted with DiskCryptor.|
|-backup [device] [file] [enc params]||Creates a backup copy of partition's functionary information for its recovery in case of damage or accidental formatting.|
|-restore [device] [file] [enc params]||Restores partition's functionary information from a backup copy.|
|-enciso [src] [dst] [params]||Encrypts CD/DVD .iso image. This command allows for creation of encrypted optical disk media.|
enc params — standard set of encryption settings that includes the following switches:
|-p [password]|| Allows to set password from command line.
Windows does not allow to set unconditioned symbols in command line. If your password has the following special symbols - ", > , <, then please use interactive mode to enter your password.
|-kf [keyfiles path]||Allows to use key files.|
|-op [password]||Enter old password from command line. (only -chpass).|
|-np [password]||Enter new password from command line. (only -chpass).|
|-okf [keyfiles path]||Enter old key file from command line. (only -chpass).|
|-nkf [keyfiles path]||Enter new key file from command line. (only -chpass).|
|-clean||Wipes cached passwords from driver's memory.|
|-addpass||Add password to the passwords cache, for automatic mount purpose.|
|-benchmark||Performs a speed test of cryptographic functions.|
|-config||Evokes program configuration menu.|
|-bsod|| Wipes all passwords and keys from memory, and performs an emergency termination of system's operation.
All unsaved data will be lost. Please use this command with caution.
|-keygen [file]||Generates a random 64 byte key file.|
Commands for operations with bootloader
To be able to boot Windows from an encrypted partition, you need to install DiskCryptor's bootloader. When encrypting the boot or system partitions, the program will offer to automatically install bootloader with a default configuration. By default, the bootloader is being installed on HDD, that has last been used to boot the system from. Please note, that a system is not necessarily located on a boot HDD, which can be the case with multi-boot configurations. It is possible to install bootloader on HDD, CD/DVD and USB disks. The switches of this group of commands are accessible without installing the program.
|-boot -enum||Displays information about physical disks.|
|-boot -setmbr [hdd]||Installs bootloader on HDD with a default configuration.|
|-boot -delmbr [hdd]||Removes bootloader from HDD.|
|-boot -updmbr [hdd]||Updates bootloader to a newer version with all settings kept intact.|
|-boot -setpar [partition root]||Installs bootloader on an external device. The command works with USB disks. In case if device is not formatted as bootable, then the program will offer to format it. As a parameter, the command accepts the letter of a partition or the path to its mounting point.|
|-boot -makeiso [file]||Creates an .iso image for booting from a CD/DVD disk.|
|-boot -makepxe [file]||Creates an image for network boot via PXE.|
|-boot -config [hdd/file]||Evokes bootloader configuration menu. As a parameter, it is possible to point to physical disks, partition letters (only for external devices) or a path to the bootloader image file.|
Disk Speed test utility commands
diskspeed.exe utility is provided for testing read/write speed of disk partitions. The testing can be performed either in a linear read mode, or in an sequential read/write mode. First mode corresponds to the speed of working with partition, when copying large files. And the second mode outputs the speed, corresponding to operations performed with a large number of small files.
diskspeed [disk] [type] [-b] [block size] disk - determine disk for test speed type - test type -r - linear read test -rw - chunked read/write test -b - test block size in KBytes (optional)
Examples of use:
diskspeed c: -r diskspeed c: -rw -b 1024
|Language:||English • Deutsch • русский|