Dec 15, 2014 at 6:19 PM
Edited Dec 15, 2014 at 6:20 PM
In-place encryption of non-system partitions was present in TrueCrypt since version 6.1 and VeraCrypt inherited it. It is available only for NTFS partitions and disks and it is supported on Windows Vista and onwards.
These limitations are due to the fact that the filesystem needs to be shrunk in order to make space for the volume header and backup header and this is implemented using a Windows system call that shrinks NTFS filesystems.
On other operatings systems, in-place encryption is not implemented. There are no plans to implement it. For Ext3 and Ext4 filesystems, shrinking is possible but low level knowledge is needed to implement in-place encryption correctly.
It is not possible to perform an in-place decryption for non-system partitions and disks. This has not been implemented because we need to support pause/resume functionality but we can't distinguish if the an encryption is in progress or a decryption. So the
choice was made to enable encryption only since usually it is not needed to decrypt a partition/disk that contain sensitive data (you just wipe it).
, a user asked why VeraCrypt doesn't implement this while TrueCrypt 7.2 implements the in-place decryption. This was easy for them because they removed encryption capabilities.
There are two ways to implement both in-place encryption and decryption:
- Ask the user before resuming the operation if it is a in-place encryption or an in-place decryption
- Write data the volume that tells if we are encryption or decrypting.
The safest way is to ask the user. Any thoughts on this?