Would you please consider my request to enable the user to right click an individual file and select Encrypt / Decrypt with VeraCrypt.
My reason for requesting individual file encryption is that on occasion users need to quickly move data to a flash drive or send a file via email.
I understand the old arguments that a user can go through the process of creating a container for each file they intend to email, or save to a flash drive, but this takes time and effort. As anyone interested in security knows the more friction there is to secure data the less likely even the most paranoid users are to do it every time.
Obviously a user could pre-prepare a collection of different sized empty container files and have them stored ready to use when a user needs to quickly encrypt something. However this again adds friction and feels like a clumsy workaround.
By having a simple and quick method to encrypt an individual file the more likely it is that people will use it. Even though I pride myself on my paranoia I have often failed to secure my data properly by copying files to an unencrypted flash drive as time restraints prevented me from making yet another VeraCrypt container.
There is also a further hidden risk involved to users who are occasionally under time pressure as that unencrypted file saved to their flash drive remains in the free space after being cut or deleted.
Other file encryption programs are available but nothing provides me with the same confidence that I get from VeraCrypt.
I hope you will kindly consider my request and help to save even the most paranoid users from their occasional security lapses, usually as a consequence of poor time management, resulting in unencrypted files being saved to unencrypted flash drives.
I understand there will be a few who will immediately attempt to dismiss this feature request as “mission creep” or “bloat” however I believe that making encryption quicker and easier, therefore more likely, outweighs such arguments.
Thank you Mounir for all your work.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The right-click function can be modified to drag and drop (because of the portable version), and you can refer to the Cncrypt drag folder to create an encrypted volume. @idrassi
Last edit: 风之暇想 2023-07-03
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you @k4rll3373r for the details about this feature.
I see the productivity benefit of having such feature. Technically speaking this can already be implemented by a PowerShell script thanks to the fact that VeraCrypt Format allows creating volume in command line. Here is how it can be done:
The PowerShell script will start by computing the total size occupied by the given directories and files Let's note this value L.
It compute the expected size of the file container by adding 5 MiB to above L value to account for VeraCrypt headers and the filesystem overhead (we may need a better estimate for the overhead)
Call "VeraCrypt Format.exe" with the /create switch to create a file container with exFAT file system and with a size equal to L + 5MiB
call "VeraCrypt.exe" to mount the created file container to a drive letter.
copy all given directories and files to the mounted volume drive letter.
call "VeraCrypt.exe" to dismount the volume
et voilà.
I'm sure there are members of this forum that can implement such script without a problem! maybe we can even ask chatgpt to implement this idea (it is good at such simple tasks).
Meawhile, I will see how to incorporate such functionality in VeraCrypt.
@fzxx: thank you for sharing the ideas already implemented in Cncrypt. It is unfortunate that its author doesn't publish the source code or contribute back to VeraCrypt.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Only you would improvise the PowerShell workaround so promptly, you truly are our crypto hero!!
Meanwhile, I will see how to incorporate such functionality in VeraCrypt.
Yes please, I believe such a simple to use feature would help prevent the friction mentioned above.
Obviously it is entirely the users own fault if they move data from an encrypted drive to an unencrypted drive but this feature will leave them with no legitimate excuse to do so.
Thank you.
I have been over 35 minutes trying to get past sourceforge's spambot protection. Is there any other place or forum where I can respond to you more easily?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I also think such feature will be very useful. Otherwise people have to use other software utilities, ie 7-zip, Jetico, etc. The idea is of course this new feature to be very fast and simple to use. Doing it through the PowerShell may take a long time for all the processes to complete. I guess ther will be black windows popping up and closing, etc. Additionally, to match the next following container size after adding 5MiB, we may need to create very large container for a very small file. Imagine someone wants to encrypt a TXT file. After all, size matters, as we all know :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@k4rll3373r: as an experiment, I wrote a PowerShell script to implement the idea I proposed. In order to make the size of the file container as minimal as possible, I implemented an algorithm in the PowerShell script that tries to estimate the minimum required size for exFAT filesystem based on the content of the given directory. The estimation is not perfect but it look to be good for content smaller than 256 MiB.
I didn't have a lot of time to spend on this and I enlisted the help of chatgpt to help in writing PowerShell since I'm not expert on it: it couldn't come up with a good implementation but once I tell it to do something, it is able to write PowerShell for it. For example, I gave it the algorithm to estimate the exFAT storage size in C and it transformed it into PowerShell code (this is a very cool functionality!).
To try the script, open a Windows command prompt, navigate to the directory where EncryptData.ps1 file was saved and then type the following: powershell .\EncryptData.ps1 c:\path\to\folder
This will create a file container by appending .hc extension of the directory path. You can also specify explicitely the path of the container to create: powershell .\EncryptData.ps1 c:\path\to\folder c:\path\to\container.hc
Here is a screenshot of running an example command:
Implementing this script was beneficial in quickly understanding challenges of implementing this feature. This also made me think that it would be good to have some kind of scripting capability of VeraCrypt to allow simple and quick way to implement ideas or customize its behavior.
Developing things in C/C++ takes time and it forces everthing to go through the slow process of integrations into official VeraCrypt source based. If we had some kind of native scripting support, this would allow the community to develop kind of Addons that enhace VeraCrypt in ways that I would never imagine.
@alex2048: the script tries to estimate the minimum required size, you can check the script for the details. As I said above, PowerShell enables to quickly experiment and understand challenges. Native implementation is better for usability but if VeraCrypt had a native scripting support, then implementing such feature in a script would also also be good since it will allow users to adapt the feature in an easy way without waiting for official release.
PS: concerning sourceforge spam protection, Github is an alternative but it is more developer oriented. Unfortunately I don't have any other alternative to propose.
PPS: I will not have much free tiime in the coming days because of family obligations and so I will not be able to work on VeraCrypt modifications or investigating issues. Once I have more time, I will share my plan about working on native implementation of this feature.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello Mounir
Would you please consider my request to enable the user to right click an individual file and select Encrypt / Decrypt with VeraCrypt.
My reason for requesting individual file encryption is that on occasion users need to quickly move data to a flash drive or send a file via email.
I understand the old arguments that a user can go through the process of creating a container for each file they intend to email, or save to a flash drive, but this takes time and effort. As anyone interested in security knows the more friction there is to secure data the less likely even the most paranoid users are to do it every time.
Obviously a user could pre-prepare a collection of different sized empty container files and have them stored ready to use when a user needs to quickly encrypt something. However this again adds friction and feels like a clumsy workaround.
By having a simple and quick method to encrypt an individual file the more likely it is that people will use it. Even though I pride myself on my paranoia I have often failed to secure my data properly by copying files to an unencrypted flash drive as time restraints prevented me from making yet another VeraCrypt container.
There is also a further hidden risk involved to users who are occasionally under time pressure as that unencrypted file saved to their flash drive remains in the free space after being cut or deleted.
Other file encryption programs are available but nothing provides me with the same confidence that I get from VeraCrypt.
I hope you will kindly consider my request and help to save even the most paranoid users from their occasional security lapses, usually as a consequence of poor time management, resulting in unencrypted files being saved to unencrypted flash drives.
I understand there will be a few who will immediately attempt to dismiss this feature request as “mission creep” or “bloat” however I believe that making encryption quicker and easier, therefore more likely, outweighs such arguments.
Thank you Mounir for all your work.
I have had so much trouble posting here due to the spam bot protection I ended up posting in the wrong section.
Could some please move my post to the feature requests section?
The right-click function can be modified to drag and drop (because of the portable version), and you can refer to the Cncrypt drag folder to create an encrypted volume. @idrassi
Last edit: 风之暇想 2023-07-03
Thank you @k4rll3373r for the details about this feature.
I see the productivity benefit of having such feature. Technically speaking this can already be implemented by a PowerShell script thanks to the fact that VeraCrypt Format allows creating volume in command line. Here is how it can be done:
et voilà.
I'm sure there are members of this forum that can implement such script without a problem! maybe we can even ask chatgpt to implement this idea (it is good at such simple tasks).
Meawhile, I will see how to incorporate such functionality in VeraCrypt.
@fzxx: thank you for sharing the ideas already implemented in Cncrypt. It is unfortunate that its author doesn't publish the source code or contribute back to VeraCrypt.
Also, create a self-releasing file (exe), which is suitable for sending files.
The exe load is read-only; friends can load without installing veracrypt. @idrassi
Thank you Mounir for your response and advice.
Only you would improvise the PowerShell workaround so promptly, you truly are our crypto hero!!
Yes please, I believe such a simple to use feature would help prevent the friction mentioned above.
Obviously it is entirely the users own fault if they move data from an encrypted drive to an unencrypted drive but this feature will leave them with no legitimate excuse to do so.
Thank you.
I have been over 35 minutes trying to get past sourceforge's spambot protection. Is there any other place or forum where I can respond to you more easily?
I also think such feature will be very useful. Otherwise people have to use other software utilities, ie 7-zip, Jetico, etc. The idea is of course this new feature to be very fast and simple to use. Doing it through the PowerShell may take a long time for all the processes to complete. I guess ther will be black windows popping up and closing, etc. Additionally, to match the next following container size after adding 5MiB, we may need to create very large container for a very small file. Imagine someone wants to encrypt a TXT file. After all, size matters, as we all know :)
@k4rll3373r: as an experiment, I wrote a PowerShell script to implement the idea I proposed. In order to make the size of the file container as minimal as possible, I implemented an algorithm in the PowerShell script that tries to estimate the minimum required size for exFAT filesystem based on the content of the given directory. The estimation is not perfect but it look to be good for content smaller than 256 MiB.
I have pushed the script to the source code repository: https://sourceforge.net/p/veracrypt/code/ci/master/tree/contrib/EncryptData.ps1
It is also available at https://sourceforge.net/projects/veracrypt/files/Contributions/EncryptData.ps1/download
I didn't have a lot of time to spend on this and I enlisted the help of chatgpt to help in writing PowerShell since I'm not expert on it: it couldn't come up with a good implementation but once I tell it to do something, it is able to write PowerShell for it. For example, I gave it the algorithm to estimate the exFAT storage size in C and it transformed it into PowerShell code (this is a very cool functionality!).
To try the script, open a Windows command prompt, navigate to the directory where EncryptData.ps1 file was saved and then type the following:
powershell .\EncryptData.ps1 c:\path\to\folder
This will create a file container by appending .hc extension of the directory path. You can also specify explicitely the path of the container to create:
powershell .\EncryptData.ps1 c:\path\to\folder c:\path\to\container.hc
Here is a screenshot of running an example command:
Implementing this script was beneficial in quickly understanding challenges of implementing this feature. This also made me think that it would be good to have some kind of scripting capability of VeraCrypt to allow simple and quick way to implement ideas or customize its behavior.
Developing things in C/C++ takes time and it forces everthing to go through the slow process of integrations into official VeraCrypt source based. If we had some kind of native scripting support, this would allow the community to develop kind of Addons that enhace VeraCrypt in ways that I would never imagine.
@alex2048: the script tries to estimate the minimum required size, you can check the script for the details. As I said above, PowerShell enables to quickly experiment and understand challenges. Native implementation is better for usability but if VeraCrypt had a native scripting support, then implementing such feature in a script would also also be good since it will allow users to adapt the feature in an easy way without waiting for official release.
PS: concerning sourceforge spam protection, Github is an alternative but it is more developer oriented. Unfortunately I don't have any other alternative to propose.
PPS: I will not have much free tiime in the coming days because of family obligations and so I will not be able to work on VeraCrypt modifications or investigating issues. Once I have more time, I will share my plan about working on native implementation of this feature.