DiskCryptor: encrypt hard disk partitions, flash drives, and CD/DVD media with this versatile tool


DiskCryptor is a free, open source disk encryption software. It encrypts entire hard drive partitions, including the system partition as well as flash drives in real time without affecting performance. It can also create encrypted CDs/DVDs (through the use of disk image .ISO files).

It offers excellent performance for mounted encrypted volumes and a good range of features and options.

This software is designed to encrypt entire hard drives, storage devices, or CD/DVD media. It is similar to TrueCrypt, another notable software previously mentioned on this site; however DiskCryptor lays claim to several advantages:

  1. It can encrypt partitions with existing data: without destroying the data. This is obviously very practical and useful and is a significant advantage.
  2. It can create encrypted CD’s/DVD’s: through the use of .ISO images. DiskCryptor will encrypt these and the user can subsequently burn them to actual physical media.
  3. “Truly” Open Source: purports to be “the only truly free solution provided under GNU General Public License” (in contrast to the “TrueCrypt Collective License” which apparently places restrictions on the modification of the source data).

Disadvantages vs. TrueCrypt:

  1. Unlike TrueCrypt, DiskCryptor is not designed to create file containers that can be mounted as encrypted virtual drives. It will, in other words, encrypt a partition or an entire hard drive or flash drive, but strangely will not create an encrypted file that you can mount as a virtual drive. I personally find this omission very strange and I am sure will cause many to stick with TrueCrypt.
  2. Lacks the “plausible deniability” feature (where if, say, you are “forced” to surrender a password you can give a decoy which displays innocuous files). Although I personally think this feature is unimportant.
  3. Although it is designed to encrypt bootable system partitions, the version I tested (0.8.548.97) has a known limitation in that the partition will not boot after encryption. If you want to encrypt system/bootable partitions you have to either wait for a future version, use a bootable CD (such as BartPE), or … use TrueCrypt.

More on how DiskCryptor works:

  • Mounting encrypted drives: DiskCryptor has to be running in memory. To use an encrypted flash drive or CD on, say, your work and home computers, you need to install the program in both places.
  • Booting encrypted drives: fully support bootings encrypted system partitions (including support for different multi-boot scenarios). DiskCryptor can also be integrated into a BartPE bootable Livedisk; instructions here.
  • Caching passwords: if you have this enabled, entering a password once will cache it in kernel memory so that it mounts automatically on next insert, which is really cool. You can disable caching if you want and of course you can clear all passwords from the cache at will.
  • Performance: superfast. Your encrypted disks, in other words, will be as fast as regular disks for all practical purposes. You can perform any operation on mounted encrypted drives that you would on normal drives (such as defrag, etc.).
  • Support: these are all quotes from the program site; “full support for dynamic disks”, support for “disk partition encryption of any configuration, including boot and system partitions”, “support for hardware cryptography found in VIA processors”, “support for disk devices with large sector sizes, which is important when working with hardware RAID”, “support for hardware cryptography found in VIA processors”, “full support for 3rd party boot loaders (LILO, GRUB, etc.)”
  • Encryption modes: a wide range to choose from; AES, Twofish, Serpent, AES-Twofish, Twofish-Serpent, Serpent-AES or AES-Twofish-Serpent in XTS mode.
    Extended configuration possibilities of booting an encrypted OS. Support for different multi-boot scenarios.
  • Command line version: available
  • Hotkeys: although this did not seem to be active in the version I tested, you will in the future be able to use hotkeys to perform actions such as dismounting partitions, initiating an emergency system stop, etc.

Freewaregenius 5-Star Pick

The verdict: I think this is a very exciting software that has huge potential. DriveCrypt was conceived, according to the website, as a replacement for DriveCrypt Plus Pack and PGP Whole Disk Encryption (WDE). The aim has subsequently changed to “create the best product in its category”, and I think they are well underway to achieve this goal.

Having said that I really wish future versions of DriveCrypt encrypted file containers. I know that for many people (including myself) this is an indispensable feature and could be a significant barrier to using this program over a program such as TrueCrypt for example.

Version Tested: 0.8.548.97

Compatibility: Windows 2000 SP0-SP4, XP (x86, x64) SP0-SP3, Server 2003 (x86, x64) SP0-SP2, Vista (x86, x64) SP0-SP2, Server 2008 (x86, x64), Windows 7 (x86, x64) RC0, RC1.

Go to the program page to download the latest version (approx 579K).

  • MetatroN

    This software is much much better than TrueCrypt. For me system partition boots just fine after encryption. Bootloader config options and possible scenarios is just excellent. This is program for thinking people (no simple wizard). If your system not boot, probably you forgot install bootloader to mbr before encryption system drive.

    File containers is lame solution for me. Full disk encryption is simple and fast way to secure whole computer or removable media and DiskCryptor do it better than TrueCrypt.

  • Samer

    @ MetatroN: thanks for your feedback. I am glad to hear that encrypted partitions are indeed bootable; I corrected the text above. The reason I thought they were not was the “Limitations in the current version” on the English program website, which read “The main encrypted system partition cannot be converted into a dynamic one. After the conversion, the system will not boot”. So, either I misunderstood what this means or they need to update this section.

    I agree with you that this software is excellent; however I still think that they should provide support for file containers, as my guess is that most people just want to encrypt a bunch of files not entire hard drives (of course, it is always possible to create partitions especially for this purpose, but that may be too complicated for a lot of people).

  • Nat

    Good find Samer, thank you. I am liking the program but.. I agree with you, the ability to encrypt file containers, is an absolute must.

    Until this is implemented I wont be able to really use it. Would love it if you could also easily encrypt single files and folders.

  • I may try this just for the sake of trying, but the ability to not have file volumes is a severe disadvantage when compared to truecrypt.

  • MetatorN

    This is software for full disk encryption. File containers is useless on notebook, only FDE give you full security when laptop is lost or stolen.

    For files encryption pgp works better than TC and containers.

    ps. “plausible deniability” is possible. When you give wrong password Disk Cryptor can boot decoy system.

  • DougA

    I believe that TrueCrypt can also encrypt partitions with existing data. The following is from their website in the section on whole-disk encryption:

    “Note that TrueCrypt can encrypt an existing unencrypted system partition/drive in-place while the operating system is running”

    Also, there is a place for both whole disk encryption as well as container encryption.

    During whole disk encryption, once I’ve booted up my OS, the entire drive is now “open” to trojans or hackers who have access to my system over the network. However, they still won’t have access to encrypted files or containers unless I have those files open as well.

    Thus, for better security, you’d want to encrypt your entire hard drive, and then add another layer of encryption for sensitive files or folders.

  • Anonymous

    Thanks for the gift

  • Jason

    I’m a long-time TrueCrypt user. I can confirm that it will encrypt a partition that already has data on it. Also agree with the file container issue. I have my entire drive encrypted, but I also have file containers that hold information I only rarely need, and which I don’t want exposed if a network I’m on is compromised. Finally, plausible deniability is worth having if you travel itnernationally. Many customs agents now will claim the right to demand your password and “inspect” the contents of your hard drive. Having a hidden volume is critical in such a situation.

  • Disadvantage: no version of this product exists for Linux, as it does for TrueCrypt.

    My guess is that it’s a pretty hard thing to do for a product such as this.

    Thanks for letting us know about this!

  • Home page has been modified http://diskcryptor.net/wiki/Main_Page/en

    Although the last update was 2011/05 and its Windows-only, I much prefer the GPL. I’m not clear why TrueCrypt had to create an individual license for its code or what unique properties they included. I tried reading it but IANAL and can’t seem to find a good breakdown on that.

  • freddie

    I use Diskcryptor for full disk / partitions and then Truecrypt for containers within the same drive – this way you have the benefit of two seperate programs – surely they cannot be both in the pocket of the FBI. The hidden containers via Truecrypt is useful, and the ability to encrypt dual operating systems on the same drive via Diskcryptor is a must have tool for a laptop.
    Truecrypt has fancy features like being able to edit the boot password phrase, while Diskcryptor has a blue screen of death hot key to instant dismount for when the FBI kick down your door.
    If these two programs are truly designed without back doors then they are both superb tools.

  • Nomo

    writing that plausible deniability is unimportant is extremely stupid – you are actively leading activists and people, who really have a reason to encrypt stuff, into life danger! Plausible deniability is a very important concept and you should learn about it and warn people about encryption software that has not this feature.