http://cryptosd.oxysec.com/manuals/apps


 Applications

Foreword

    CryptoSD software suite includes all the application needed to configure and manage CryptoSD devices: 

  • CryptoSD Login 
  • CryptoSD Configurator 
  • CryptoSD Password Manager 
  • CryptoSD Clone 

    Thanks to those applications it is possible to configure and manage the MicroSD memory card in a quick and easy way.

    The suite can be downloaded from the page Tools.



CryptoSD Login

    CryptoSDLogin.exe allows you to send the unlock password to the device so that it can decrypt the chosen disk. The application has several entries of which is now given a description.

  1. Drive letters as enumerated by the OS . You can select the one for which you want to insert the unlock password.
  2. INFO button with green color. If pressed it displays information on the related logical drive (disk) are displayed. The green color indicates that at the moment you can access the disk with full control, both reading and writing.
  3. Button INFO with yellow color. If pressed it displays information on the related logical drive (disk). The yellow color indicates that at the moment you can access the disk read-only and any modification of the content is inhibited.
  4. Button INFO with red color. If pressed it displays information on the related logical drive (disk). The red color indicates that at the moment you can’t access the disk because an unlock password has not yet been sent to the device.
  5. Entry where to type the password to unlock a disk.
  6. "Read Only" - This option is enabled if a read-only password was previously set for the selected disk. By selecting this option and entering the proper password the disk will be accessed in read-only mode.
  7. "Read/Write" - This option is the default choice and allows you to enter the unlock password for full access ( read and write).
  8. "Remember password" - The selection of this option has the effect that, from that moment on, the corresponding protected disk is automatically unlocked when CryptoSD is inserted into a USB port without the need of the password. You can always ask the device to "forget" the password using the program CryptoSD Password Manager. Forget the password means that the device will not longer keep the password in its memory and the user must enter it to unlock the memory card.


   

In depth - "Remember password" option

    By choosing the option "Remember password" the hash of the user password is added to the configuration parameters of the MicroSD memory which will be used to obtain the AES 256 key used to encrypt all data on the memory. Such configuration parameters are saved in an encrypted form too and are located in a reserved area of the MicroSD memory that only CryptoSD devices can decrypt and use.
    This yields that the configuration options , being on board memory and not in the CryptoSD device, “follow” the memory card, so that using the memory in another CryptoSD device the configuration "Remember password" will remain active.
    Finally, note that this option is activated for both the "Read/Write"  and "Read Only" password. It turns out that it may be more convenient to automatically mount a disk in read-only mode and only when needed manually enter the password for gaining full access.
    It is always possible at any time make the memory card to forget the password using the program CryptoSD Password Manager the use of which is explained later on in this manual. From that moment on you need to manually enter the password as before the “Remember password” choice.


https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/apps#TOC-Le-applicazioni-nel-dettaglio

The information window

    By clicking on one of the "INFO" bars in the main program window, you will see a new window that lists the features of the selected disk.


CryptoSDLogin - Information about a disk


  • Disk { H: } { 5.00 } GBytes - Letter of the logic unit and disk size
  • Protection: { ON | OFF } - Indicates whether the disk is protected (encrypted) or not (not encrypted)
  • Remember RW Password: { YES | NO } - Indicates if the “Remember password” option for full access is active for this disk
  • Read Only Password set: { YES | NO } - Indicates if the read-only password was set for this disk
  • Remember RO Password: { YES | NO } - Indicates if the “Remember password” option for read/write access is active for this disk
  • Data bound to MicroSD: { YES | NO } - Indicates if the data encryption is bound also to the MicroSD memory information data (serial number, manufacturer ...)
  • Data bound to CryptoSD Device: { YES | NO } - Indicates if the data encryption is bound also to the data of the CryptoSD device. Such data are unique for each device, unless the cloning procedure (shown below) are used.


https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/apps#TOC-Le-applicazioni-nel-dettaglio


CryptoSD Configurator

    The program CryptoSDConfig.exe performs the configuration of the MicroSD memory applying the desired settings and security levels.

  1. Disk selection Check-boxes. Checking one of these fields a disk is added to the configuration of the memory. You can configure the MicroSD memory to exports up to four logical drives, that is four disks.
  2. The bar below the disk indication is green if the disk will not be encrypted and it is red if the disk will be encrypted
  3. Entry where to insert the desired disk size. For ease of use when selecting a new disk all the remaining free space will be assigned to it, but editing its value you can choose different sizes with a precision of 10 Mbytes, corresponding to 0.01 Gbytes.
  4. The green open padlock indicates that the disk will be configured without encryption (not protected), while the red locked padlock indicates that the disk will be encrypted.
  5. The check indicates that the security parameters of the disk are correctly set
  6. "Security" buttons. Clicking on any of these buttons (or just check on the left) the window "Disk Settings" will be opened, here you can configure the security settings for the specific disk.
  7. Whole assigned MicroSD memory space
  8. Not allocated MicroSD memory space
  9. The indicated bar turns red if the globally allocated size is greater than the available disk space


    By clicking on a "Security" button it will be opened a window that enables you to set the password and parameters related to the encryption rules to apply to the selected disk.


  1. Blue bar that indicates which disk you are working on.
  2. Entries where the password to access the disk must be entered.
  3. Lock to MicroSD - Choosing this option (active by default) the encryption process will be linked to internal non modifiable parameters of the memory card such as the serial number and the manufacturer code. This prevents the MicroSD memory card to be cloned: in fact the encryption would be affected by different values (for example the serial number) returning unexpected values.
  4. Lock To Device - This option allows you to bind the encryption process to internal non modifiable parameters belonging to the CryptoSD device you are using. The data can’t be decrypted with any other CryptoSD device. Be very careful if you opt for this choice because you will be prompted to save configuration data in a file (Recovery Key) you can use to clone the original CryptoSD device if lost, stolen or become damaged. Without these important data, in fact, you would no longer be able to decrypt the data in memory.
  5. Remember Password - This flag tells the device to remember your password so that it is not required entering it to access the disk. It will always be possible to force the device to "forget" it (this is done with the CryptoSDPasswdMan.exe application) in order to restore controlled access.


    NOTE - If in the Disk settings  window the option "Lock-to-device" is chosen, after the initialization process it will be asked to save the "Recovery Key". This is a hexadecimal value that will be used in case the CryptoSD device becomes unusable. In this case, it would be impossible to read the data stored on the MicroSD memory configured with the "Lock-to-device" parameter as they could only be read with the specific device that is now unusable (damaged, stolen or lost).


CryptoSDConfig - Recovery Key


    It is essential that you save the “Recovery Key” because it will be prompted only once. Then it will have to be kept in a safe place and, in case of necessity, used with the program CryptoSDClone.exe to restore the unique information that were present in the unusable CryptoSD into a new CryptoSD device that will become the clone of the original device.

    You can still choose not to save the “Recovery key” data (at your own risk) by choosing "YES" in the dialog that warns the user when the key was not saved.


Warning window for Recovery Key


https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/apps#TOC-Le-applicazioni-nel-dettaglio

CryptoSD Password Manager

    The program CryptoSD Password Manager allows you to change both the read/write and read-only password for the encrypted disks.


  1. Drive letters associated to each disk by the operating system. Select here the disk on which apply the setting changes.
  2. The green bar associated with the "INFO" button indicates that the corresponding disk is not protected. It will not be possible to select this disk to change the password. Clicking on this button the information panel about the disk will be displayed.
  3. The red bar associated with the "INFO" button indicates that the disk is protected and can be selected for password changes. Clicking on this button the information panel about the disk will be displayed.
  4. This entry must be filled with the current master (read/write) password. Without the right value it is not possible apply any change to the MicroSD settings.
  5. Read/Write - Choosing this option the master password (the read/write one) will be changed.
  6. Read Only - Choosing this option the read-only password will be set (if written for the first time) or changed
  7. In these entries it must be entered the new password (retyping it for confirmation).
  8. Forget: read/write password - If this control is checked the "Remember password" option active on the read/write password will be cancelled. The “Remember password” option can be set during login by the CryptoSDLogin.exe program.
  9. Forget: read only password - If this control is checked the "Remember password" option active on the read-only password will be cancelled.


   

In depth – Read-Only access

    The usage of a read-only passwords can be useful if you need to allow another person to read data but without the permission to modify them. It is enough to configure the read-only password, give that person the MicroSD card and the read-only password, keeping secret the read/write one (of course that person need a CryptoSD device to read the memory).


https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/apps#TOC-Le-applicazioni-nel-dettaglio

CryptoSD Clone

    The CryptoSDClone.exe application must be used whenever it is necessary to replace a no longer working CryptoSD device (damaged, lost or stolen) with another new device in order to access all those memory cards that was bound to the original CryptoSD device. We reminds you that this choice was done setting “Lock to device” at configuration stage in the “Disk Settings” window of CryptoSDConfig.exe.

    If a MicroSD memory card was configured to have one or more partitions with encryption related to the device, you can access to its data only with the CryptoSD device used to initialize the memory card itself. This means that in case the device fails, there is no way to access those data.

    To solve this problem this application allows you to clone a CryptoSD device (NOT the memory card) assigning the same "unique key" generated by the original device to a new one so that the data in the protected partition of type "Lock to Device" may be decrypted again.



    Clicking the "Load" button you can read the “Recovery Key” saved on a file during the memory configuration with the program CryptoSDConfig.exe. Alternatively it is possible to perform a Copy/Paste of the key inside the edit-box.



    Then clicking the “Apply” button the cloning procedure takes place and after configuration the CryptoSD device will work exactly as the original one allowing the access to the disks set with “Lock to Device” option.

    NOTE - The device to be configured must be new, that is never used for “Lock to Device” disks. If this is not the case the application will return an error.

    NOTE - The generation of one or more cloned devices can also be useful to allow a group of people to access data excluding any other access by persons not having those particular CryptoSD devices.

https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/apps#TOC-Le-applicazioni-nel-dettaglio