http://cryptosd.oxysec.com/manuals/config


 Storage configuration

Foreword

    In the following paragraphs there are step by step descriptions for setting up the MicroSD Memory Card in various configurations.

    Keep in mind that the configuration process can be always run and for an unlimited number of times, but it permanently deletes all the data present on the memory.

    NOTE -  In some sections there is a panel that explains some aspects of the operation performed by CryptoSD. Such information is not absolutely necessary for its usage, but are addressed to whom already have the basic knowledge of disks management and file systems and want to have a better understanding of how CryptoSD works.


   

In depth

    The configuration process performs two basic operations: completely erase the Memory Card and writes on it in a reserved area the data of the new configuration. All this information is stored in an encrypted form and only CryptoSD devices are able to decrypt and understand it.
    This implies that, once configured, the MicroSD can be correctly handled only by a device CryptoSD. Using the same memory with other readers, in fact, the formatting procedure will be requested by the operating system as the data in the MBR (Master Boot Record) will not be understood because encrypted
.



Suggestions for correct use

    Although the use of the CryptoSD device is very simple and intuitive, it is good to keep in mind some issues related to operating systems.

    Proper use includes the following steps:

  1. insert the MicroSD memory in the CryptoSD device
  2. insert the device into a USB port
  3. the operating system queries CryptoSD which returns back information about the configuration (number of disks and their related security parameters)

    Following the step above, you will see all the units in which it was splitted the storage space of the MicroSD memory.

    If the sequence is not fully complied it might happen that the operating system shows only one disk even if the MicroSD is configured with multiple units. This problem can be easily solved by re-inserting the device into the USB port.


   

In depth - Enumeration of the logical drives (disks)

    When the CryptoSD device is plugged into the USB port the Operating System queries it to determine how many logical drives (disks) are present. CryptoSD get this information from a reserved and encrypted configuration area inside the MicroSD, and send it back to the operating system.
    Whenever the OS asks this information when there is no configured MicroSD memory card inserted into the CryptoSD slot, there is no hints about the number of logical device, hence the information returned to the host is that only one logical drive is present and without removable disk.
    Taking into account that the operating system asks for disks information only when a device is inserted, or after USB enumeration, it is clear that inserting the MicroSD when CryptoSD is already plugged in, the exported disk is still one even if the memory contains multiple disks. The only way to get all the disks potentially available, is to re-plug the device with the memory card already present.



https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/config#TOC-Configurazione-dei-dischi

Configure a single non-encrypted disk

Create a disk that can be used by any MicroSD reader

  • Insert a MicroSD memory into the slot on the CryptoSD device.

  • Insert the CryptoSD device into a USB port on your computer.



  • Your computer will recognize the device and, if necessary, may ask the user to format the disk



  • Once formatted you can use the available space as in a normal memory stick




   

In depth

    The use of CryptoSD as above doesn’t include any configuration and doesn’t exploit any of the security features for which the device was designed.
    If the MicroSD card has already been formatted with another device (i.e. other than CryptoSD), it will not request any formatting and it will be possible to access the (not encrypted) data that may be present on the memory card.


https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/config#TOC-Configurazione-dei-dischi

Create a disk that can only be used by CryptoSD

    The previous section shows how to completely reset the MicroSD memory card. The result is a single non-encrypted disk accessible by any MicroSD reader.

    An alternative is to perform a configuration as shown below. The result is still a single non-encrypted disk, but in this case, it will be accessible only by a CryptoSD reader: using a so configured memory card on another reader will cause a formatting request by the operating system.

  • Insert a MicroSD memory into the slot on the CryptoSD device and insert it into a computer's USB port.



  • Ignore the AutoPlay window or any request to format the memory from the PC. Run the CryptoSDConfig.exe application.



  • Check Disk 1: the application will assign all available space to this disk.



  • Press the "Apply" button. A message will appear stating that all data will be lost and that the MicroSD memory card is about to be initialized with the selected settings.



  • To proceed press the "YES" button. The memory card will be completely reconfigured and the operating system will prompt you to format the disk.



  • Once formatted you will get an unencrypted disk.


   

In depth

    A MicroSD memory card configured in the way above can’t be read by a standard MicroSD reader even if the disk and the data are not encrypted. This is because the configuration information present on the MicroSD are still encrypted and only CryptoSD devices are able to decrypt and understand the content.


https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/config#TOC-Configurazione-dei-dischi

Configure a single encrypted disk

  • Insert a MicroSD memory into the slot on the device CryptoSD and insert it into a computer's USB port.



  • Ignore the AutoPlay window or any request to format the memory from the PC.
  • Run the CryptoSDConfig.exe application.



  • Check Disk 1: the application will assign all available space to this disk.



  • Click the "Security" button of the selected disk: the configuration window as shown below will appear.




   

In depth – Disk encryption

    During the entering of the password used to unlock the disk, you can also choose some operating parameters of the cryptographic engine that will affect how the data will be encrypted and stored.
  • Lock to MicroSD - Choosing this option (on by default) the encryption process will be linked to internal non modifiable parameters of the memory card such as the serial number and the manufacturer code. This prevents the MicroSD memory card to be cloned: in fact the encryption would be affected by different values (for example the serial number) returning unexpected values.
  • Lock To Device - This option allows you to bind the encryption process to internal non modifiable parameters belonging to the CryptoSD device you are using. The data can’t be decrypted with any other CryptoSD device. Be very careful if you opt for this choice because you will be prompted to save configuration data in a file (Recovery Key) you can use to clone the original CryptoSD device if lost, stolen or become damaged. Without these important data, in fact, you would no longer be able to decrypt the data in memory.
  • Remember Password - This flag tells the device to remember your password so that it is not required entering it to access the disk. It will always be possible to force the device to "forget" it (this is done with the CryptoSDPasswdMan.exe application) in order to restore controlled access.


  • Enter a password in the specific edit boxes, then press the "OK" button.
  • You return to the main window in where now a red line and a closed padlock indicate that you have set up security features for “Disk 1”.



  • Press the "Apply" button. A message will appear stating that all data will be lost and that the MicroSD memory card is about to be initialized with the selected settings.



  • To proceed press the "YES" button. The memory card will be completely reconfigured.



    At this point there will be a removable device in Windows Explorer (in the figure the disk G:) but without space: it is necessary to enter the password to unlock and decrypt the memory to allow the operating system to access it.

  • Open the CryptoSDLogin.exe application.



  • The application will recognize that the disk G: is an encrypted disk (the red bar "INFO") in which the access has not yet been enabled. In the space provided enter the password you set during initialization and press "OK".



  • If the password is correct, the bar "INFO" will turn green and you can access the disk. The operating system will prompt you to format the new disk so that it can be used to store data (Removable Disk G: in the figure).

https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/config#TOC-Configurazione-dei-dischi

Configure multiple disks on a single MicroSD

    CryptoSD allows to configure the storage space of a MicroSD Memory Card as if it were made up of several disks (up to four). For each disk, you can choose the level of protection desired.

    In the following we show how to configure a MicroSD of 64 GBytes so that the operating system see three disks of different sizes. The first disk will be not encrtpted, while the second and the third will be completely encrypted but with different passwords for access.

  • Insert a MicroSD memory into the slot on the CryptoSD device and insert it into a computer's USB port.



  • Ignore the AutoPlay window or any request to format the memory from the PC.
  • Run the CryptoSDConfig.exe application.
  • .



  • Check Disk 1 and select the size by typing the desired value in the space provided. Also select Disk 2 by choosing the size and then select Disk 3. In the example we will have three disks: the first with size of 30 GBytes, the second 20 GBytes and the third 9.48 GBytes.



  • Select the "Security" button for Disk 2. You will see the configuration window shown below. For more clarity a blue line in correspondence of the disk for which you are setting the security parameters will appear.



  • Enter the password for Disk 2 typing it in the appropriate fields. Then select "OK"
  • You will return to the main window with the indication of the new state of Disk 2 which is now protected.



  • Now click on the "Security" button for Disk 3. It will appear again the configuration window but with the blue bar highlighting Disk 3.



  • Enter the password for Disk 3 typing it in the appropriate fields. Then select "OK".
  • You will return to the main window with the indication of the new state of Disk 3 too.



  • Press the "Apply" button. A message will appear stating that all data will be lost and that the MicroSD memory card is about to be initialized with the selected settings.



  • To proceed press the "YES" button. The memory card will be completely reconfigured and the operating system will prompt you to format one of the three disks (the non encrypted one).



    At this point in Windows Explorer three new removable drives will appear and in our example such drives are G:, H: and I:.


    NOTE - Depending on operating system configuration it may happen that the non active disks won’t be shown.

  • The disk G: (Disk 1 in the configuration) is not protected and so the operating system will ask to format it: then proceed to its formatting.
  • The disks H: and I: are locked and then the operating system shows the drives but does not display the content because the disks have not yet been "mounted".
  • To access the protected disks run CryptoSDLogin.exe
  • Opening the program it will be shown the memory configuration in the CryptoSD device (if present in a USB port). In this specific case it is shown the presence of three disks: disk G: to which you can already access (bar "INFO" with green color) disks H: and I: present but for which the access password has not yet been entered (bar "INFO" with red color).



  • Select (for example) the disk I:, enter in the appropriate field the password chosen at initialization stage, and then press the "OK" button.



  • At this point you can access the drive I: and, if necessary (i.e. if the first access) the operating system will ask you to format it.



  • Note that clicking on the "INFO" button associated with the disk it will be displayed some information even before the unlock password is entered. For example clicking the "INFO" button for the disk H: displays the following information:


https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/config#TOC-Configurazione-dei-dischi


Completely reset the MicroSD memory card

  • Insert a MicroSD memory into the slot on the device CryptoSD, then insert it into a computer's USB port.



  • Ignore the AutoPlay window or any request to format the memory from the PC.
  • Run the application CryptoSDConfig.exe.



  • Without selecting anything click on the button "Apply". A message appears stating that all data will be lost and that the MicroSD will return to be used as a normal memory card.



  • For proceeding press the “YES” button. The memory card will be completely reconfigured and the operating system will prompt you to format it.



  • Once formatted you will get a non-encrypted standard disk.

   

In depth – Complete reset of MicroSD memory

    The full reset of the MicroSD memory card erases all its data including configuration information used by CryptoSD if present. At the end of the process the MicroSD will be completely clean and, once formatted, can also be used also on standard MicroSD card reader.


https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/config#TOC-Configurazione-dei-dischi

Set the read-only password

    For encrypted disks you can also set a password that will allow to access to the data just in read-only mode, thus preventing that the same content can be changed.

  • Insert an already configured MicroSD memory with at least one protected disk (if not you must configure it first) into the slot of the CryptoSD device and insert it into a computer's USB port.



  • Ignore the AutoPlay window or any request to format the memory from the PC.
  • Run the application CryptoSDPasswordMng.exe.
  • The main window will show the used memory configuration. In this example the MicroSD has been configured to export 3 disks, two of which are protected (H: and I:).




   

In depth – The “INFO” button in the “Password Manager” program

    The buttons "INFO" on the main screen of the application CryptoSD Password Manager provide information about the corresponding disk.
  • INFO button without bars - no disk is present
  • INFO button with green bars - the disk is not encrypted
  • INFO button with red bars - The disk is encrypted
    Note that the meaning of these colors is slightly different from what it takes in CryptoSDLogin.exe program, where the colors represent the state of the disk at that moment: accessible, inaccessible or read-only accessible.


  • Let’s suppose you want to set (or change) the password for the read-only Disk H. To do so select that disk via the radio-button in the upper part of the screen.
  • Write the current password set during initialization in "Read/Write password" (that is the password for full access, not to be confused with read/only password)
  • For the field "Password to modify" check "ReadOnly" radio button
  • Write in the following two fields the new password for read-only access


  • Click on “Apply” button

    From this moment on the disk H: can be used both normally (read write mode) and in read-only mode. To choose in which way to access the memory follow the next instructions.

  • Extract the CryptoSD device from the USB port
  • Run the program CryptoSDLogin.exe


  • Plug the CryptoSD device into a USB port. The application will recognize the device and show the configuration of the memory card.


  • Select the disk H:. Note that the "Read Only" check can be selected, this means that the disk H: can be used also in read-only mode.
  • Then select "Read Only", enter the read-only password you set for this disk and press the button "OK"


  • The application will now display a yellow bar under the drive letter H: to indicate that the disk is accessible in read-only mode.
  • The disk will be recognized by the operating system, which can read its content but without the possibility  to change or delete anything.
    NOTE - After mounting a read-only disk, you can always enter the password for read/write access in order to have full control of the unit.


   

In depth – Read-only access

    For each encrypted disk you can set two different passwords: the first one is set during the initialization phase and allows full access to the disk, while the second password, set as shown above, allows just reading the content.
    This feature can be very useful when it is necessary to allow other people to access information that must not be changed: just deliver the MicroSD device and the read-only password for the specific disk.

https://sites.google.com/a/oxysec.com/cryptosd-ita/manuals/config#TOC-Configurazione-dei-dischi