Hidden volume asks to be formatted every time


#1

Hello!

I started to configure my new 32 GB storage follwing the instructions given via /start.
After the initial setup - during which I had to format a 27 GB partition, and which resulted in 2 drives, one with 2 GB and a second one with 27 GB - I proceeded with the instructions given in the FAQ at https://www.nitrokey.com/documentation/applications#a:encrypted-mobile-storage. So I started to setup the hidden volume by using the setup window, starting at 20%, ending at 90%. After some seconds, I got the message that setup is done.

When I now try to use the hidden volume, I first unlock the encrypted volume, which results in showing both drives, the 2 GB and the 27 GB one. When I try to unlock the hidden volume, a pop-up windows says that I am about to lock my encrypted volume and have to eject the encrypted volume first. When I proceed, I get the message that I have to format my 27 gb drive.

Does someone know what is going wrong here? Did I anything wrong in the sequence? Or did I miss something?

As far as I understand the process, I initially have on my 32 gb drive
(1) a 1,99 GB partition
(2) an encrypted partition with 27 GB

Then, I set the hidden volume up wihtin the encrypted 27 GB partition. Right?
But what could happen that results in me not being able to open the hidden volume?

EDIT:
When I use the storage on another PC, I can’t see the hidden volume. So far everything seems to be OK (I can see it as unformatted device only). But why am I asked to format the hidden volume every time I press the unlock hidden volume link in the nitro key app?

Help is much appreciated - Thanks!


#2

Hi,

everything happening on the device is transparent to the system. To the system the hidden volume is a newly connected device and acts as such. That is to say you have to format the hidden volume as you had to format the encrypted volume beforehand.

So in fact you have a own hidden filesystem on the encrypted partition. That is the reason why you should not write on the encrypted partition anymore after configuring the hidden volume.

It is a good idea to disallow Windows to auto-mount devices as well. This is good from a security perspective in general, but for work with Nitrokey and hidden volume as well (as the encrypted volume will not be mounted in the first place).

Kind regards
Alex


#3

Hi Alex,

Thanks for your reply. Unfortunately, I think I still don’t get it.

I set up the hidden volume by using the app (config > setup hidden volume), and after that I tried to access the volume. Windows wanted to format it, and I did so (27 GB). I then had access to the volume. After that, I went back to the app and pressed “unlock hidden volume”. This resulted in the volume appearing unformatted again in my windows explorer. (But when I’m asked to format it again, the volume appears with 20 GB instead of 27 GB). Maybe I simply don’t understand what the button “unlock hidden volume” in the app means, and that I’m confused with the number of volumes that appear when setting up the storage:

(1) I have a partition with 1,99 GB which appeared when I first used the stick
(2) After encrypting, I had another drive with avout 27 GB.

Is (1) also encrypted, or is (2) the encrypted drive which everything refers to?

I think it is (2), and I create the hidden volume within (2).

(3) But why do I loose (access to) the volume (2) after I set it up and pressed the “unlock hidden volume?” button in the app?

(4) Also, how many drives appear in my windows explorer after I set up both, the encrypted volume and the hidden volume? Is it (1) 1,99 GB and (2) Encrypted volume and (z) hidden volume?

Thank you!
Judith


#4

Hi,

no problems at all.

When unlocking the hidden volume (z), the encrypted partition (2) got locked by the device. Therefore you will only see the hidden device (z), but not the encrypted partition (2) you saw before. So you always see either (2) or (z), but should not use (2) at all after creating a hidden volume (besides unlocking to be able to unlock the hidden volume).

The hidden volume is smaller than the encrypted device, because it uses only the space between 20% and 90% of the encrypted partition. Unfortunately it has to be like this, to be able to hide the volume inside the encrypted partition. So ending up with 20G is normal.

The first partition you see (1) is just an unencrypted part of the Storage and is 2G. It is always available unencrypted so that you have a Storage for not sensitive data. There are several every day use cases where one is not able to unlock the encrypted partition/hidden volume (for example if you want to print something in your copy shop’s printer).

Does this clarify the situation?

Kind regards
Alex


#5

Hi Alex,

Thanks a lot, this claryfies things for me.
And it worked now as it should.

Regards!
Judith