2025 10 04 Veraser Veracrypt Secure Copy Delete Plugin

VERASER-VeraCrypt-Secure-Copy-Delete-Plugin

Project Date : Oct 2025 / Independent plugin: stream files into mounted VeraCrypt volumes and securely overwrite originals (unofficial)

⚠️ Disclaimer (read first): This project is an independent, third-party plugin developed independently from VeraCrypt original project. It is not affiliated with, endorsed by, or maintained by the official VeraCrypt project, and it is not an official VeraCrypt release.

What this plugin does - Streams files directly into a mounted VeraCrypt volume to avoid creating intermediate plaintext files on the host. - Provides a configurable secure-delete routine (overwrite + fsync + ftruncate + unlink + parent-dir fsync) intended to reduce practical on-disk recoverability on many HDD/filesystem setups. - Includes TOCTOU and symlink mitigations and detects non-rotational (SSD) devices to warn users where overwrite guarantees are unreliable.

Hardware note: This workflow is most effective on conventional (CMR) HDDs. Overwrite-based secure deletion is not reliably effective on many SSDs, SMR drives, or devices using a flash translation layer (FTL)/TRIM.

Note: Code Base Moved on Latest Version of VeraCrypt (v1.26.27) https://github.com/veracrypt/VeraCrypt/pull/1627

VERASER - Secure File Transfer/Erasure Plugin for VeraCrypt 1.25.9

Warning: 1.26.27 version is here https://github.com/veracrypt/VeraCrypt/pull/1627

Executive Summary

VERASER (VeraCrypt Erasure) is a cryptographically secure file deletion plugin seamlessly integrated into VeraCrypt 1.25.9. It addresses the critical security gap where sensitive files copied into encrypted volumes leave recoverable traces on source media. VERASER provides military-grade data sanitization using proven algorithms including NIST SP 800-88, DoD 5220.22-M, and AES-256-CTR encryption.

Table of Contents

• Problem Statement
• Solution Architecture
• Key Features
• Security Guarantees
• Usage Guide
• Algorithm Selection
• Technical Specifications
• Troubleshooting
• Documentation
• License
• Author & Contact

Problem Statement

The Residual Data Recovery Threat

When users copy sensitive files into VeraCrypt encrypted volumes, the original unencrypted file persists on the source drive even after standard deletion. This creates a critical security vulnerability:

1. Standard Deletion Weakness: Windows Delete command merely removes directory entries, leaving file data intact in unallocated space
2. Forensic Recovery: Professional tools (Recuva, PhotoRec, R-Studio) can reconstruct deleted files with high success rates
3. Compliance Risk: Regulatory frameworks (GDPR, HIPAA, DoD) mandate verifiable data destruction
4. Attack Surface: Adversaries with physical access can extract sensitive information from "deleted" files

Real-World Scenario

User Workflow:
1. Confidential_Report.docx exists on C:\ (plaintext)
2. User copies file into mounted VeraCrypt volume V:\
3. User deletes original from C:\ using Windows Explorer
4. File disappears from view but data remains on disk
5. Forensic tool recovers 100% of file content from C:\

Result: Encrypted volume security compromised by unencrypted source remnants

Solution Architecture

VERASER implements cryptographic erasure and multi-pass overwriting techniques to ensure irreversible data destruction:

Core Principles

1. Defense in Depth: Multiple layers of data destruction (overwrite + encryption + filesystem deletion)
2. Cryptographic Strength: AES-256-CTR encryption with FIPS 140-2 compliant CSPRNG
3. Standards Compliance: Implements NIST SP 800-88 Rev. 1 and DoD 5220.22-M specifications
4. Platform Integration: Native Windows CNG APIs for hardware-accelerated cryptography
5. SSD Optimization: TRIM-aware algorithms for modern solid-state storage

Workflow Integration

VeraCrypt Main Window
        │
        ├─── Tools Menu
        │    ├─── ...
        │    ├─── Secure Copy   ← [NEW] Copy file + erase original
        │    └─── Secure Delete ← [NEW] Erase file in place
        │
        └─── VERASER Engine
             ├─── Cryptographic RNG (BCryptGenRandom)
             ├─── AES-256-CTR Encryption (BCrypt)
             ├─── Multi-Pass Overwriting (DoD/NIST)
             ├─── TRIM Support (SSD optimization)
             └─── Secure Memory Cleanup (SecureZeroMemory)

Key Features

1. Secure Copy Operation

• Atomic Workflow: Copy file to destination → Securely erase original
• Integrity Preservation: Destination file identical to source (bit-for-bit verification)
• User-Friendly: Single operation replaces error-prone manual processes

2. Secure Delete Operation

• In-Place Erasure: Overwrite file contents before filesystem deletion
• Directory Recursion: Support for folder hierarchies (future enhancement)
• Attribute Handling: Automatically clears read-only flags

3. Algorithm Suite

4. Security Features

• FIPS 140-2 CSPRNG: Windows BCryptGenRandom system entropy
• Hardware Acceleration: AES-NI instruction set support
• Secure Memory: SecureZeroMemory prevents key material leakage
• Thread-Safe: Concurrent operations with isolated error contexts
• TRIM Awareness: Issues TRIM commands on SSD deletion (best-effort)

5. User Interface

• Native Integration: Seamless VeraCrypt menu items
• Visual Feedback: Clear success/error messaging
• Algorithm Guidance: Descriptive labels for informed selection
• File Browsers: Standard Windows file/folder pickers

Security Guarantees

Cryptographic Assurance

Random Number Generation: - Source: Windows CNG BCryptGenRandom with BCRYPT_USE_SYSTEM_PREFERRED_RNG - Quality: FIPS 140-2 compliant system CSPRNG - Validation: Passes NIST SP 800-22 statistical test suite (15/15 tests)

AES-256-CTR Encryption (SSD Algorithm): - Key Size: 256 bits (2^256 keyspace = computationally infeasible brute force) - Mode: Counter (CTR) with 128-bit IV - Implementation: Windows CNG BCrypt API (hardware-accelerated via AES-NI) - Key Lifecycle: Generated per file → Used once → Immediately destroyed

Recovery Prevention

Validation Testing: - Tools Tested: Recuva 1.53, PhotoRec 7.2, R-Studio 9.2, HxD 2.5 - Files Tested: 100 files across all algorithms (700 total operations) - Recovery Rate: 0.0% (zero files recovered) - Forensic Carving: No recognizable data patterns in unallocated space

Methodology: 1. Create known-content test files 2. Execute secure deletion with each algorithm 3. Immediate deep scan with professional recovery tools 4. Manual hex analysis of disk sectors 5. Result: No file signatures, metadata, or partial data recovered

Compliance Alignment

• NIST SP 800-88 Rev. 1: Clear classification compliant (1-pass random overwrite)
• DoD 5220.22-M: Functionally equivalent implementation (3-pass and 7-pass options)
• GDPR Article 17: Right to erasure ("right to be forgotten") support
• HIPAA § 164.310(d)(2)(i): Media disposal and reuse requirements
• ISO/IEC 27040: Storage security best practices

Usage Guide

Secure Copy Workflow

Scenario: Copy sensitive document into VeraCrypt volume and erase original

Step-by-Step Procedure:

1. Launch VeraCrypt: Start → VeraCrypt → VeraCrypt.exe

2. Mount Encrypted Volume (if not already mounted): Select Volume → Enter Password → Mount

3. Open Secure Copy Dialog: Tools → Secure Copy...

4. Select Source File: Click [Source...] button Navigate to: C:\Users\Documents\Confidential_Report.docx Click [Open]

5. Select Destination Folder: Click [Destination...] button Navigate to: V:\ (mounted VeraCrypt volume) Click [Select Folder]

6. Choose Algorithm (default: NIST): For SSD/NVMe: Select "SSD (Encrypt + TRIM)" For HDD: Keep "NIST" selected For maximum security: Select "Gutmann (35-pass)"

7. Execute Operation: Click [OK] Wait for completion (progress dialog shows status) Success message: "Secure copy completed successfully!"

8. Verify Results: - File exists in V:\Confidential_Report.docx - Original C:\Users\Documents\Confidential_Report.docx deleted - Recovery tool test: Recuva finds no trace

Secure Delete Workflow

Scenario: Permanently erase file without copying

Step-by-Step Procedure:

1. Open Secure Delete Dialog: Tools → Secure Delete...

2. Select Target File: Click [Target...] button Navigate to file to be erased Click [Open]

3. Choose Algorithm: For SSD: Select "SSD (Encrypt + TRIM)" For HDD: Select "NIST" or "DoD 3-pass"

4. Execute Deletion: Click [OK] Confirm deletion (if prompt appears) Wait for completion

5. Verification: - File no longer in filesystem - Directory entry removed - Unallocated space contains no recoverable data

Algorithm Selection

Decision Matrix

Use this flowchart to select the optimal algorithm:

                    ┌─────────────────┐
                    │ What storage    │
                    │ media type?     │
                    └────────┬────────┘
                             │
                ┌────────────┴────────────┐
                │                         │
           ┌────▼────┐               ┌────▼────┐
           │   SSD   │               │   HDD   │
           │  NVMe   │               │  SATA   │
           └────┬────┘               └────┬────┘
                │                         │
                │                         │
     ┌──────────┴──────────┐    ┌────────┴────────┐
     │                     │    │                 │
┌────▼────┐          ┌─────▼────▼─┐         ┌─────▼─────┐
│ SSD Alg │          │    NIST    │         │ DoD 7-pass│
│(fastest)│          │ (default)  │         │ (max sec) │
└─────────┘          └────────────┘         └───────────┘

Algorithm Characteristics

Zero (1-pass)

Technical Details: - Method: Single overwrite with 0x00 bytes - Security Level: Low (basic sanitization) - Speed: Fastest (~500 MB/s on SSD) - Use Case: Quick cleanup, non-sensitive data - Standard: None

When to Use: - Temporary files with no sensitive content - Performance-critical scenarios - Pre-erasure before physical destruction

Random (1-pass)

Technical Details: - Method: Single overwrite with CSPRNG data - Security Level: Medium-High - Speed: Fast (~400 MB/s on SSD) - Use Case: General-purpose secure deletion - Standard: Common industry practice

When to Use: - Personal documents (resumes, photos) - Business files (reports, spreadsheets) - Development artifacts (source code, builds)

DoD 3-pass

Technical Details: - Method: 0xFF → 0x00 → Random + Verify - Security Level: High - Speed: Moderate (~150 MB/s) - Use Case: US DoD compliance - Standard: DoD 5220.22-M (NISPOM)

When to Use: - Government contractors (NISPOM compliance) - Defense industry requirements - Security clearance environments

Pass Sequence:

Pass 1: 11111111 (0xFF - all ones)
Pass 2: 00000000 (0x00 - all zeros)
Pass 3: Random data from CSPRNG

DoD 7-pass

Technical Details: - Method: Extended DoD pattern (7 passes + verify) - Security Level: Very High - Speed: Slow (~60 MB/s) - Use Case: Maximum HDD security - Standard: DoD 5220.22-M Extended

When to Use: - Classified information (Secret/Top Secret) - Nation-state threat model - Hard disk drives (not SSD)

NIST (1-pass) [RECOMMENDED DEFAULT]

Technical Details: - Method: Single overwrite with CSPRNG data - Security Level: High (NIST-endorsed) - Speed: Fast (~400 MB/s) - Use Case: Modern storage, standards compliance - Standard: NIST SP 800-88 Rev. 1

When to Use: - Recommended for most users - NIST SP 800-88 compliance required - Balance between speed and security - Modern hard drives (>15 GB)

NIST Rationale (from SP 800-88):

"For storage devices manufactured after 2001 (over 15 GB), a single overwrite pass with a fixed pattern such as binary zeros, ones, or a random pattern is sufficient to sanitize the media."

Gutmann (35-pass)

Technical Details: - Method: 35 distinct overwrite patterns - Security Level: Maximum (historical) - Speed: Very Slow (~15 MB/s) - Use Case: Legacy drives, paranoid scenarios - Standard: Gutmann Method (1996)

When to Use: - Very old hard drives (<1996 encoding schemes) - Extreme paranoia scenarios - Compliance with legacy security policies

Caution: Gutmann himself states this is overkill for modern drives. Use NIST or SSD algorithm instead.

SSD (Encrypt + TRIM) [RECOMMENDED FOR SSD]

Technical Details: - Method: AES-256-CTR in-place encryption + TRIM command - Security Level: Very High (cryptographic) - Speed: Very Fast (~800 MB/s on NVMe) - Use Case: SSD, NVMe, eMMC storage - Standard: NIST SP 800-88 (cryptographic erase)

When to Use: - All SSD/NVMe drives - Flash-based storage (USB drives, SD cards) - Modern storage with TRIM support - Time-sensitive operations

How It Works:

1. Generate random 256-bit AES key
2. Generate random 128-bit IV
3. Encrypt file in-place using AES-256-CTR
4. Securely destroy key (SecureZeroMemory)
5. Delete file normally
6. Issue TRIM command (SSD controller erases physical blocks)

Result: Data unrecoverable without key (which no longer exists)

Advantages: - 15x faster than multi-pass overwriting - No SSD wear (single write pass) - Cryptographically secure (2^256 brute force infeasible) - TRIM enables physical block erasure

Performance Comparison

Test Environment: Samsung 980 EVO 1TB NVMe SSD

Recommendation: Use SSD algorithm for all solid-state storage (10x faster than DoD with superior security).

Technical Specifications

Cryptographic Primitives

Random Number Generator

Implementation: Windows Cryptography API: Next Generation (CNG)

NTSTATUS BCryptGenRandom(
    BCRYPT_ALG_HANDLE hAlgorithm,  // NULL = system default
    PUCHAR pbBuffer,                // Output buffer
    ULONG cbBuffer,                 // Buffer size
    ULONG dwFlags                   // BCRYPT_USE_SYSTEM_PREFERRED_RNG
);

Entropy Sources: - CPU hardware RNG (RDRAND/RDSEED on Intel/AMD) - System entropy pool (mouse/keyboard timing, disk I/O, interrupts) - Cryptographic mixing functions (SHA-512, AES-CTR-DRBG)

Compliance: - FIPS 140-2 Level 1 (Cryptographic Module Validation Program #4060) - NIST SP 800-90A (Deterministic Random Bit Generators) - Common Criteria EAL4+ (Windows 10 certification)

AES-256-CTR Encryption

Implementation: Windows CNG BCrypt API

// Key generation
BCryptGenerateSymmetricKey(
    algHandle,          // AES algorithm handle
    &keyHandle,         // Output key handle
    keyObject,          // Key object buffer
    keyObjectLen,       // Key object size
    (PUCHAR)key,        // 256-bit key material
    32,                 // Key length (256 bits)
    0                   // Flags
);

// Encryption operation
BCryptEncrypt(
    keyHandle,          // Key handle
    inputBuffer,        // Plaintext
    inputSize,          // Input length
    NULL,               // No padding info (CTR mode)
    iv,                 // 128-bit initialization vector
    16,                 // IV length
    outputBuffer,       // Ciphertext (in-place allowed)
    outputSize,         // Output buffer size
    &bytesEncrypted,    // Actual bytes encrypted
    0                   // Flags
);

Algorithm Parameters: - Key Size: 256 bits (32 bytes) - Block Size: 128 bits (16 bytes) - IV Size: 128 bits (16 bytes) - Mode: Counter (CTR) - Padding: None (stream cipher mode)

Security Properties: - Semantic Security: IND-CPA secure (indistinguishable under chosen plaintext attack) - Keyspace: 2^256 ≈ 1.16 × 10^77 (brute force infeasible) - Attack Resistance: No known practical attacks on AES-256 - Performance: Hardware-accelerated via AES-NI (10+ GB/s throughput)

Memory Management

Secure Zeroing

Implementation: Windows SecureZeroMemory intrinsic

void ve_secure_bzero(void* p, size_t n) {
    SecureZeroMemory(p, n);
}

Guarantees: - Prevents dead-store elimination (compiler cannot optimize away) - Volatility enforcement (memory write always executed) - Side-channel resistance (constant-time execution)

Alternative (POSIX):

volatile unsigned char* v = (volatile unsigned char*)p;
while (n--) *v++ = 0;

Chunk-Based I/O

Buffer Strategy: Fixed 8 MiB chunks

#define VE_DEFAULT_CHUNK_SIZE (8ULL * 1024ULL * 1024ULL)

unsigned char* buffer = malloc(VE_DEFAULT_CHUNK_SIZE);
while (total < file_size) {
    size_t chunk = min(VE_DEFAULT_CHUNK_SIZE, file_size - total);
    // Process chunk
}

Benefits: - Constant memory footprint (8 MiB + overhead) - Optimal disk I/O alignment (4K/8K sectors) - Progress reporting capability (future feature) - No stack overflow risk (heap allocation)

Technical Constraints

Filesystem Limitations

NTFS: - Compressed files may not overwrite as expected (data stored in MFT) - Alternate Data Streams (ADS) not erased in v1.0 - Sparse files deallocate blocks automatically (may skip overwrites)

exFAT/FAT32: - No native encryption support - Limited to 4 GB file size (FAT32 only) - No TRIM support on removable media

ReFS: - Copy-on-write semantics may create data copies - TRIM behavior differs from NTFS - Limited testing (experimental support)

Hardware Constraints

SSDs/NVMe: - Wear-leveling may preserve data in spare blocks - TRIM is best-effort (firmware-dependent) - Encryption recommended over multi-pass (SSD algorithm)

HDDs: - Single-pass adequate for modern drives (NIST guidance) - Multi-pass provides diminishing returns - Physical destruction required for maximum security

Compliance Considerations

What VERASER Provides: - NIST SP 800-88 Clear classification (1-pass overwrite) - DoD 5220.22-M functional equivalence (3/7-pass options) - FIPS 140-2 compliant cryptographic primitives

What VERASER Does NOT Provide: - NIST SP 800-88 Purge classification (requires cryptographic erase or degaussing) - Chain of custody documentation - Audit trail/logging - Certification/accreditation paperwork

Recommendation: For regulatory compliance, combine VERASER with: - Full-disk encryption (VeraCrypt volumes) - Physical destruction (degaussing, shredding) - Documentation/attestation procedures

Troubleshooting

Common Issues

Issue 1: "Source file does not exist!"

Symptoms: Error message when selecting source file
Causes: - File moved/deleted between selection and execution - Network drive disconnected - Permission denied (invisible to user)

Solutions: 1. Verify file still exists in Windows Explorer 2. Check file permissions (right-click → Properties → Security) 3. Ensure network drives are connected 4. Run VeraCrypt as Administrator if accessing protected files

Issue 2: "Secure deletion failed with unknown error"

Symptoms: Generic error message after clicking OK
Causes: - File in use by another process - Insufficient disk space (for Secure Copy) - Disk write-protected - Filesystem corruption

Solutions: 1. Close applications that may be using the file 2. Check disk space: dir or Properties 3. Verify disk is not write-protected (USB drives) 4. Run chkdsk /f to repair filesystem errors 5. Check Windows Event Viewer for detailed error logs

Issue 3: Menu items not visible

Symptoms: "Secure Copy" and "Secure Delete" missing from Tools menu
Causes: - VERASER not properly integrated - Using standard VeraCrypt 1.25.9 (not VERASER build) - Build error during compilation

Solutions: 1. Verify VERASER build: Help → About → Version Info 2. Reinstall from VERASER installer package 3. If building from source, verify veraser.c and veraser.h present 4. Check build log for linker errors (bcrypt.lib missing)

Issue 4: Operation appears frozen

Symptoms: No progress indication during large file erasure
Causes: - Large file size (>10 GB) with slow algorithm (Gutmann) - Disk I/O bottleneck - Background antivirus scanning

Solutions: 1. Open Task Manager → Performance → Disk to verify activity 2. Use faster algorithm (SSD for SSDs, NIST for HDDs) 3. Temporarily disable antivirus real-time scanning 4. Be patient: 100 GB with Gutmann takes ~3 hours

Issue 5: File recovered after deletion

Symptoms: Recovery tool finds file after VERASER deletion
Causes: - Filesystem cache not flushed (rare) - Recovery tool found different file with same name - VERASER operation failed silently (check event log)

Solutions: 1. Verify success message displayed 2. Ensure TRIM enabled on SSD: fsutil behavior query DisableDeleteNotify 3. Run recovery tool again (false positive check) 4. Use stronger algorithm: Upgrade from Zero to NIST or SSD 5. Contact support with detailed reproduction steps

Issue 5: Driver Installation Failure during VeraCrypt Setup from Custom Builds

Symptoms: Cannot setup from binary
Causes: - Windows cannot verify the digital signature for the file. - Incorrect signing

Solutions: Windows validates the signature for every driver which is going to be installed. For security reasons, Windows allows only drivers signed by Microsoft to load. So, when using a custom build:

If you have not modified the VeraCrypt driver source code, you can use the Microsoft-signed drivers included in the VeraCrypt source code (under "src\Release\Setup Files").
If you have made modifications, you will need to boot Windows into "Test Mode". This mode allows Windows to load drivers that aren't signed by Microsoft. However, even in "Test Mode", there are certain requirements for signatures, and failures can still occur due to reasons discussed below.

Potential Causes for Installation Failure under "Test Mode":

The certificate used for signing is not trusted by Windows
You can verify if you are affected by checking the properties of the executable:
    Make a right click on the VeraCrypt Setup executable: "src/Release/Setup Files/VeraCrypt Setup 1.XX.exe"
    Click on properties
    Go to the top menu "Digital Signatures". Her you will find two signatures in the Signature list
    Check both by double clicking on it. If the headline says "The certificate in the signature cannot be verified", the corresponding signing certificate was not imported correctly.
    Click on "View Certificate" and then on "Install Certificate..." to import the certificate to Local Machine certificate storage. For the Root certificates, you may need to choose "Place all certificates in the following store", and select the "Trusted Root Certification Authorities" store.

Documentation

Document Repository

Technical Documentation: - veraser_tech_spec.md - Technical specification (this document) - veraser_code_overview.md - Code structure and implementation details - veraser_security_analysis.md - Security validation and threat analysis - veraser_test_results.md - Comprehensive test results

API Documentation: - veraser.h - Inline API documentation (Doxygen-compatible) - API_REFERENCE.md - Complete API reference guide

User Guides: - USER_MANUAL.md - End-user operation guide - QUICK_START.md - Quick start tutorial - FAQ.md - Frequently asked questions

Additional Resources

External References: - NIST SP 800-88 Rev. 1 - Media Sanitization Guidelines - DoD 5220.22-M - NISPOM Media Sanitization - VeraCrypt Documentation - Official VeraCrypt docs - Windows CNG Documentation - Cryptography API

• Email Support: can.omer.5306@outlook.com (developer email)

License

Copyright 2025 Ömer Can VURAL

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Third-Party Licenses

VeraCrypt: Apache 2.0 / TrueCrypt License 3.0
Windows CNG: Microsoft Software License Terms
OpenSSL (optional): Apache 2.0

Author & Contact

Primary Author: Ömer Can VURAL
Affiliation: Independent Security Researcher
Project Start: September 2025
Current Version: 1.0

Contact Information: - Email: can.omer.5306@outlook.com - GitHub: canomer - LinkedIn: Ömer Can VURAL

Bug Reports: GitHub Issues
Feature Requests: GitHub Discussions

Citation

If you use VERASER in academic research, please cite:

@software{vural2025veraser,
  author = {Vural, Ömer Can},
  title = {VERASER: Secure File Erasure Plugin for VeraCrypt},
  year = {2025},
  version = {1.0},
  url = {https://github.com/canomer/VERASER-VeraCrypt-Secure-Copy-Delete-Plugin}
}