*** Welcome to piglix ***

BitLocker Drive Encryption

BitLocker
A component of Microsoft Windows
BitLocker icon.png
Windows To Go - Bitlocker.png
BitLocker option during Windows To Go creation
Details
Other names Device Encryption
Type Disk encryption software
Included with
Related components
Encrypting File System

BitLocker is a full disk encryption feature included with Windows Vista and later. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.

BitLocker originated as a part of Microsoft's Next-Generation Secure Computing Base architecture in 2004 as a feature tentatively codenamed "Cornerstone", and was designed to protect information on devices, particularly in the event that a device was lost or stolen; another feature, titled "Code Integrity Rooting," was designed to validate the integrity of Microsoft Windows boot and system files. When used in conjunction with a compatible Trusted Platform Module (TPM), BitLocker can validate the integrity of boot and system files before decrypting a protected volume; an unsuccessful validation will prohibit access to a protected system. BitLocker was briefly called Secure Startup prior to Windows Vista being released to manufacturing.

BitLocker is available on:

Initially, the graphical BitLocker interface in Windows Vista could only encrypt the operating system volume. Starting with Windows Vista with Service Pack 1 and Windows Server 2008, volumes other than the operating system volume could be encrypted using the graphical tool. Still, some aspects of the BitLocker (such as turning autolocking on or off) had to be managed through a command-line tool called manage-bde.wsf.

The latest version of BitLocker, first included in Windows 7 and Windows Server 2008 R2, adds the ability to encrypt removable drives. On Windows XP or Windows Vista, read-only access to these drives can be achieved through a program called BitLocker To Go Reader, if FAT16, FAT32 or exFAT filesystems are used. In addition, a new command-line tool called manage-bde replaced the old manage-bde.wsf.


...
Wikipedia

...