Topics

Veracryp's SecureDesktop opt not usable latest trunk


john doe
 

Hello all,

I'm playing with veracrypt's CLI, (1).

when using the '/secureDesktop' option to mount an encrypted file, NVDA
is totaly lost in the secure desktop password prompt with the latest
trunk release ofNVDA in portable mode.

Command to trigger the issue:

VeraCrypt-x64.exe /v x.vc /l o /q /secureDesktop


It would be awsome if that could be addressed.
For follow-up, please CC me as I'm not subscribed to the list.


1)
https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Command%20Line%20Usage.html?id=4a7ed6926b276cf88c2485ea2a5e95b7f91e4ac1


--
John Doe


Roger Stewart
 

You can't use NVDA on the secure screen if it is portable--only an installed copy can do this.
Roger

On 9/28/2020 11:57 AM, john doe wrote:
Hello all,

I'm playing with veracrypt's CLI, (1).

when using the '/secureDesktop' option to mount an encrypted file, NVDA
is totaly lost  in the secure desktop password prompt with the latest
trunk release ofNVDA in portable mode.

Command to trigger the issue:

VeraCrypt-x64.exe /v x.vc /l o /q /secureDesktop


It would be awsome if that could be addressed.
For follow-up, please CC me as I'm not subscribed to the list.


1)
https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Command%20Line%20Usage.html?id=4a7ed6926b276cf88c2485ea2a5e95b7f91e4ac1


--
John Doe




john doe
 

What are the limitations preventing the portable version of NVDA from
accessing the secure desktop?


When NVDA gets that prompt, NVDA is lost and I couldn't find anyway out
of it.
For veracrypt I can work around this, it is an annoying issue when
working on computers that are not mine.
I took veracrypt to illustrate the issue but I'm also facing the issue
elsewhere.

--
John Doe


john doe
 

Even with NVDA installed, the secureDesktop is not accessible.

--
John Doe


Gene
 

Why do you sayy it isn't accessible? The secure desktop is what comes up when UAC runs and my installed copy of NVDA reads the UAC message.

As far as I recall, the question about why the portable version can't work with the secure desktop hasn't been addressed. Someone with far more technical knowledge will I hope address it. But when the secure desktop runs, the copy of the screen-reader that is running can't access it. I believe this is one of the main points of the secure desktop, to be isolated from a lot of processes and thus provide a much safer environment in case malware tries to do something that causes it to come up.

However, the installed version of NVDA can run a copy of itself that can work in the secure desktop. Technically, I don't know why it can and the portable version can't but that gives you some idea of why the portable copy cand and the installed copy can provide access in that environment.

Gene

-----Original Message-----
From: john doe
Sent: Tuesday, September 29, 2020 10:12 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Veracryp's SecureDesktop opt not usable latest trunk

Even with NVDA installed, the secureDesktop is not accessible.

--
John Doe


 

Hi,
One must tell NVDA to run on secure screens (NVDA menu/Preferences/Settings/General).
To answer Gene's question: UAC and other secure screens are shown via a "secure desktop" by default - a separate user session as opposed to the user session you are regularly using. As such, a separate system configuration will be in effect while using secure screens. In order to run inside secure desktop, NVDA must hold certain privileges, and only the installed copy can leverage it.
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io <nvda@nvda.groups.io> On Behalf Of john doe
Sent: Tuesday, September 29, 2020 8:13 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Veracryp's SecureDesktop opt not usable latest trunk

Even with NVDA installed, the secureDesktop is not accessible.

--
John Doe


john doe
 

Based on the feedback I got so far, I think I need to clarify my
thoughts/questions:

According to Gene, secureDesktop triggered by UAC is working when NVDA
is installed.
As I can not test this for now, I'll trust Gene on that one.


Why can't NVDA take advantage of secureDesktop in portable mode
(technical limitation, support lacking in NVDA ...)?


The following speaks only in the context of Veracrypt:

As far as testing goes, the secureDesktop triggered by Veracrypt (2) is
not accessible with NVDA installed or in portable mode.
If I understand correctly, secureDesktop should at least be accessible
when NVDA is installed.

- Why is secureDesktop triggered by Veracrypt not accessible at all?


I appriciate any feedback.


1)
https://sourceforge.net/p/veracrypt/discussion/technical/thread/461d302e/
2)
https://msdn.microsoft.com/ru-ru/library/windows/desktop/ms682124(v=vs.85).aspx

--
John Doe


 

Hi,
One way to find out: does Narrator announce Vericrypt secure desktop screen? If it doesn't, it might be time to let Vericrypt people know about accessibility issues from their side.
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io <nvda@nvda.groups.io> On Behalf Of john doe
Sent: Thursday, October 1, 2020 2:08 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Veracryp's SecureDesktop opt not usable latest trunk

Based on the feedback I got so far, I think I need to clarify my
thoughts/questions:

According to Gene, secureDesktop triggered by UAC is working when NVDA is installed.
As I can not test this for now, I'll trust Gene on that one.


Why can't NVDA take advantage of secureDesktop in portable mode (technical limitation, support lacking in NVDA ...)?


The following speaks only in the context of Veracrypt:

As far as testing goes, the secureDesktop triggered by Veracrypt (2) is not accessible with NVDA installed or in portable mode.
If I understand correctly, secureDesktop should at least be accessible when NVDA is installed.

- Why is secureDesktop triggered by Veracrypt not accessible at all?


I appriciate any feedback.


1)
https://sourceforge.net/p/veracrypt/discussion/technical/thread/461d302e/
2)
https://msdn.microsoft.com/ru-ru/library/windows/desktop/ms682124(v=vs.85).aspx

--
John Doe