Have a product question?


Free Trial

Click here to download a free trial version of SecureDisc Rimage Edition

Need to decrypt a disc?

Click here for the SecureDisc Decryption Client download and support page

Password-protected encryption for USB devices

SecureDisc for USB integrates with the Rimage RX400 system to provide encrypted USB support without the use of specialized media. Data is encrypted using the Advanced Encryption Standard (AES) 256-bit algorithm, and processed at the image format level for even stronger security.

To read information on encrypted USB devices, the intended receiver only needs the correct password and does NOT need to download or install any software on their PC.  The encrypted image on the USB device is DVD-compatible and can be mounted like any other UDF image under Windows 10 and 11. The SecureDisc Explorer decryption client automatically deployed on each encrypted device will automatically launch AUTORUN.INF scripting in the encrypted session once the correct password has been entered.

SecureDisc for USB is provided as a standalone desktop application.

Benefits At A Glance

  • Encryption of data on USB devices without specialized media
  • Highly secure 256-bit AES encryption using a FIPS 140-2 Validated Engine
  • User friendly ‘zero footprint’ decryption on client PC supporting Windows 10 and 11 (more versions to come)
  • Simple password integration options to accommodate almost any production environment
  • Supports all standard media compatible with Rimage production systems
  • Compatible with the Rimage RX400 (commercial version only)

Software Assurance & Enhancements

GTGI offers Software Assurance and Enhancements, or SAE, for customers of GTGI software such as SecureDisc.

SAE has two components: Software support and software maintenance.

Software support is defined as fixing broken software (or “bugs”), or providing corrective software updates to address user reported errors in source code.

Software maintenance is defined as proactive development in adding additional features or triaging low priority “bugs” that don’t deteriorate the software design and user experience.


Disc Creation:

  • Rimage RX400 Commercial system (configured for network access)
  • Windows 7 or higher (10 or 11 recommended)
  • 5MB free disk space for program files

Disc Viewing:

  • Windows 10 or 11; other versions may be supported with third-party UDF mounters
  • A free USB port
  • Free disk space for caching the contents of the encrypted disc session

Encryption Engine Specifications

  • 256-bit AES (Advanced Encryption Algorithm) with FIPS 140-2 Validation
  • CBC Encryption Mode (each encrypted block has it’s own key)
  • 256-bit SHA for password-to-key generation
  • Format/Image based encryption (performed at the block/sector level)


  • SecureDisc for USB is licensed per seat
  • Sub-licensed on a per-encrypted image basis
  • SecureDisc Explorer and Resident Clients are free of charge for SAE customers


Frequently asked questions

SecureDisc utilizes a 256-bit AES cryptographic engine which provides the highest level of security recognized by commercial and government entities. Although no technology can claim to be ‘unbreakable,’ a 256-bit key is the closest commercially available technology to that theoretical goal. However, the encryption engine alone is not the sole component of a secure solution. SecureDisc encrypts the entire disc image. Picture this as taking all the files to be protected and placing them inside a virtual ‘safe.’ This is distinct from file-based encryption methods that individually ‘lock’ each file on the media. Encrypting the entire disc image creates a more secure solution since there is no visibility to any of the protected files until the image is decrypted by entering the correct password. This is one of an array of methods SecureDisc uses in order to prevent ‘cracking’ software from extracting the password and allowing unauthorized access. There are widely available software applications that can ‘brute force attack’ encrypted files by making thousands of attempts per second using every possible password combination and eventually obtain the password. These applications cannot be used to defeat SecureDisc, as every time an unsuccessful password attempt is made the disc is automatically ejected from the drive, requiring manual re-loading of the disc for each failed attempt.

SecureDisc uses a ‘disc-in-disc’ system that places the encrypted disc image inside a standard, non-encrypted UDF base file system. Using this system, SecureDisc can place decryption clients, documentation and other useful files in the non-encrypted base file system, while providing full security for files in the encrypted image. Also, since the encrypted image is simply a file on the disc, it requires no special permissions or disc features to access, preserving compatibility with end-user optical drives and making decryption client deployment much easier.

SecureDisc provides two different decryption clients, the Resident Client and the Explorer Client. Both present the same interface to the end user: When an encrypted disc is inserted, the decryption client will ask for a password. If a correct password is inserted, SecureDisc works in the background, decrypting files on-the-fly and providing drive-letter access. If an incorrect password is provided, SecureDisc will deny access and eject the disc.

The Resident Client uses a kernel-mode driver to perform decryption. This is more compatible with third-party viewers, but requires installation as an Administrator, and as such may not be suitable for all environments. The Explorer Client uses Windows’ built-in WebDAV redirector to mount the encrypted image as a network drive. This is not as compatible, but does not require intervention by an Administrator to work. Before deploying SecureDisc in your workflow, please evaluate both clients with your viewer software and your end users to see which one works best.

The Explorer Client makes use of Windows’ AutoRun system, and may not launch properly on systems that have AutoRun disabled.

There is a base license that is paid only once per system. The base license authorizes that system to produce encrypted discs and it never needs to be renewed. Updates within the major release purchased are covered under optional SAE. If a new major release is issued and an existing SecureDisc owner wants to purchase the new major release, SAE customers pay 50% off of the Commercial Price. 

Image Packs are bundled licenses that decrement every time a unique encrypted disc image is generated. Image Pack license keys are ‘plugged in’ to the SecureDisc base license.

Each disc encrypted with SecureDisc is counted as a “image”, and GTGI sells rights to encrypt images in packs of varying sizes, from 1,000 up to 25,000. How many you will need depends on your throughput. We offer complimentary units and licenses for testing and workflow development purposes; please contact us for more information.

Units are licensed per Control Center or “N” robotic unit, and are not transferable between machines without GTGI’s express permission and assistance; if you need to transfer units from a failed or replaced machine to a new machine, please contact us.

We no longer split image packs between machines. Please purchase a separate image pack for each machine you plan to encrypt on.

SecureDisc does not generate or manage passwords, rather, it encrypts using a password provided by your workflow. There are 4 ways to introduce an encryption password:

– Inside the job production order

– Include with disc content (inside a password text file, password blanked before recording)

– Use a fixed, global password (every disc has the same password)

– Use an extra merge field in the label file (password is automatically blanked before printing)

We can also provide ODBC database integration at an extra cost.