diff --git a/doc/chm/VeraCrypt User Guide.chm b/doc/chm/VeraCrypt User Guide.chm
index 757bcb20..05304065 100644
Binary files a/doc/chm/VeraCrypt User Guide.chm and b/doc/chm/VeraCrypt User Guide.chm differ
diff --git a/doc/chm/en/VeraCrypt.hhc b/doc/chm/en/VeraCrypt.hhc
index bf6f0bfc..0364eab3 100644
--- a/doc/chm/en/VeraCrypt.hhc
+++ b/doc/chm/en/VeraCrypt.hhc
@@ -229,6 +229,16 @@
 		<param name="Name" value="Command Line Usage">
 		<param name="Local" value="Command Line Usage.html">
 		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Windows">
+			<param name="Local" value="Command Line Usage for Windows.html">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Linux and macOS">
+			<param name="Local" value="Command Line Usage for Unix.html">
+			</OBJECT>
+	</UL>
 	<LI> <OBJECT type="text/sitemap">
 		<param name="Name" value="Security Model">
 		<param name="Local" value="Security Model.html">
diff --git a/doc/chm/en/VeraCrypt.hhp b/doc/chm/en/VeraCrypt.hhp
index 3df7306d..7f3a444f 100644
--- a/doc/chm/en/VeraCrypt.hhp
+++ b/doc/chm/en/VeraCrypt.hhp
@@ -52,6 +52,8 @@ Cascades.html
 Changing Passwords and Keyfiles.html
 Choosing Passwords and Keyfiles.html
 Command Line Usage.html
+Command Line Usage for Windows.html
+Command Line Usage for Unix.html
 CompilingGuidelineLinux.html
 CompilingGuidelines.html
 CompilingGuidelineWin.html
@@ -180,4 +182,3 @@ Wear-Leveling.html
 Whirlpool.html
 
 [INFOTYPES]
-
diff --git a/doc/html/en/Command Line Usage for Unix.html b/doc/html/en/Command Line Usage for Unix.html
new file mode 100644
index 00000000..aa2b0ec8
--- /dev/null
+++ b/doc/html/en/Command Line Usage for Unix.html	
@@ -0,0 +1,337 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
+<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
+<meta name="keywords" content="encryption, security"/>
+<link href="styles.css" rel="stylesheet" type="text/css" />
+</head>
+<body>
+
+<div>
+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
+</div>
+
+<div id="menu">
+	<ul>
+	  <li><a href="Home.html">Home</a></li>
+	  <li><a href="Code.html">Source Code</a></li>
+	  <li><a href="Downloads.html">Downloads</a></li>
+	  <li><a class="active" href="Documentation.html">Documentation</a></li>
+	  <li><a href="Donation.html">Donate</a></li>
+	  <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
+	</ul>
+</div>
+
+<div>
+<p>
+<a href="Documentation.html">Documentation</a>
+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
+<a href="Command%20Line%20Usage.html">Command Line Usage</a>
+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
+<a href="Command%20Line%20Usage%20for%20Unix.html">Linux and macOS</a>
+</p></div>
+
+<div class="wikidoc">
+<div>
+<h1>Command Line Usage for Linux and macOS</h1>
+<p>This section applies to VeraCrypt on Unix-like systems, including Linux and macOS. The Windows command-line syntax is documented separately in <a href="Command%20Line%20Usage%20for%20Windows.html">Command Line Usage for Windows</a>.</p>
+<p>To display the command-line help for the installed VeraCrypt build in a terminal, run:</p>
+<p><code>veracrypt -t --help</code></p>
+<p>The <code>-t</code> or <code>--text</code> option selects the text user interface and must be specified as the first argument. Without <code>-t</code>, <code>veracrypt --help</code> may show the graphical help window when the graphical user interface is available.</p>
+
+<h4>Syntax</h4>
+<p><code>veracrypt [OPTIONS] COMMAND</code></p>
+<p><code>veracrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]</code></p>
+<p>If no explicit command is specified and a volume path is given, VeraCrypt mounts the volume. When <code>MOUNT_DIRECTORY</code> is omitted, VeraCrypt uses the default mount directory.</p>
+
+<h4>Commands</h4>
+<table border="1" cellspacing="0" cellpadding="1">
+<tbody>
+<tr>
+<td><em>--auto-mount=devices|favorites</em></td>
+<td>Auto-mount device-hosted volumes, favorite volumes, or both when the values are combined with a comma.</td>
+</tr>
+<tr>
+<td><em>--backup-headers [VOLUME_PATH]</em></td>
+<td>Back up volume headers to a file. Required values not specified on the command line are requested from the user.</td>
+</tr>
+<tr>
+<td><em>-c</em> or <em>--create [VOLUME_PATH]</em></td>
+<td>Create a new volume. Most values are requested from the user if not specified on the command line. See also <em>--encryption</em>, <em>--filesystem</em>, <em>--hash</em>, <em>--keyfiles</em>, <em>--password</em>, <em>--pim</em>, <em>--random-source</em>, <em>--quick</em>, <em>--size</em>, and <em>--volume-type</em>.</td>
+</tr>
+<tr>
+<td><em>--create-keyfile [FILE_PATH]</em></td>
+<td>Create a new keyfile containing pseudo-random data.</td>
+</tr>
+<tr>
+<td><em>-C</em> or <em>--change [VOLUME_PATH]</em></td>
+<td>Change a volume password, PIM, keyfiles, and/or header key derivation algorithm. See also <em>--hash</em>, <em>--new-hash</em>, <em>--new-keyfiles</em>, <em>--new-password</em>, <em>--new-pim</em>, <em>--password</em>, <em>--pim</em>, and <em>--random-source</em>.</td>
+</tr>
+<tr>
+<td><em>-u</em> or <em>--unmount [MOUNTED_VOLUME]</em><br><em>-d</em> or <em>--dismount [MOUNTED_VOLUME]</em></td>
+<td>Unmount a mounted volume. If no mounted volume is specified, all mounted VeraCrypt volumes are unmounted. <em>--dismount</em> is deprecated; use <em>--unmount</em>.</td>
+</tr>
+<tr>
+<td><em>--delete-token-keyfiles</em></td>
+<td>Delete keyfiles from security tokens.</td>
+</tr>
+<tr>
+<td><em>--export-token-keyfile</em></td>
+<td>Export a keyfile from a security token.</td>
+</tr>
+<tr>
+<td><em>--import-token-keyfiles</em></td>
+<td>Import keyfiles to a security token. See also <em>--token-lib</em>.</td>
+</tr>
+<tr>
+<td><em>-l</em> or <em>--list [MOUNTED_VOLUME]</em></td>
+<td>Display mounted volumes. By default, only the volume path, virtual device, and mount point are shown. Use <em>--verbose</em> for more details.</td>
+</tr>
+<tr>
+<td><em>--list-token-keyfiles</em></td>
+<td>Display all available token keyfiles.</td>
+</tr>
+<tr>
+<td><em>--list-securitytoken-keyfiles</em></td>
+<td>Display all available security token keyfiles.</td>
+</tr>
+<tr>
+<td><em>--list-emvtoken-keyfiles</em></td>
+<td>Display all available EMV token keyfiles.</td>
+</tr>
+<tr>
+<td><em>--mount [VOLUME_PATH]</em></td>
+<td>Mount a volume interactively. The volume path and missing options are requested from the user.</td>
+</tr>
+<tr>
+<td><em>--restore-headers [VOLUME_PATH]</em></td>
+<td>Restore volume headers from the embedded backup header or from an external backup file.</td>
+</tr>
+<tr>
+<td><em>--save-preferences</em></td>
+<td>Save user preferences.</td>
+</tr>
+<tr>
+<td><em>--test</em></td>
+<td>Test internal algorithms used in the process of encryption and decryption.</td>
+</tr>
+<tr>
+<td><em>--version</em></td>
+<td>Display VeraCrypt version information.</td>
+</tr>
+<tr>
+<td><em>--volume-properties [MOUNTED_VOLUME]</em></td>
+<td>Display properties of a mounted volume.</td>
+</tr>
+</tbody>
+</table>
+
+<h4>MOUNTED_VOLUME</h4>
+<p>A mounted volume can be specified in any of the following forms:</p>
+<ul>
+<li>Path to the encrypted VeraCrypt volume.</li>
+<li>Mount directory of the volume's filesystem, if mounted.</li>
+<li>Slot number of the mounted volume, when used with <em>--slot</em>.</li>
+</ul>
+
+<h4>Options</h4>
+<table border="1" cellspacing="0" cellpadding="1">
+<tbody>
+<tr>
+<td><em>--allow-insecure-mount</em></td>
+<td>Allow mounting volumes on mount points that are in the user's <code>PATH</code>.</td>
+</tr>
+<tr>
+<td><em>--allow-screencapture</em></td>
+<td>Allow VeraCrypt windows to be included in screenshots and screen recordings. This option applies to macOS builds.</td>
+</tr>
+<tr>
+<td><em>--background-task</em></td>
+<td>Start the VeraCrypt background task.</td>
+</tr>
+<tr>
+<td><em>--display-password</em></td>
+<td>Display password characters while typing.</td>
+</tr>
+<tr>
+<td><em>--encryption=ENCRYPTION_ALGORITHM</em></td>
+<td>Use the specified encryption algorithm when creating a new volume. For cascades, use the algorithm name shown by VeraCrypt, for example <code>AES-Twofish</code>.</td>
+</tr>
+<tr>
+<td><em>--explore</em></td>
+<td>Open a file manager window after the volume is mounted.</td>
+</tr>
+<tr>
+<td><em>--filesystem=TYPE</em></td>
+<td>Filesystem type to mount or create. For mounting, the type is passed to the system mount command. <em>none</em> disables filesystem mounting or creation. Supported creation types depend on the platform: Linux supports <em>FAT</em>, <em>Ext2</em>, <em>Ext3</em>, <em>Ext4</em>, <em>NTFS</em>, <em>exFAT</em>, and <em>Btrfs</em>; macOS supports <em>FAT</em>, <em>HFS</em>/<em>HFS+</em>/<em>MacOsExt</em>, <em>exFAT</em>, and <em>APFS</em>; FreeBSD and Solaris builds support <em>FAT</em> and <em>UFS</em>. Non-FAT creation requires the corresponding system formatter to be available.</td>
+</tr>
+<tr>
+<td><em>-f</em> or <em>--force</em></td>
+<td>Force mounting of a volume in use, unmounting of a volume in use, or overwriting a file. The exact effect depends on the operating system.</td>
+</tr>
+<tr>
+<td><em>--fs-options=OPTIONS</em></td>
+<td>Filesystem mount options passed to the system mount command with <code>-o</code>. This option is available on Linux and other Unix-like builds where supported, but not on macOS.</td>
+</tr>
+<tr>
+<td><em>--hash=HASH</em></td>
+<td>Use the specified header key derivation algorithm when mounting, creating a volume, or changing password/keyfiles. This option also specifies the mixing hash of the random number generator when applicable.</td>
+</tr>
+<tr>
+<td><em>-h</em> or <em>--help</em></td>
+<td>Display detailed command-line help.</td>
+</tr>
+<tr>
+<td><em>-k KEYFILE1[,KEYFILE2,...]</em> or <em>--keyfiles=KEYFILE1[,KEYFILE2,...]</em></td>
+<td>Use the specified keyfiles. When a directory is specified, all files inside it are used non-recursively. Use a double comma (<code>,,</code>) for a comma contained in a keyfile name. A keyfile stored on a security token can be specified as <code>token://slot/SLOT_NUMBER/file/FILENAME</code>; an EMV token keyfile can be specified as <code>emv://slot/SLOT_NUMBER</code>. Use <code>-k ""</code> to disable interactive keyfile prompts.</td>
+</tr>
+<tr>
+<td><em>--legacy-password-maxlength</em></td>
+<td>Use the legacy maximum password length of 64 UTF-8 bytes.</td>
+</tr>
+<tr>
+<td><em>--load-preferences</em></td>
+<td>Load user preferences before processing command-line options, allowing command-line options to override preferences.</td>
+</tr>
+<tr>
+<td><em>-m OPTION1[,OPTION2,...]</em> or <em>--mount-options=OPTION1[,OPTION2,...]</em></td>
+<td>Set VeraCrypt volume mount options. Supported options are <em>headerbak</em>, <em>nokernelcrypto</em>, <em>readonly</em> or <em>ro</em>, <em>system</em>, and <em>timestamp</em> or <em>ts</em>.</td>
+</tr>
+<tr>
+<td><em>--new-hash=HASH</em></td>
+<td>Set the new header key derivation algorithm when changing a volume password or keyfiles. This option is used with <em>--change</em>.</td>
+</tr>
+<tr>
+<td><em>--new-keyfiles=KEYFILE1[,KEYFILE2,...]</em></td>
+<td>Set the new keyfiles when changing a volume password or keyfiles. This option is used with <em>--change</em>.</td>
+</tr>
+<tr>
+<td><em>--new-password=PASSWORD</em></td>
+<td>Set the new password when changing a volume password or keyfiles. This option is used with <em>--change</em>.</td>
+</tr>
+<tr>
+<td><em>--new-pim=PIM</em></td>
+<td>Set the new PIM when changing a volume password or keyfiles. This option is used with <em>--change</em>.</td>
+</tr>
+<tr>
+<td><em>--no-size-check</em></td>
+<td>Disable the check that verifies the requested container size against available free disk space.</td>
+</tr>
+<tr>
+<td><em>--non-interactive</em></td>
+<td>Do not interact with the user. This option is supported only in text mode.</td>
+</tr>
+<tr>
+<td><em>-p PASSWORD</em> or <em>--password=PASSWORD</em></td>
+<td>Use the specified password to mount or open a volume. An empty password can be specified with <code>-p ""</code>.</td>
+</tr>
+<tr>
+<td><em>--pim=PIM</em></td>
+<td>Use the specified PIM to mount or open a volume.</td>
+</tr>
+<tr>
+<td><em>--protect-hidden=yes|no</em></td>
+<td>Write-protect a hidden volume when mounting an outer volume. If enabled, VeraCrypt uses the hidden volume credentials to determine the hidden area and protects it against writes.</td>
+</tr>
+<tr>
+<td><em>--protection-hash=HASH</em></td>
+<td>Use the specified header key derivation algorithm for the hidden volume protected by <em>--protect-hidden=yes</em>.</td>
+</tr>
+<tr>
+<td><em>--protection-keyfiles=KEYFILE1[,KEYFILE2,...]</em></td>
+<td>Use the specified keyfiles for the hidden volume protected by <em>--protect-hidden=yes</em>.</td>
+</tr>
+<tr>
+<td><em>--protection-password=PASSWORD</em></td>
+<td>Use the specified password for the hidden volume protected by <em>--protect-hidden=yes</em>.</td>
+</tr>
+<tr>
+<td><em>--protection-pim=PIM</em></td>
+<td>Use the specified PIM for the hidden volume protected by <em>--protect-hidden=yes</em>.</td>
+</tr>
+<tr>
+<td><em>--quick</em></td>
+<td>Enable quick formatting when creating a volume. This option must not be used when creating an outer volume.</td>
+</tr>
+<tr>
+<td><em>--random-source=FILE</em></td>
+<td>Use the specified file as a source of random data, for example when creating a volume.</td>
+</tr>
+<tr>
+<td><em>--slot=SLOT</em></td>
+<td>Use the specified slot number when mounting, unmounting, listing, or displaying properties of a volume.</td>
+</tr>
+<tr>
+<td><em>--size=SIZE[K|KiB|M|MiB|G|GiB|T|TiB]</em> or <em>--size=max</em></td>
+<td>Use the specified size when creating a new volume. If no suffix is specified, the value is interpreted in bytes. <em>max</em> uses all available free space.</td>
+</tr>
+<tr>
+<td><em>--stdin</em></td>
+<td>Read the password from standard input. This option can be used only with <em>--non-interactive</em> and cannot be combined with <em>--password</em>.</td>
+</tr>
+<tr>
+<td><em>-t</em> or <em>--text</em></td>
+<td>Use the text user interface. This option must be specified as the first argument.</td>
+</tr>
+<tr>
+<td><em>--token-lib=LIB_PATH</em></td>
+<td>Use the specified PKCS #11 security token library.</td>
+</tr>
+<tr>
+<td><em>--token-pin=PIN</em></td>
+<td>Use the specified security token PIN.</td>
+</tr>
+<tr>
+<td><em>--use-dummy-sudo-password</em></td>
+<td>Use a dummy password in <code>sudo</code> to detect whether sudo is already authenticated. This option is available on Linux and FreeBSD builds.</td>
+</tr>
+<tr>
+<td><em>-v</em> or <em>--verbose</em></td>
+<td>Enable verbose output.</td>
+</tr>
+<tr>
+<td><em>--volume-type=normal|hidden</em></td>
+<td>Use the specified volume type when creating a new volume.</td>
+</tr>
+</tbody>
+</table>
+
+<h4>Security Notes</h4>
+<p>Passing a password, PIM, token PIN, or hidden-volume protection password on the command line can be insecure because command-line arguments may be visible in process listings, shell history, or system logs. When possible, let VeraCrypt prompt for sensitive values interactively, or use <em>--stdin</em> with <em>--non-interactive</em> where appropriate. Users must also follow the security requirements and precautions listed in <a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>.</p>
+
+<h4>Examples</h4>
+<p>Create a new volume using the text user interface:</p>
+<p><code>veracrypt -t -c</code></p>
+<p>Mount a volume:</p>
+<p><code>veracrypt volume.hc /media/veracrypt1</code></p>
+<p>Mount a volume read-only, using keyfiles:</p>
+<p><code>veracrypt -m ro -k keyfile1,keyfile2 volume.hc /media/veracrypt1</code></p>
+<p>Mount a volume without mounting its filesystem:</p>
+<p><code>veracrypt --filesystem=none volume.hc</code></p>
+<p>Mount a volume prompting only for its password:</p>
+<p><code>veracrypt -t -k "" --pim=0 --protect-hidden=no volume.hc /media/veracrypt1</code></p>
+<p>Mount a volume non-interactively and read the password from standard input:</p>
+<p><code>printf '%s\n' "$VERACRYPT_PASSWORD" | veracrypt -t --non-interactive --stdin --pim=0 --protect-hidden=no volume.hc /media/veracrypt1</code></p>
+<p>List mounted volumes with detailed information:</p>
+<p><code>veracrypt -t -v --list</code></p>
+<p>Unmount a volume:</p>
+<p><code>veracrypt -u volume.hc</code></p>
+<p>Unmount all mounted VeraCrypt volumes:</p>
+<p><code>veracrypt -u</code></p>
+
+<h4>Hidden Volume Creation in Text Mode</h4>
+<p>Inexperienced users should use the graphical user interface to create a hidden volume. When using the text user interface, the following procedure must be followed:</p>
+<ol>
+<li>Create an outer volume with no filesystem.</li>
+<li>Create a hidden volume within the outer volume.</li>
+<li>Mount the outer volume using hidden volume protection.</li>
+<li>Create a filesystem on the virtual device of the outer volume.</li>
+<li>Mount the new filesystem and fill it with data.</li>
+<li>Unmount the outer volume.</li>
+</ol>
+<p>If hidden volume protection is triggered at any step, start again from the first step.</p>
+
+</div>
+</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/en/Command Line Usage for Windows.html b/doc/html/en/Command Line Usage for Windows.html
new file mode 100644
index 00000000..b490ec8e
--- /dev/null
+++ b/doc/html/en/Command Line Usage for Windows.html	
@@ -0,0 +1,339 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
+<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
+<meta name="keywords" content="encryption, security"/>
+<link href="styles.css" rel="stylesheet" type="text/css" />
+</head>
+<body>
+
+<div>
+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
+</div>
+
+<div id="menu">
+	<ul>
+	  <li><a href="Home.html">Home</a></li>
+	  <li><a href="Code.html">Source Code</a></li>
+	  <li><a href="Downloads.html">Downloads</a></li>
+	  <li><a class="active" href="Documentation.html">Documentation</a></li>
+	  <li><a href="Donation.html">Donate</a></li>
+	  <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
+	</ul>
+</div>
+
+<div>
+<p>
+<a href="Documentation.html">Documentation</a>
+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
+<a href="Command%20Line%20Usage.html">Command Line Usage</a>
+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
+<a href="Command%20Line%20Usage%20for%20Windows.html">Windows</a>
+</p></div>
+
+<div class="wikidoc">
+<div>
+<h1>Command Line Usage for Windows</h1>
+<p>This section applies to the Windows version of VeraCrypt. The Unix-style command-line syntax used on Linux and macOS is documented separately in <a href="Command%20Line%20Usage%20for%20Unix.html">Command Line Usage for Linux and macOS</a>.</p>
+<table border="1" cellspacing="0" cellpadding="1">
+<tbody>
+<tr>
+<td><em>/help</em> or <em>/?</em></td>
+<td>Display command line help.</td>
+</tr>
+<tr>
+<td><em>/truecrypt or /tc</em></td>
+<td>Activate TrueCrypt compatibility mode which enables mounting volumes created with TrueCrypt 6.x and 7.x series.</td>
+</tr>
+<tr>
+<td><em>/hash</em></td>
+<td>It must be followed by a parameter indicating the PRF hash algorithm to use when mounting the volume. Possible values for /hash parameter are: sha256, sha-256, sha512, sha-512, whirlpool, blake2s and blake2s-256. When /hash is omitted, VeraCrypt will try
+ all possible PRF algorithms thus lengthening the mount operation time.</td>
+</tr>
+<tr>
+<td id="volume"><em>/volume</em> or <em>/v</em></td>
+<td>
+<p>It must be followed by a parameter indicating the file and path name of a VeraCrypt volume to mount (do not use when unmounting) or the Volume ID of the disk/partition to mount.<br>
+The syntax of the volume ID is <strong>ID:XXXXXX...XX</strong> where the XX part is a 64 hexadecimal characters string that represent the 32-Bytes ID of the desired volume to mount.<br>
+<br>
+To mount a partition/device-hosted volume, use, for example, /v \Device\Harddisk1\Partition3 (to determine the path to a partition/device, run VeraCrypt and click
+<em>Select Device</em>). You can also mount a partition or dynamic volume using its volume name (for example, /v \\?\Volume{5cceb196-48bf-46ab-ad00-70965512253a}\). To determine the volume name use e.g. mountvol.exe. Also note that device paths are case-sensitive.<br>
+<br>
+You can also specify the Volume ID of the partition/device-hosted volume to mount, for example: /v ID:53B9A8D59CC84264004DA8728FC8F3E2EE6C130145ABD3835695C29FD601EDCA. The Volume ID value can be retrieved using the volume properties dialog.</p>
+</td>
+</tr>
+<tr>
+<td><em>/letter</em> or <em>/l</em></td>
+<td>It must be followed by a parameter indicating the driver letter to mount the volume as. When /l is omitted and when /a is used, the first free drive letter is used.</td>
+</tr>
+<tr>
+<td><em>/explore</em> or <em>/e</em></td>
+<td>Open an Explorer window after a volume has been mounted.</td>
+</tr>
+<tr>
+<td><em>/beep</em> or <em>/b</em></td>
+<td>Beep after a volume has been successfully mounted or unmounted.</td>
+</tr>
+<tr>
+<td><em>/auto</em> or <em>/a</em></td>
+<td>If no parameter is specified, automatically mount the volume. If devices is specified as the parameter (e.g., /a devices), auto-mount all currently accessible device/partition-hosted VeraCrypt volumes. If favorites is specified as the parameter, auto-mount
+ favorite volumes. Note that /auto is implicit if /quit and /volume are specified. If you need to prevent the application window from appearing, use /quit.</td>
+</tr>
+<tr>
+<td><em>/unmount</em> or <em>/u</em></td>
+<td>Unmount volume specified by drive letter (e.g., /u x). When no drive letter is specified, unmounts all currently mounted VeraCrypt volumes.</td>
+</tr>
+<tr>
+<td><em>/dismount</em> or <em>/d</em></td>
+<td>Deprecated. Please use /unmount or /u.</td>
+</tr>
+<tr>
+<td><em>/force</em> or <em>/f</em></td>
+<td>Forces unmount (if the volume to be unmounted contains files being used by the system or an application) and forces mounting in shared mode (i.e., without exclusive access).</td>
+</tr>
+<tr>
+<td><em>/keyfile</em> or <em>/k</em></td>
+<td>It must be followed by a parameter specifying a keyfile or a keyfile search path. For multiple keyfiles, specify e.g.: /k c:\keyfile1.dat /k d:\KeyfileFolder /k c:\kf2 To specify a keyfile stored on a security token or smart card, use the following syntax:
+ token://slot/SLOT_NUMBER/file/FILE_NAME</td>
+</tr>
+<tr id="tryemptypass">
+<td><em>/tryemptypass&nbsp;&nbsp; </em></td>
+<td>ONLY when default keyfile configured or when a keyfile is specified in the command line.<br>
+If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: try to mount using an empty password and the keyfile before displaying password prompt.<br>
+if it is followed by <strong>n </strong>or<strong> no</strong>: don't try to mount using an empty password and the keyfile, and display password prompt right away.</td>
+</tr>
+<tr>
+<td><em>/nowaitdlg</em></td>
+<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: don&rsquo;t display the waiting dialog while performing operations like mounting volumes.<br>
+If it is followed by <strong>n</strong> or <strong>no</strong>: force the display waiting dialog is displayed while performing operations.</td>
+</tr>
+<tr>
+<td><em>/secureDesktop</em></td>
+<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: display password dialog and token PIN dialog in a dedicated secure desktop to protect against certain types of attacks.<br>
+If it is followed by <strong>n</strong> or <strong>no</strong>: the password dialog and token PIN dialog are displayed in the normal desktop.</td>
+</tr>
+<tr>
+<td><em>/tokenlib</em></td>
+<td>It must be followed by a parameter indicating the PKCS #11 library to use for security tokens and smart cards. (e.g.: /tokenlib c:\pkcs11lib.dll)</td>
+</tr>
+<tr>
+<td><em>/tokenpin</em></td>
+<td>It must be followed by a parameter indicating the PIN to use in order to authenticate to the security token or smart card (e.g.: /tokenpin 0000). Warning: This method of entering a smart card PIN may be insecure, for example, when an unencrypted command
+ prompt history log is being saved to unencrypted disk.</td>
+</tr>
+<tr>
+<td><em>/cache</em> or <em>/c</em></td>
+<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: enable password cache;
+<br>
+If it is followed by <strong>p </strong>or<strong> pim</strong>: enable both password and PIM cache (e.g., /c p).<br>
+If it is followed by <strong>n </strong>or<strong> no</strong>: disable password cache (e.g., /c n).<br>
+If it is followed by <strong>f </strong>or<strong> favorites</strong>: temporary cache password when mounting multiple favorites&nbsp; (e.g., /c f).<br>
+Note that turning the password cache off will not clear it (use /w to clear the password cache).</td>
+</tr>
+<tr>
+<td><em>/history</em> or <em>/h</em></td>
+<td>If it is followed by <strong>y</strong> or no parameter: enables saving history of mounted volumes; if it is followed by
+<strong>n</strong>: disables saving history of mounted volumes (e.g., /h n).</td>
+</tr>
+<tr>
+<td><em>/wipecache</em> or <em>/w</em></td>
+<td>Wipes any passwords cached in the driver memory.</td>
+</tr>
+<tr>
+<td><em>/password</em> or <em>/p</em></td>
+<td>It must be followed by a parameter indicating the volume password. If the password contains spaces, it must be enclosed in quotation marks (e.g., /p &rdquo;My Password&rdquo;). Use /p &rdquo;&rdquo; to specify an empty password.
+<em>Warning: This method of entering a volume password may be insecure, for example, when an unencrypted command prompt history log is being saved to unencrypted disk.</em></td>
+</tr>
+<tr>
+<td><em>/pim</em></td>
+<td>It must be followed by a positive integer indicating the PIM (Personal Iterations Multiplier) to use for the volume.</td>
+</tr>
+<tr>
+<td><em>/quit</em> or <em>/q</em></td>
+<td>Automatically perform requested actions and exit (main VeraCrypt window will not be displayed). If preferences is specified as the parameter (e.g., /q preferences), then program settings are loaded/saved and they override settings specified on the command
+ line. /q background launches the VeraCrypt Background Task (tray icon) unless it is disabled in the Preferences.</td>
+</tr>
+<tr>
+<td><em>/silent</em> or <em>/s</em></td>
+<td>If /q is specified, suppresses interaction with the user (prompts, error messages, warnings, etc.). If /q is not specified, this option has no effect.</td>
+</tr>
+<tr>
+<td><em>/mountoption</em> or <em>/m</em></td>
+<td>
+<p>It must be followed by a parameter which can have one of the values indicated below.</p>
+<p><strong>ro</strong> or<strong> readonly</strong>: Mount volume as read-only.</p>
+<p><strong>rm</strong> or <strong>removable</strong>: Mount volume as removable medium (see section
+<a href="Removable%20Medium%20Volume.html">
+<em>Volume Mounted as Removable Medium</em></a>).</p>
+<p><strong>ts</strong> or <strong>timestamp</strong>: Do not preserve container modification timestamp.</p>
+<p><strong>sm</strong> or <strong>system</strong>: Without pre-boot authentication, mount a partition that is within the key scope of system encryption (for example, a partition located on the encrypted system drive of another operating system that is not running).
+ Useful e.g. for backup or repair operations. Note: If you supply a password as a parameter of /p, make sure that the password has been typed using the standard US keyboard layout (in contrast, the GUI ensures this automatically). This is required due to the
+ fact that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available.</p>
+<p><strong>bk</strong> or <strong>headerbak</strong>: Mount volume using embedded backup header. Note: All volumes created by VeraCrypt contain an embedded backup header (located at the end of the volume).</p>
+<p><strong>recovery</strong>: Do not verify any checksums stored in the volume header. This option should be used only when the volume header is damaged and the volume cannot be mounted even with the mount option headerbak. Example: /m ro</p>
+<p><strong>label=LabelValue</strong>: Use the given string value <strong>LabelValue</strong> as a label of the mounted volume in Windows Explorer. The maximum length for
+<strong>LabelValue&nbsp;</strong> is 32 characters for NTFS volumes and 11 characters for FAT volumes. For example,
+<em>/m label=MyDrive</em> will set the label of the drive in Explorer to <em>MyDrive</em>.</p>
+<p><strong>noattach</strong>: Only create virtual device without actually attaching the mounted volume to the selected drive letter.</p>
+<p>Please note that this switch may be present several times in the command line in order to specify multiple mount options (e.g.: /m rm /m ts)</p>
+</td>
+</tr>
+<tr>
+<td><em>/DisableDeviceUpdate</em>&nbsp;</td>
+<td>Disables periodic internel check on devices connected to the system that is used for handling favorites identified with VolumeID and replace it with on-demande checks.</td>
+</tr>
+<tr>
+<td><em>/protectMemory</em>&nbsp;</td>
+<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: Activates a mechanism that protects VeraCrypt process memory from being accessed by other non-admin processes.
+<br>
+If it is followed by <strong>n</strong> or <strong>no</strong> (ONLY allowed for portable mode): disables the memory protection mechanism (e.g., /protectMemory n).<br>
+</td>
+</tr>
+<tr>
+<td><em>/protectScreen</em>&nbsp;</td>
+<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: Activates a mechanism that protects VeraCrypt against screenshots and screen recordings.
+<br>
+If it is followed by <strong>n</strong> or <strong>no</strong> (ONLY allowed for portable mode): disables the screen protection mechanism (e.g., /protectScreen n).<br>
+</td>
+</tr>
+<tr>
+<td><em>/signalExit</em>&nbsp;</td>
+<td>It must be followed by a parameter specifying the name of the signal to send to unblock a waiting <a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/waitfor" target="_blank">WAITFOR.EXE</a> command when VeraCrypt exists.<br>
+The name of signal must be the same as the one specified to WAITFOR.EXE command (e.g."veracrypt.exe /q /v test.hc /l Z /signal SigName" followed by "waitfor.exe SigName"<br>
+This switch is ignored if /q is not specified</td>
+</tr>
+</tbody>
+</table>
+<h4>VeraCrypt Format.exe (VeraCrypt Volume Creation Wizard):</h4>
+<table border="1" cellspacing="0" cellpadding="0">
+<tbody>
+<tr>
+<td>/create</td>
+<td>Create a container based volume in command line mode. It must be followed by the file name of the container to be created.</td>
+</tr>
+<tr>
+<td>/size</td>
+<td>
+<p>(Only with /create)<br>
+It must be followed by a parameter indicating the size of the container file that will be created. This parameter is a number indicating the size in Bytes. It can have a suffixe 'K', 'M', 'G' or 'T' to indicate that the value is in Kilobytes, Megabytes, Gigabytes
+ or Terabytes respectively. For example:</p>
+<ul>
+<li>/size 5000000: the container size will be 5000000 bytes </li><li>/size 25K: the container size will be 25 KiloBytes. </li><li>/size 100M: the container size will be 100 MegaBytes. </li><li>/size 2G: the container size will be 2 GigaBytes. </li><li>/size 1T: the container size will be 1 TeraBytes. </li></ul>
+</td>
+</tr>
+<tr>
+<td>&nbsp;/password</td>
+<td>&nbsp;(Only with /create)<br>
+It must be followed by a parameter indicating the password of the container that will be created.</td>
+</tr>
+<tr>
+<td>&nbsp;/keyfile or /k</td>
+<td>&nbsp;(Only with /create)<br>
+It must be followed by a parameter specifying a keyfile or a keyfile search path. For multiple keyfiles, specify e.g.: /k c:\keyfile1.dat /k d:\KeyfileFolder /k c:\kf2 To specify a keyfile stored on a security token or smart card, use the following syntax:
+ token://slot/SLOT_NUMBER/file/FILE_NAME</td>
+</tr>
+<tr>
+<td><em>/tokenlib</em></td>
+<td>&nbsp;(Only with /create)<br>
+It must be followed by a parameter indicating the PKCS #11 library to use for security tokens and smart cards. (e.g.: /tokenlib c:\pkcs11lib.dll)</td>
+</tr>
+<tr>
+<td><em>/tokenpin</em></td>
+<td>&nbsp;(Only with /create)<br>
+It must be followed by a parameter indicating the PIN to use in order to authenticate to the security token or smart card (e.g.: /tokenpin 0000). Warning: This method of entering a smart card PIN may be insecure, for example, when an unencrypted command
+ prompt history log is being saved to unencrypted disk.</td>
+</tr>
+<tr>
+<td>&nbsp;<em>/hash</em></td>
+<td>(Only with /create)<br>
+It must be followed by a parameter indicating the PRF hash algorithm to use when creating the volume. It has the same syntax as VeraCrypt.exe.</td>
+</tr>
+<tr>
+<td>/encryption</td>
+<td>(Only with /create)<br>
+It must be followed by a parameter indicating the encryption algorithm to use. The default is AES if this switch is not specified. The parameter can have the following values (case insensitive):
+<ul>
+<li>AES </li><li>Serpent </li><li>Twofish </li><li>Camellia </li><li>Kuznyechik </li><li>AES(Twofish) </li><li>AES(Twofish(Serpent)) </li><li>Serpent(AES) </li><li>Serpent(Twofish(AES)) </li><li>Twofish(Serpent) </li>
+<li>Camellia(Kuznyechik) </li>
+<li>Kuznyechik(Twofish) </li>
+<li>Camellia(Serpent) </li>
+<li>Kuznyechik(AES) </li>
+<li>Kuznyechik(Serpent(Camellia)) </li>
+</ul>
+</td>
+</tr>
+<tr>
+<td>/filesystem</td>
+<td>(Only with /create)<br>
+It must be followed by a parameter indicating the file system to use for the volume. The parameter can have the following values:
+<ul>
+<li>None: don't use any filesystem </li><li>FAT: format using FAT/FAT32 </li><li>NTFS: format using NTFS. Please note that in this case a UAC prompt will be displayed unless the process is run with full administrative privileges.
+</li>
+<li>ExFAT: format using ExFAT. This switch is available starting from Windows Vista SP1 </li>
+<li>ReFS: format using ReFS. This switch is available starting from Windows 10 </li>
+</ul>
+</td>
+</tr>
+<tr>
+<td>/dynamic</td>
+<td>(Only with /create)<br>
+It has no parameters and it indicates that the volume will be created as a dynamic volume.</td>
+</tr>
+<tr>
+<td>/force</td>
+<td>(Only with /create)<br>
+It has no parameters and it indicates that overwrite will be forced without requiring user confirmation.</td>
+</tr>
+<tr>
+<td>/silent</td>
+<td>(Only with /create)<br>
+It has no parameters and it indicates that no message box or dialog will be displayed to the user. If there is any error, the operation will fail silently.</td>
+</tr>
+<tr>
+<td><em>/noisocheck</em> or <em>/n</em></td>
+<td>Do not verify that VeraCrypt Rescue Disks are correctly burned. <strong>WARNING</strong>: Never attempt to use this option to facilitate the reuse of a previously created VeraCrypt Rescue Disk. Note that every time you encrypt a system partition/drive,
+ you must create a new VeraCrypt Rescue Disk even if you use the same password. A previously created VeraCrypt Rescue Disk cannot be reused as it was created for a different master key.</td>
+</tr>
+<tr>
+<td>/nosizecheck</td>
+<td>Don't check that the given size of the file container is smaller than the available disk free. This applies to both UI and command line.</td>
+</tr>
+<tr>
+<td>/quick</td>
+<td>Perform quick formatting of volumes instead of full formatting. This applies to both UI and command line.</td>
+</tr>
+<tr>
+<td>/FastCreateFile</td>
+<td>Enables a faster, albeit potentially insecure, method for creating file containers. This option carries security risks as it can embed existing disk content into the file container, possibly exposing sensitive data if an attacker gains access to it. Note that this switch affects all file container creation methods, whether initiated from the command line, using the /create switch, or through the UI wizard.</td>
+</tr>
+<tr>
+<td><em>/protectMemory</em>&nbsp;</td>
+<td>Activates a mechanism that protects VeraCrypt Format process memory from being accessed by other non-admin processes.</td>
+</tr>
+<tr>
+<td><em>/secureDesktop</em></td>
+<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: display password dialog and token PIN dialog in a dedicated secure desktop to protect against certain types of attacks.<br>
+If it is followed by <strong>n</strong> or <strong>no</strong>: the password dialog and token PIN dialog are displayed in the normal desktop.</td>
+</tr>
+</tbody>
+</table>
+<h4>Syntax</h4>
+<p>VeraCrypt.exe [/tc] [/hash {sha256|sha-256|sha512|sha-512|whirlpool |blake2s|blake2s-256}][/a [devices|favorites]] [/b] [/c [y|n|f]] [/d [drive letter]] [/e] [/f] [/h [y|n]] [/k keyfile or search path] [tryemptypass [y|n]] [/l drive letter] [/m {bk|rm|recovery|ro|sm|ts|noattach}]
+ [/p password] [/pim pimvalue] [/q [background|preferences]] [/s] [/tokenlib path] [/v volume] [/w]</p>
+<p>&quot;VeraCrypt Format.exe&quot; [/n] [/create] [/size number[{K|M|G|T}]] [/p password]&nbsp; [/encryption {AES | Serpent | Twofish | Camellia | Kuznyechik | AES(Twofish) | AES(Twofish(Serpent)) | Serpent(AES) | Serpent(Twofish(AES)) | Twofish(Serpent) | Camellia(Kuznyechik) | Kuznyechik(Twofish) | Camellia(Serpent) | Kuznyechik(AES) | Kuznyechik(Serpent(Camellia)))}] [/hash {sha256|sha-256|sha512|sha-512|whirlpool|blake2s|blake2s-256}]
+ [/filesystem {None|FAT|NTFS|ExFAT|ReFS}] [/dynamic] [/force] [/silent] [/noisocheck] [FastCreateFile] [/quick]</p>
+<p>Note that the order in which options are specified does not matter.</p>
+<h4>Examples</h4>
+<p>Mount the volume <em>d:\myvolume</em> as the first free drive letter, using the password prompt (the main program window will not be displayed):</p>
+<p>veracrypt /q /v d:\myvolume</p>
+<p>Unmount a volume mounted as the drive letter <em>X</em> (the main program window will not be displayed):</p>
+<p>veracrypt /q /d x</p>
+<p>Mount a volume called <em>myvolume.tc</em> using the password <em>MyPassword</em>, as the drive letter
+<em>X</em>. VeraCrypt will open an explorer window and beep; mounting will be automatic:</p>
+<p>veracrypt /v myvolume.tc /l x /a /p MyPassword /e /b</p>
+<p>Create a 10 MB file container using the password <em>test</em> and formatted using FAT:</p>
+<p><code>&quot;C:\Program Files\VeraCrypt\VeraCrypt Format.exe&quot; /create c:\Data\test.hc /password test /hash sha512 /encryption serpent /filesystem FAT /size 10M /force</code></p>
+</div>
+</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/en/Command Line Usage.html b/doc/html/en/Command Line Usage.html
index 117921c5..c27c8da2 100644
--- a/doc/html/en/Command Line Usage.html	
+++ b/doc/html/en/Command Line Usage.html	
@@ -34,305 +34,12 @@
 <div class="wikidoc">
 <div>
 <h1>Command Line Usage</h1>
-<p>Note that this section applies to the Windows version of VeraCrypt. For information on command line usage applying to the
-<strong>Linux and Mac OS X versions</strong>, please run: veracrypt &ndash;h</p>
-<table border="1" cellspacing="0" cellpadding="1">
-<tbody>
-<tr>
-<td><em>/help</em> or <em>/?</em></td>
-<td>Display command line help.</td>
-</tr>
-<tr>
-<td><em>/truecrypt or /tc</em></td>
-<td>Activate TrueCrypt compatibility mode which enables mounting volumes created with TrueCrypt 6.x and 7.x series.</td>
-</tr>
-<tr>
-<td><em>/hash</em></td>
-<td>It must be followed by a parameter indicating the PRF hash algorithm to use when mounting the volume. Possible values for /hash parameter are: sha256, sha-256, sha512, sha-512, whirlpool, blake2s and blake2s-256. When /hash is omitted, VeraCrypt will try
- all possible PRF algorithms thus lengthening the mount operation time.</td>
-</tr>
-<tr>
-<td id="volume"><em>/volume</em> or <em>/v</em></td>
-<td>
-<p>It must be followed by a parameter indicating the file and path name of a VeraCrypt volume to mount (do not use when unmounting) or the Volume ID of the disk/partition to mount.<br>
-The syntax of the volume ID is <strong>ID:XXXXXX...XX</strong> where the XX part is a 64 hexadecimal characters string that represent the 32-Bytes ID of the desired volume to mount.<br>
-<br>
-To mount a partition/device-hosted volume, use, for example, /v \Device\Harddisk1\Partition3 (to determine the path to a partition/device, run VeraCrypt and click
-<em>Select Device</em>). You can also mount a partition or dynamic volume using its volume name (for example, /v \\?\Volume{5cceb196-48bf-46ab-ad00-70965512253a}\). To determine the volume name use e.g. mountvol.exe. Also note that device paths are case-sensitive.<br>
-<br>
-You can also specify the Volume ID of the partition/device-hosted volume to mount, for example: /v ID:53B9A8D59CC84264004DA8728FC8F3E2EE6C130145ABD3835695C29FD601EDCA. The Volume ID value can be retrieved using the volume properties dialog.</p>
-</td>
-</tr>
-<tr>
-<td><em>/letter</em> or <em>/l</em></td>
-<td>It must be followed by a parameter indicating the driver letter to mount the volume as. When /l is omitted and when /a is used, the first free drive letter is used.</td>
-</tr>
-<tr>
-<td><em>/explore</em> or <em>/e</em></td>
-<td>Open an Explorer window after a volume has been mounted.</td>
-</tr>
-<tr>
-<td><em>/beep</em> or <em>/b</em></td>
-<td>Beep after a volume has been successfully mounted or unmounted.</td>
-</tr>
-<tr>
-<td><em>/auto</em> or <em>/a</em></td>
-<td>If no parameter is specified, automatically mount the volume. If devices is specified as the parameter (e.g., /a devices), auto-mount all currently accessible device/partition-hosted VeraCrypt volumes. If favorites is specified as the parameter, auto-mount
- favorite volumes. Note that /auto is implicit if /quit and /volume are specified. If you need to prevent the application window from appearing, use /quit.</td>
-</tr>
-<tr>
-<td><em>/unmount</em> or <em>/u</em></td>
-<td>Unmount volume specified by drive letter (e.g., /u x). When no drive letter is specified, unmounts all currently mounted VeraCrypt volumes.</td>
-</tr>
-<tr>
-<td><em>/dismount</em> or <em>/d</em></td>
-<td>Deprecated. Please use /unmount or /u.</td>
-</tr>
-<tr>
-<td><em>/force</em> or <em>/f</em></td>
-<td>Forces unmount (if the volume to be unmounted contains files being used by the system or an application) and forces mounting in shared mode (i.e., without exclusive access).</td>
-</tr>
-<tr>
-<td><em>/keyfile</em> or <em>/k</em></td>
-<td>It must be followed by a parameter specifying a keyfile or a keyfile search path. For multiple keyfiles, specify e.g.: /k c:\keyfile1.dat /k d:\KeyfileFolder /k c:\kf2 To specify a keyfile stored on a security token or smart card, use the following syntax:
- token://slot/SLOT_NUMBER/file/FILE_NAME</td>
-</tr>
-<tr id="tryemptypass">
-<td><em>/tryemptypass&nbsp;&nbsp; </em></td>
-<td>ONLY when default keyfile configured or when a keyfile is specified in the command line.<br>
-If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: try to mount using an empty password and the keyfile before displaying password prompt.<br>
-if it is followed by <strong>n </strong>or<strong> no</strong>: don't try to mount using an empty password and the keyfile, and display password prompt right away.</td>
-</tr>
-<tr>
-<td><em>/nowaitdlg</em></td>
-<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: don&rsquo;t display the waiting dialog while performing operations like mounting volumes.<br>
-If it is followed by <strong>n</strong> or <strong>no</strong>: force the display waiting dialog is displayed while performing operations.</td>
-</tr>
-<tr>
-<td><em>/secureDesktop</em></td>
-<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: display password dialog and token PIN dialog in a dedicated secure desktop to protect against certain types of attacks.<br>
-If it is followed by <strong>n</strong> or <strong>no</strong>: the password dialog and token PIN dialog are displayed in the normal desktop.</td>
-</tr>
-<tr>
-<td><em>/tokenlib</em></td>
-<td>It must be followed by a parameter indicating the PKCS #11 library to use for security tokens and smart cards. (e.g.: /tokenlib c:\pkcs11lib.dll)</td>
-</tr>
-<tr>
-<td><em>/tokenpin</em></td>
-<td>It must be followed by a parameter indicating the PIN to use in order to authenticate to the security token or smart card (e.g.: /tokenpin 0000). Warning: This method of entering a smart card PIN may be insecure, for example, when an unencrypted command
- prompt history log is being saved to unencrypted disk.</td>
-</tr>
-<tr>
-<td><em>/cache</em> or <em>/c</em></td>
-<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: enable password cache;
-<br>
-If it is followed by <strong>p </strong>or<strong> pim</strong>: enable both password and PIM cache (e.g., /c p).<br>
-If it is followed by <strong>n </strong>or<strong> no</strong>: disable password cache (e.g., /c n).<br>
-If it is followed by <strong>f </strong>or<strong> favorites</strong>: temporary cache password when mounting multiple favorites&nbsp; (e.g., /c f).<br>
-Note that turning the password cache off will not clear it (use /w to clear the password cache).</td>
-</tr>
-<tr>
-<td><em>/history</em> or <em>/h</em></td>
-<td>If it is followed by <strong>y</strong> or no parameter: enables saving history of mounted volumes; if it is followed by
-<strong>n</strong>: disables saving history of mounted volumes (e.g., /h n).</td>
-</tr>
-<tr>
-<td><em>/wipecache</em> or <em>/w</em></td>
-<td>Wipes any passwords cached in the driver memory.</td>
-</tr>
-<tr>
-<td><em>/password</em> or <em>/p</em></td>
-<td>It must be followed by a parameter indicating the volume password. If the password contains spaces, it must be enclosed in quotation marks (e.g., /p &rdquo;My Password&rdquo;). Use /p &rdquo;&rdquo; to specify an empty password.
-<em>Warning: This method of entering a volume password may be insecure, for example, when an unencrypted command prompt history log is being saved to unencrypted disk.</em></td>
-</tr>
-<tr>
-<td><em>/pim</em></td>
-<td>It must be followed by a positive integer indicating the PIM (Personal Iterations Multiplier) to use for the volume.</td>
-</tr>
-<tr>
-<td><em>/quit</em> or <em>/q</em></td>
-<td>Automatically perform requested actions and exit (main VeraCrypt window will not be displayed). If preferences is specified as the parameter (e.g., /q preferences), then program settings are loaded/saved and they override settings specified on the command
- line. /q background launches the VeraCrypt Background Task (tray icon) unless it is disabled in the Preferences.</td>
-</tr>
-<tr>
-<td><em>/silent</em> or <em>/s</em></td>
-<td>If /q is specified, suppresses interaction with the user (prompts, error messages, warnings, etc.). If /q is not specified, this option has no effect.</td>
-</tr>
-<tr>
-<td><em>/mountoption</em> or <em>/m</em></td>
-<td>
-<p>It must be followed by a parameter which can have one of the values indicated below.</p>
-<p><strong>ro</strong> or<strong> readonly</strong>: Mount volume as read-only.</p>
-<p><strong>rm</strong> or <strong>removable</strong>: Mount volume as removable medium (see section
-<a href="Removable%20Medium%20Volume.html">
-<em>Volume Mounted as Removable Medium</em></a>).</p>
-<p><strong>ts</strong> or <strong>timestamp</strong>: Do not preserve container modification timestamp.</p>
-<p><strong>sm</strong> or <strong>system</strong>: Without pre-boot authentication, mount a partition that is within the key scope of system encryption (for example, a partition located on the encrypted system drive of another operating system that is not running).
- Useful e.g. for backup or repair operations. Note: If you supply a password as a parameter of /p, make sure that the password has been typed using the standard US keyboard layout (in contrast, the GUI ensures this automatically). This is required due to the
- fact that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available.</p>
-<p><strong>bk</strong> or <strong>headerbak</strong>: Mount volume using embedded backup header. Note: All volumes created by VeraCrypt contain an embedded backup header (located at the end of the volume).</p>
-<p><strong>recovery</strong>: Do not verify any checksums stored in the volume header. This option should be used only when the volume header is damaged and the volume cannot be mounted even with the mount option headerbak. Example: /m ro</p>
-<p><strong>label=LabelValue</strong>: Use the given string value <strong>LabelValue</strong> as a label of the mounted volume in Windows Explorer. The maximum length for
-<strong>LabelValue&nbsp;</strong> is 32 characters for NTFS volumes and 11 characters for FAT volumes. For example,
-<em>/m label=MyDrive</em> will set the label of the drive in Explorer to <em>MyDrive</em>.</p>
-<p><strong>noattach</strong>: Only create virtual device without actually attaching the mounted volume to the selected drive letter.</p>
-<p>Please note that this switch may be present several times in the command line in order to specify multiple mount options (e.g.: /m rm /m ts)</p>
-</td>
-</tr>
-<tr>
-<td><em>/DisableDeviceUpdate</em>&nbsp;</td>
-<td>Disables periodic internel check on devices connected to the system that is used for handling favorites identified with VolumeID and replace it with on-demande checks.</td>
-</tr>
-<tr>
-<td><em>/protectMemory</em>&nbsp;</td>
-<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: Activates a mechanism that protects VeraCrypt process memory from being accessed by other non-admin processes.
-<br>
-If it is followed by <strong>n</strong> or <strong>no</strong> (ONLY allowed for portable mode): disables the memory protection mechanism (e.g., /protectMemory n).<br>
-</td>
-</tr>
-<tr>
-<td><em>/protectScreen</em>&nbsp;</td>
-<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: Activates a mechanism that protects VeraCrypt against screenshots and screen recordings.
-<br>
-If it is followed by <strong>n</strong> or <strong>no</strong> (ONLY allowed for portable mode): disables the screen protection mechanism (e.g., /protectScreen n).<br>
-</td>
-</tr>
-<tr>
-<td><em>/signalExit</em>&nbsp;</td>
-<td>It must be followed by a parameter specifying the name of the signal to send to unblock a waiting <a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/waitfor" target="_blank">WAITFOR.EXE</a> command when VeraCrypt exists.<br>
-The name of signal must be the same as the one specified to WAITFOR.EXE command (e.g."veracrypt.exe /q /v test.hc /l Z /signal SigName" followed by "waitfor.exe SigName"<br>
-This switch is ignored if /q is not specified</td>
-</tr>
-</tbody>
-</table>
-<h4>VeraCrypt Format.exe (VeraCrypt Volume Creation Wizard):</h4>
-<table border="1" cellspacing="0" cellpadding="0">
-<tbody>
-<tr>
-<td>/create</td>
-<td>Create a container based volume in command line mode. It must be followed by the file name of the container to be created.</td>
-</tr>
-<tr>
-<td>/size</td>
-<td>
-<p>(Only with /create)<br>
-It must be followed by a parameter indicating the size of the container file that will be created. This parameter is a number indicating the size in Bytes. It can have a suffixe 'K', 'M', 'G' or 'T' to indicate that the value is in Kilobytes, Megabytes, Gigabytes
- or Terabytes respectively. For example:</p>
+<p>VeraCrypt uses different command-line syntaxes on Windows and on Unix-like systems. Select the page that matches your operating system:</p>
 <ul>
-<li>/size 5000000: the container size will be 5000000 bytes </li><li>/size 25K: the container size will be 25 KiloBytes. </li><li>/size 100M: the container size will be 100 MegaBytes. </li><li>/size 2G: the container size will be 2 GigaBytes. </li><li>/size 1T: the container size will be 1 TeraBytes. </li></ul>
-</td>
-</tr>
-<tr>
-<td>&nbsp;/password</td>
-<td>&nbsp;(Only with /create)<br>
-It must be followed by a parameter indicating the password of the container that will be created.</td>
-</tr>
-<tr>
-<td>&nbsp;/keyfile or /k</td>
-<td>&nbsp;(Only with /create)<br>
-It must be followed by a parameter specifying a keyfile or a keyfile search path. For multiple keyfiles, specify e.g.: /k c:\keyfile1.dat /k d:\KeyfileFolder /k c:\kf2 To specify a keyfile stored on a security token or smart card, use the following syntax:
- token://slot/SLOT_NUMBER/file/FILE_NAME</td>
-</tr>
-<tr>
-<td><em>/tokenlib</em></td>
-<td>&nbsp;(Only with /create)<br>
-It must be followed by a parameter indicating the PKCS #11 library to use for security tokens and smart cards. (e.g.: /tokenlib c:\pkcs11lib.dll)</td>
-</tr>
-<tr>
-<td><em>/tokenpin</em></td>
-<td>&nbsp;(Only with /create)<br>
-It must be followed by a parameter indicating the PIN to use in order to authenticate to the security token or smart card (e.g.: /tokenpin 0000). Warning: This method of entering a smart card PIN may be insecure, for example, when an unencrypted command
- prompt history log is being saved to unencrypted disk.</td>
-</tr>
-<tr>
-<td>&nbsp;<em>/hash</em></td>
-<td>(Only with /create)<br>
-It must be followed by a parameter indicating the PRF hash algorithm to use when creating the volume. It has the same syntax as VeraCrypt.exe.</td>
-</tr>
-<tr>
-<td>/encryption</td>
-<td>(Only with /create)<br>
-It must be followed by a parameter indicating the encryption algorithm to use. The default is AES if this switch is not specified. The parameter can have the following values (case insensitive):
-<ul>
-<li>AES </li><li>Serpent </li><li>Twofish </li><li>Camellia </li><li>Kuznyechik </li><li>AES(Twofish) </li><li>AES(Twofish(Serpent)) </li><li>Serpent(AES) </li><li>Serpent(Twofish(AES)) </li><li>Twofish(Serpent) </li>
-<li>Camellia(Kuznyechik) </li>
-<li>Kuznyechik(Twofish) </li>
-<li>Camellia(Serpent) </li>
-<li>Kuznyechik(AES) </li>
-<li>Kuznyechik(Serpent(Camellia)) </li>
+<li><a href="Command%20Line%20Usage%20for%20Windows.html">Command Line Usage for Windows</a></li>
+<li><a href="Command%20Line%20Usage%20for%20Unix.html">Command Line Usage for Linux and macOS</a></li>
 </ul>
-</td>
-</tr>
-<tr>
-<td>/filesystem</td>
-<td>(Only with /create)<br>
-It must be followed by a parameter indicating the file system to use for the volume. The parameter can have the following values:
-<ul>
-<li>None: don't use any filesystem </li><li>FAT: format using FAT/FAT32 </li><li>NTFS: format using NTFS. Please note that in this case a UAC prompt will be displayed unless the process is run with full administrative privileges.
-</li>
-<li>ExFAT: format using ExFAT. This switch is available starting from Windows Vista SP1 </li>
-<li>ReFS: format using ReFS. This switch is available starting from Windows 10 </li>
-</ul>
-</td>
-</tr>
-<tr>
-<td>/dynamic</td>
-<td>(Only with /create)<br>
-It has no parameters and it indicates that the volume will be created as a dynamic volume.</td>
-</tr>
-<tr>
-<td>/force</td>
-<td>(Only with /create)<br>
-It has no parameters and it indicates that overwrite will be forced without requiring user confirmation.</td>
-</tr>
-<tr>
-<td>/silent</td>
-<td>(Only with /create)<br>
-It has no parameters and it indicates that no message box or dialog will be displayed to the user. If there is any error, the operation will fail silently.</td>
-</tr>
-<tr>
-<td><em>/noisocheck</em> or <em>/n</em></td>
-<td>Do not verify that VeraCrypt Rescue Disks are correctly burned. <strong>WARNING</strong>: Never attempt to use this option to facilitate the reuse of a previously created VeraCrypt Rescue Disk. Note that every time you encrypt a system partition/drive,
- you must create a new VeraCrypt Rescue Disk even if you use the same password. A previously created VeraCrypt Rescue Disk cannot be reused as it was created for a different master key.</td>
-</tr>
-<tr>
-<td>/nosizecheck</td>
-<td>Don't check that the given size of the file container is smaller than the available disk free. This applies to both UI and command line.</td>
-</tr>
-<tr>
-<td>/quick</td>
-<td>Perform quick formatting of volumes instead of full formatting. This applies to both UI and command line.</td>
-</tr>
-<tr>
-<td>/FastCreateFile</td>
-<td>Enables a faster, albeit potentially insecure, method for creating file containers. This option carries security risks as it can embed existing disk content into the file container, possibly exposing sensitive data if an attacker gains access to it. Note that this switch affects all file container creation methods, whether initiated from the command line, using the /create switch, or through the UI wizard.</td>
-</tr>
-<tr>
-<td><em>/protectMemory</em>&nbsp;</td>
-<td>Activates a mechanism that protects VeraCrypt Format process memory from being accessed by other non-admin processes.</td>
-</tr>
-<tr>
-<td><em>/secureDesktop</em></td>
-<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: display password dialog and token PIN dialog in a dedicated secure desktop to protect against certain types of attacks.<br>
-If it is followed by <strong>n</strong> or <strong>no</strong>: the password dialog and token PIN dialog are displayed in the normal desktop.</td>
-</tr>
-</tbody>
-</table>
-<h4>Syntax</h4>
-<p>VeraCrypt.exe [/tc] [/hash {sha256|sha-256|sha512|sha-512|whirlpool |blake2s|blake2s-256}][/a [devices|favorites]] [/b] [/c [y|n|f]] [/d [drive letter]] [/e] [/f] [/h [y|n]] [/k keyfile or search path] [tryemptypass [y|n]] [/l drive letter] [/m {bk|rm|recovery|ro|sm|ts|noattach}]
- [/p password] [/pim pimvalue] [/q [background|preferences]] [/s] [/tokenlib path] [/v volume] [/w]</p>
-<p>&quot;VeraCrypt Format.exe&quot; [/n] [/create] [/size number[{K|M|G|T}]] [/p password]&nbsp; [/encryption {AES | Serpent | Twofish | Camellia | Kuznyechik | AES(Twofish) | AES(Twofish(Serpent)) | Serpent(AES) | Serpent(Twofish(AES)) | Twofish(Serpent) | Camellia(Kuznyechik) | Kuznyechik(Twofish) | Camellia(Serpent) | Kuznyechik(AES) | Kuznyechik(Serpent(Camellia)))}] [/hash {sha256|sha-256|sha512|sha-512|whirlpool|blake2s|blake2s-256}]
- [/filesystem {None|FAT|NTFS|ExFAT|ReFS}] [/dynamic] [/force] [/silent] [/noisocheck] [FastCreateFile] [/quick]</p>
-<p>Note that the order in which options are specified does not matter.</p>
-<h4>Examples</h4>
-<p>Mount the volume <em>d:\myvolume</em> as the first free drive letter, using the password prompt (the main program window will not be displayed):</p>
-<p>veracrypt /q /v d:\myvolume</p>
-<p>Unmount a volume mounted as the drive letter <em>X</em> (the main program window will not be displayed):</p>
-<p>veracrypt /q /d x</p>
-<p>Mount a volume called <em>myvolume.tc</em> using the password <em>MyPassword</em>, as the drive letter
-<em>X</em>. VeraCrypt will open an explorer window and beep; mounting will be automatic:</p>
-<p>veracrypt /v myvolume.tc /l x /a /p MyPassword /e /b</p>
-<p>Create a 10 MB file container using the password <em>test</em> and formatted using FAT:</p>
-<p><code>&quot;C:\Program Files\VeraCrypt\VeraCrypt Format.exe&quot; /create c:\Data\test.hc /password test /hash sha512 /encryption serpent /filesystem FAT /size 10M /force</code></p>
+<p>On Linux and macOS, command-line help for the installed VeraCrypt build can also be displayed in a terminal with:</p>
+<p><code>veracrypt -t --help</code></p>
 </div>
 </div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/en/Default Mount Parameters.html b/doc/html/en/Default Mount Parameters.html
index c96f050e..3df16e05 100644
--- a/doc/html/en/Default Mount Parameters.html	
+++ b/doc/html/en/Default Mount Parameters.html	
@@ -45,7 +45,7 @@
 <p>All subsequent password request dialogs will use the default values chosen previously. For example, if in the Default Mount Parameters dialog you check TrueCrypt Mode and you select SHA-512 as a PRF, then subsequent password dialogs will look like:<br>
 <img src="Default Mount Parameters_VeraCrypt_password_using_default_parameters.png" alt="Mount Password Dialog using default values"></p>
 <p>&nbsp;</p>
-<p><strong>Note:</strong> The default mount parameters can be overridden by the&nbsp;<a href="Command%20Line%20Usage.html">Command Line</a> switches
+<p><strong>Note:</strong> The default mount parameters can be overridden by the&nbsp;<a href="Command%20Line%20Usage%20for%20Windows.html">Command Line</a> switches
 <strong>/tc</strong> and <strong>/hash</strong> which always take precedence.</p>
 <p>&nbsp;</p>
 </div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/en/Documentation.html b/doc/html/en/Documentation.html
index 1510847b..f0f4c178 100644
--- a/doc/html/en/Documentation.html
+++ b/doc/html/en/Documentation.html
@@ -91,6 +91,10 @@
 </ul>
 </li><li><strong><a href="Supported%20Operating%20Systems.html">Supported Operating Systems</a></strong>
 </li><li><strong><a href="Command%20Line%20Usage.html">Command Line Usage</a></strong>
+<ul>
+<li><a href="Command%20Line%20Usage%20for%20Windows.html">Windows</a>
+</li><li><a href="Command%20Line%20Usage%20for%20Unix.html">Linux and macOS</a>
+</li></ul>
 </li><li><strong><a href="Security%20Model.html">Security Model</a></strong>
 </li><li><strong><a href="Security%20Requirements%20and%20Precautions.html">Security Requirements And Precautions<br>
 </a></strong>
diff --git a/doc/html/en/FAQ.html b/doc/html/en/FAQ.html
index c8cf862c..e62492f6 100644
--- a/doc/html/en/FAQ.html
+++ b/doc/html/en/FAQ.html
@@ -602,7 +602,7 @@ pre-boot authentication</a> password, select '<em style="text-align:left">System
 <span style="text-align:left; font-size:10px; line-height:12px">Note: It is not required to burn each
 <a href="VeraCrypt%20Rescue%20Disk.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
 VeraCrypt Rescue Disk</a> ISO image to a CD/DVD. You can maintain a central repository of ISO images for all workstations (rather than a repository of CDs/DVDs). For more information see the section
-<a href="Command%20Line%20Usage.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
+<a href="Command%20Line%20Usage%20for%20Windows.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
 Command Line Usage</a> (option <em style="text-align:left">/noisocheck</em>).</span></div>
 <div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
 <br style="text-align:left">

--auto-mount=devices\|favorites	Auto-mount device-hosted volumes, favorite volumes, or both when the values are combined with a comma.
--backup-headers [VOLUME_PATH]	Back up volume headers to a file. Required values not specified on the command line are requested from the user.
-c or --create [VOLUME_PATH]	Create a new volume. Most values are requested from the user if not specified on the command line. See also --encryption, --filesystem, --hash, --keyfiles, --password, --pim, --random-source, --quick, --size, and --volume-type.
--create-keyfile [FILE_PATH]	Create a new keyfile containing pseudo-random data.
-C or --change [VOLUME_PATH]	Change a volume password, PIM, keyfiles, and/or header key derivation algorithm. See also --hash, --new-hash, --new-keyfiles, --new-password, --new-pim, --password, --pim, and --random-source.
-u or --unmount [MOUNTED_VOLUME] -d or --dismount [MOUNTED_VOLUME]	Unmount a mounted volume. If no mounted volume is specified, all mounted VeraCrypt volumes are unmounted. --dismount is deprecated; use --unmount.
--delete-token-keyfiles	Delete keyfiles from security tokens.
--export-token-keyfile	Export a keyfile from a security token.
--import-token-keyfiles	Import keyfiles to a security token. See also --token-lib.
-l or --list [MOUNTED_VOLUME]	Display mounted volumes. By default, only the volume path, virtual device, and mount point are shown. Use --verbose for more details.
--list-token-keyfiles	Display all available token keyfiles.
--list-securitytoken-keyfiles	Display all available security token keyfiles.
--list-emvtoken-keyfiles	Display all available EMV token keyfiles.
--mount [VOLUME_PATH]	Mount a volume interactively. The volume path and missing options are requested from the user.
--restore-headers [VOLUME_PATH]	Restore volume headers from the embedded backup header or from an external backup file.
--save-preferences	Save user preferences.
--test	Test internal algorithms used in the process of encryption and decryption.
--version	Display VeraCrypt version information.
--volume-properties [MOUNTED_VOLUME]	Display properties of a mounted volume.
--allow-insecure-mount	Allow mounting volumes on mount points that are in the user's `PATH`.
--allow-screencapture	Allow VeraCrypt windows to be included in screenshots and screen recordings. This option applies to macOS builds.
--background-task	Start the VeraCrypt background task.
--display-password	Display password characters while typing.
--encryption=ENCRYPTION_ALGORITHM	Use the specified encryption algorithm when creating a new volume. For cascades, use the algorithm name shown by VeraCrypt, for example `AES-Twofish`.
--explore	Open a file manager window after the volume is mounted.
--filesystem=TYPE	Filesystem type to mount or create. For mounting, the type is passed to the system mount command. none disables filesystem mounting or creation. Supported creation types depend on the platform: Linux supports FAT, Ext2, Ext3, Ext4, NTFS, exFAT, and Btrfs; macOS supports FAT, HFS/HFS+/MacOsExt, exFAT, and APFS; FreeBSD and Solaris builds support FAT and UFS. Non-FAT creation requires the corresponding system formatter to be available.
-f or --force	Force mounting of a volume in use, unmounting of a volume in use, or overwriting a file. The exact effect depends on the operating system.
--fs-options=OPTIONS	Filesystem mount options passed to the system mount command with `-o`. This option is available on Linux and other Unix-like builds where supported, but not on macOS.
--hash=HASH	Use the specified header key derivation algorithm when mounting, creating a volume, or changing password/keyfiles. This option also specifies the mixing hash of the random number generator when applicable.
-h or --help	Display detailed command-line help.
-k KEYFILE1[,KEYFILE2,...] or --keyfiles=KEYFILE1[,KEYFILE2,...]	Use the specified keyfiles. When a directory is specified, all files inside it are used non-recursively. Use a double comma (`,,`) for a comma contained in a keyfile name. A keyfile stored on a security token can be specified as `token://slot/SLOT_NUMBER/file/FILENAME`; an EMV token keyfile can be specified as `emv://slot/SLOT_NUMBER`. Use `-k ""` to disable interactive keyfile prompts.
--legacy-password-maxlength	Use the legacy maximum password length of 64 UTF-8 bytes.
--load-preferences	Load user preferences before processing command-line options, allowing command-line options to override preferences.
-m OPTION1[,OPTION2,...] or --mount-options=OPTION1[,OPTION2,...]	Set VeraCrypt volume mount options. Supported options are headerbak, nokernelcrypto, readonly or ro, system, and timestamp or ts.
--new-hash=HASH	Set the new header key derivation algorithm when changing a volume password or keyfiles. This option is used with --change.
--new-keyfiles=KEYFILE1[,KEYFILE2,...]	Set the new keyfiles when changing a volume password or keyfiles. This option is used with --change.
--new-password=PASSWORD	Set the new password when changing a volume password or keyfiles. This option is used with --change.
--new-pim=PIM	Set the new PIM when changing a volume password or keyfiles. This option is used with --change.
--no-size-check	Disable the check that verifies the requested container size against available free disk space.
--non-interactive	Do not interact with the user. This option is supported only in text mode.
-p PASSWORD or --password=PASSWORD	Use the specified password to mount or open a volume. An empty password can be specified with `-p ""`.
--pim=PIM	Use the specified PIM to mount or open a volume.
--protect-hidden=yes\|no	Write-protect a hidden volume when mounting an outer volume. If enabled, VeraCrypt uses the hidden volume credentials to determine the hidden area and protects it against writes.
--protection-hash=HASH	Use the specified header key derivation algorithm for the hidden volume protected by --protect-hidden=yes.
--protection-keyfiles=KEYFILE1[,KEYFILE2,...]	Use the specified keyfiles for the hidden volume protected by --protect-hidden=yes.
--protection-password=PASSWORD	Use the specified password for the hidden volume protected by --protect-hidden=yes.
--protection-pim=PIM	Use the specified PIM for the hidden volume protected by --protect-hidden=yes.
--quick	Enable quick formatting when creating a volume. This option must not be used when creating an outer volume.
--random-source=FILE	Use the specified file as a source of random data, for example when creating a volume.
--slot=SLOT	Use the specified slot number when mounting, unmounting, listing, or displaying properties of a volume.
--size=SIZE[K\|KiB\|M\|MiB\|G\|GiB\|T\|TiB] or --size=max	Use the specified size when creating a new volume. If no suffix is specified, the value is interpreted in bytes. max uses all available free space.
--stdin	Read the password from standard input. This option can be used only with --non-interactive and cannot be combined with --password.
-t or --text	Use the text user interface. This option must be specified as the first argument.
--token-lib=LIB_PATH	Use the specified PKCS #11 security token library.
--token-pin=PIN	Use the specified security token PIN.
--use-dummy-sudo-password	Use a dummy password in `sudo` to detect whether sudo is already authenticated. This option is available on Linux and FreeBSD builds.
-v or --verbose	Enable verbose output.
--volume-type=normal\|hidden	Use the specified volume type when creating a new volume.
/help or /?	Display command line help.
/truecrypt or /tc	Activate TrueCrypt compatibility mode which enables mounting volumes created with TrueCrypt 6.x and 7.x series.
/hash	It must be followed by a parameter indicating the PRF hash algorithm to use when mounting the volume. Possible values for /hash parameter are: sha256, sha-256, sha512, sha-512, whirlpool, blake2s and blake2s-256. When /hash is omitted, VeraCrypt will try + all possible PRF algorithms thus lengthening the mount operation time.
/volume or /v	+ It must be followed by a parameter indicating the file and path name of a VeraCrypt volume to mount (do not use when unmounting) or the Volume ID of the disk/partition to mount. +The syntax of the volume ID is ID:XXXXXX...XX where the XX part is a 64 hexadecimal characters string that represent the 32-Bytes ID of the desired volume to mount. + +To mount a partition/device-hosted volume, use, for example, /v \Device\Harddisk1\Partition3 (to determine the path to a partition/device, run VeraCrypt and click +Select Device). You can also mount a partition or dynamic volume using its volume name (for example, /v \\?\Volume{5cceb196-48bf-46ab-ad00-70965512253a}\). To determine the volume name use e.g. mountvol.exe. Also note that device paths are case-sensitive. + +You can also specify the Volume ID of the partition/device-hosted volume to mount, for example: /v ID:53B9A8D59CC84264004DA8728FC8F3E2EE6C130145ABD3835695C29FD601EDCA. The Volume ID value can be retrieved using the volume properties dialog. +
/letter or /l	It must be followed by a parameter indicating the driver letter to mount the volume as. When /l is omitted and when /a is used, the first free drive letter is used.
/explore or /e	Open an Explorer window after a volume has been mounted.
/beep or /b	Beep after a volume has been successfully mounted or unmounted.
/auto or /a	If no parameter is specified, automatically mount the volume. If devices is specified as the parameter (e.g., /a devices), auto-mount all currently accessible device/partition-hosted VeraCrypt volumes. If favorites is specified as the parameter, auto-mount + favorite volumes. Note that /auto is implicit if /quit and /volume are specified. If you need to prevent the application window from appearing, use /quit.
/unmount or /u	Unmount volume specified by drive letter (e.g., /u x). When no drive letter is specified, unmounts all currently mounted VeraCrypt volumes.
/dismount or /d	Deprecated. Please use /unmount or /u.
/force or /f	Forces unmount (if the volume to be unmounted contains files being used by the system or an application) and forces mounting in shared mode (i.e., without exclusive access).
/keyfile or /k	It must be followed by a parameter specifying a keyfile or a keyfile search path. For multiple keyfiles, specify e.g.: /k c:\keyfile1.dat /k d:\KeyfileFolder /k c:\kf2 To specify a keyfile stored on a security token or smart card, use the following syntax: + token://slot/SLOT_NUMBER/file/FILE_NAME
/tryemptypass	ONLY when default keyfile configured or when a keyfile is specified in the command line. +If it is followed by y or yes or if no parameter is specified: try to mount using an empty password and the keyfile before displaying password prompt. +if it is followed by n or no: don't try to mount using an empty password and the keyfile, and display password prompt right away.
/nowaitdlg	If it is followed by y or yes or if no parameter is specified: don’t display the waiting dialog while performing operations like mounting volumes. +If it is followed by n or no: force the display waiting dialog is displayed while performing operations.
/secureDesktop	If it is followed by y or yes or if no parameter is specified: display password dialog and token PIN dialog in a dedicated secure desktop to protect against certain types of attacks. +If it is followed by n or no: the password dialog and token PIN dialog are displayed in the normal desktop.
/tokenlib	It must be followed by a parameter indicating the PKCS #11 library to use for security tokens and smart cards. (e.g.: /tokenlib c:\pkcs11lib.dll)
/tokenpin	It must be followed by a parameter indicating the PIN to use in order to authenticate to the security token or smart card (e.g.: /tokenpin 0000). Warning: This method of entering a smart card PIN may be insecure, for example, when an unencrypted command + prompt history log is being saved to unencrypted disk.
/cache or /c	If it is followed by y or yes or if no parameter is specified: enable password cache; + +If it is followed by p or pim: enable both password and PIM cache (e.g., /c p). +If it is followed by n or no: disable password cache (e.g., /c n). +If it is followed by f or favorites: temporary cache password when mounting multiple favorites (e.g., /c f). +Note that turning the password cache off will not clear it (use /w to clear the password cache).
/history or /h	If it is followed by y or no parameter: enables saving history of mounted volumes; if it is followed by +n: disables saving history of mounted volumes (e.g., /h n).
/wipecache or /w	Wipes any passwords cached in the driver memory.
/password or /p	It must be followed by a parameter indicating the volume password. If the password contains spaces, it must be enclosed in quotation marks (e.g., /p ”My Password”). Use /p ”” to specify an empty password. +Warning: This method of entering a volume password may be insecure, for example, when an unencrypted command prompt history log is being saved to unencrypted disk.
/pim	It must be followed by a positive integer indicating the PIM (Personal Iterations Multiplier) to use for the volume.
/quit or /q	Automatically perform requested actions and exit (main VeraCrypt window will not be displayed). If preferences is specified as the parameter (e.g., /q preferences), then program settings are loaded/saved and they override settings specified on the command + line. /q background launches the VeraCrypt Background Task (tray icon) unless it is disabled in the Preferences.
/silent or /s	If /q is specified, suppresses interaction with the user (prompts, error messages, warnings, etc.). If /q is not specified, this option has no effect.
/mountoption or /m	+ It must be followed by a parameter which can have one of the values indicated below. + ro or readonly: Mount volume as read-only. + rm or removable: Mount volume as removable medium (see section + +Volume Mounted as Removable Medium). + ts or timestamp: Do not preserve container modification timestamp. + sm or system: Without pre-boot authentication, mount a partition that is within the key scope of system encryption (for example, a partition located on the encrypted system drive of another operating system that is not running). + Useful e.g. for backup or repair operations. Note: If you supply a password as a parameter of /p, make sure that the password has been typed using the standard US keyboard layout (in contrast, the GUI ensures this automatically). This is required due to the + fact that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. + bk or headerbak: Mount volume using embedded backup header. Note: All volumes created by VeraCrypt contain an embedded backup header (located at the end of the volume). + recovery: Do not verify any checksums stored in the volume header. This option should be used only when the volume header is damaged and the volume cannot be mounted even with the mount option headerbak. Example: /m ro + label=LabelValue: Use the given string value LabelValue as a label of the mounted volume in Windows Explorer. The maximum length for +LabelValue is 32 characters for NTFS volumes and 11 characters for FAT volumes. For example, +/m label=MyDrive will set the label of the drive in Explorer to MyDrive. + noattach: Only create virtual device without actually attaching the mounted volume to the selected drive letter. + Please note that this switch may be present several times in the command line in order to specify multiple mount options (e.g.: /m rm /m ts) +
/DisableDeviceUpdate	Disables periodic internel check on devices connected to the system that is used for handling favorites identified with VolumeID and replace it with on-demande checks.
/protectMemory	If it is followed by y or yes or if no parameter is specified: Activates a mechanism that protects VeraCrypt process memory from being accessed by other non-admin processes. + +If it is followed by n or no (ONLY allowed for portable mode): disables the memory protection mechanism (e.g., /protectMemory n). +
/protectScreen	If it is followed by y or yes or if no parameter is specified: Activates a mechanism that protects VeraCrypt against screenshots and screen recordings. + +If it is followed by n or no (ONLY allowed for portable mode): disables the screen protection mechanism (e.g., /protectScreen n). +
/signalExit	It must be followed by a parameter specifying the name of the signal to send to unblock a waiting WAITFOR.EXE command when VeraCrypt exists. +The name of signal must be the same as the one specified to WAITFOR.EXE command (e.g."veracrypt.exe /q /v test.hc /l Z /signal SigName" followed by "waitfor.exe SigName" +This switch is ignored if /q is not specified
/create	Create a container based volume in command line mode. It must be followed by the file name of the container to be created.
/size	+ (Only with /create) +It must be followed by a parameter indicating the size of the container file that will be created. This parameter is a number indicating the size in Bytes. It can have a suffixe 'K', 'M', 'G' or 'T' to indicate that the value is in Kilobytes, Megabytes, Gigabytes + or Terabytes respectively. For example: + + /size 5000000: the container size will be 5000000 bytes /size 25K: the container size will be 25 KiloBytes. /size 100M: the container size will be 100 MegaBytes. /size 2G: the container size will be 2 GigaBytes. /size 1T: the container size will be 1 TeraBytes. +
/password	(Only with /create) +It must be followed by a parameter indicating the password of the container that will be created.
/keyfile or /k	(Only with /create) +It must be followed by a parameter specifying a keyfile or a keyfile search path. For multiple keyfiles, specify e.g.: /k c:\keyfile1.dat /k d:\KeyfileFolder /k c:\kf2 To specify a keyfile stored on a security token or smart card, use the following syntax: + token://slot/SLOT_NUMBER/file/FILE_NAME
/tokenlib	(Only with /create) +It must be followed by a parameter indicating the PKCS #11 library to use for security tokens and smart cards. (e.g.: /tokenlib c:\pkcs11lib.dll)
/tokenpin	(Only with /create) +It must be followed by a parameter indicating the PIN to use in order to authenticate to the security token or smart card (e.g.: /tokenpin 0000). Warning: This method of entering a smart card PIN may be insecure, for example, when an unencrypted command + prompt history log is being saved to unencrypted disk.
/hash	(Only with /create) +It must be followed by a parameter indicating the PRF hash algorithm to use when creating the volume. It has the same syntax as VeraCrypt.exe.
/encryption	(Only with /create) +It must be followed by a parameter indicating the encryption algorithm to use. The default is AES if this switch is not specified. The parameter can have the following values (case insensitive): + + AES Serpent Twofish Camellia Kuznyechik AES(Twofish) AES(Twofish(Serpent)) Serpent(AES) Serpent(Twofish(AES)) Twofish(Serpent) + Camellia(Kuznyechik) + Kuznyechik(Twofish) + Camellia(Serpent) + Kuznyechik(AES) + Kuznyechik(Serpent(Camellia)) + +
/filesystem	(Only with /create) +It must be followed by a parameter indicating the file system to use for the volume. The parameter can have the following values: + + None: don't use any filesystem FAT: format using FAT/FAT32 NTFS: format using NTFS. Please note that in this case a UAC prompt will be displayed unless the process is run with full administrative privileges. + + ExFAT: format using ExFAT. This switch is available starting from Windows Vista SP1 + ReFS: format using ReFS. This switch is available starting from Windows 10 + +
/dynamic	(Only with /create) +It has no parameters and it indicates that the volume will be created as a dynamic volume.
/force	(Only with /create) +It has no parameters and it indicates that overwrite will be forced without requiring user confirmation.
/silent	(Only with /create) +It has no parameters and it indicates that no message box or dialog will be displayed to the user. If there is any error, the operation will fail silently.
/noisocheck or /n	Do not verify that VeraCrypt Rescue Disks are correctly burned. WARNING: Never attempt to use this option to facilitate the reuse of a previously created VeraCrypt Rescue Disk. Note that every time you encrypt a system partition/drive, + you must create a new VeraCrypt Rescue Disk even if you use the same password. A previously created VeraCrypt Rescue Disk cannot be reused as it was created for a different master key.
/nosizecheck	Don't check that the given size of the file container is smaller than the available disk free. This applies to both UI and command line.
/quick	Perform quick formatting of volumes instead of full formatting. This applies to both UI and command line.
/FastCreateFile	Enables a faster, albeit potentially insecure, method for creating file containers. This option carries security risks as it can embed existing disk content into the file container, possibly exposing sensitive data if an attacker gains access to it. Note that this switch affects all file container creation methods, whether initiated from the command line, using the /create switch, or through the UI wizard.
/protectMemory	Activates a mechanism that protects VeraCrypt Format process memory from being accessed by other non-admin processes.
/secureDesktop	If it is followed by y or yes or if no parameter is specified: display password dialog and token PIN dialog in a dedicated secure desktop to protect against certain types of attacks. +If it is followed by n or no: the password dialog and token PIN dialog are displayed in the normal desktop.