Keyfiles
Keyfile is a file whose content is combined with a password (for information on the method used to combine a keyfile with password, see the section
Keyfiles in the chapter
Technical Details). Until the correct keyfile is provided, no volume that uses the keyfile can be mounted.
You do not have to use keyfiles. However, using keyfiles has some advantages:
-
May improve protection against brute force attacks (significant particularly if the volume password is not very strong).
-
Allows the use of security tokens and smart cards (see below).
-
Allows multiple users to mount a single volume using different user passwords or PINs. Just give each user a security token or smart card containing the same VeraCrypt keyfile and let them choose their personal password or PIN that will protect their security
token or smart card.
-
Allows managing multi-user shared access (all keyfile holders must present their keyfiles before a volume can be mounted).
Any kind of file (for example, .txt, .exe, mp3**, .avi) can be used as a VeraCrypt keyfile (however, we recommend that you prefer compressed files, such as .mp3, .jpg, .zip, etc).
Note that VeraCrypt never modifies the keyfile contents. You can select more than one keyfile; the order does not matter. You can also let VeraCrypt generate a file with random content and use it as a keyfile. To do so, select
Tools > Keyfile Generator.
Note: Keyfiles are currently not supported for system encryption.
WARNING: If you lose a keyfile or if any bit of its first 1024 kilobytes changes, it will be impossible to mount volumes that use the keyfile!
WARNING: If password caching is enabled, the password cache also contains the processed contents of keyfiles used to successfully mount a volume. Then it is possible to remount the volume even if the
keyfile is not available/accessible. To prevent this, click 'Wipe Cache
' or disable password caching (for more information, please see the subsection
'Settings -> Preferences'
, item 'Cache passwords in driver memory'
in the section
Program Menu).
Keyfiles Dialog Window
If you want to use keyfiles (i.e. "apply" them) when creating or mounting volumes, or changing passwords, look for the 'Use keyfiles' option and the
Keyfiles button below a password input field.
These control elements appear in various dialog windows and always have the same functions. Check the
Use keyfiles option and click
Keyfiles. The keyfile dialog window should appear where you can specify keyfiles (to do so, click
Add Files or Add Token Files) or keyfile search paths (click
Add Path).
Security Tokens and Smart Cards
VeraCrypt can directly use keyfiles stored on a security token or smart card that complies with the PKCS #11 (2.0 or later) standard [23] and that allows the user to store a file (data object) on the token/card. To use such files as VeraCrypt keyfiles,
click Add Token Files (in the keyfile dialog window).
Access to a keyfile stored on a security token or smart card is typically protected by PIN codes, which can be entered either using a hardware PIN pad or via the VeraCrypt GUI. It can also be protected by other means, such as fingerprint readers.
In order to allow VeraCrypt to access a security token or smart card, you need to install a PKCS #11 (2.0 or later) software library for the token or smart card first. Such a library may be supplied with the device or it may be available for download from the
website of the vendor or other third parties.
If your security token or smart card does not contain any file (data object) that you could use as a VeraCrypt keyfile, you can use VeraCrypt to import any file to the token or smart card (if it is supported by the device). To do so, follow these steps:
-
In the keyfile dialog window, click Add Token Files.
-
If the token or smart card is protected by a PIN, password, or other means (such as a fingerprint reader), authenticate yourself (for example, by entering the PIN using a hardware PIN pad).
-
The 'Security Token Keyfile' dialog window should appear. In it, click
Import Keyfile to Token and then select the file you want to import to the token or smart card.
Note that you can import for example 512-bit keyfiles with random content generated by VeraCrypt (see
Tools > Keyfile Generator below).
To close all opened security token sessions, either select
Tools > Close All Security Token Sessions or define and use a hotkey combination (Settings >
Hot Keys > Close All Security Token Sessions).
Keyfile Search Path
By adding a folder in the keyfile dialog window (click
Add Path), you specify a keyfile search path. All files found in the keyfile search path* will be used as keyfiles except files that have the Hidden file attribute set.
Important: Note that folders (and files they contain) and hidden files found in a keyfile search path are ignored.
Keyfile search paths are especially useful if you, for example, store keyfiles on a USB memory stick that you carry with you. You can set the drive letter of the USB memory stick as a default keyfile search path. To do so, select
Settings -> Default Keyfiles. Then click
Add Path, browse to the drive letter assigned to the USB memory stick, and click
OK. Now each time you mount a volume (and if the option
Use keyfiles is checked in the password dialog window), VeraCrypt will scan the path and use all files that it finds on the USB memory stick as keyfiles.
WARNING: When you add a folder (as opposed to a file) to the list of keyfiles, only the path is remembered, not the filenames! This means e.g. that if you create a new file in the folder or if you
copy an additional file to the folder, then all volumes that used keyfiles from the folder will be impossible to mount (until you remove the newly added file from the folder).
Empty Password & Keyfile
When a keyfile is used, the password may be empty, so the keyfile may become the only item necessary to mount the volume (which we do not recommend). If default keyfiles are set and enabled when mounting a volume, then before prompting for a password, VeraCrypt
first automatically attempts to mount using an empty password plus default keyfiles (however, this does not apply to the 'Auto-Mount Devices' function). If you need to set Mount Options (e.g., mount as read-only, protect hidden
volume etc.) for a volume being mounted this way, hold down the
Control (Ctrl) key while clicking
Mount (or select Mount with Options from the
Volumes menu). This will open the
Mount Options dialog.
Quick Selection
Keyfiles and keyfile search paths can be quickly selected in the following ways:
-
Right-click the Keyfiles button in the password entry dialog window and select one of the menu items.
-
Drag the corresponding file/folder icons to the keyfile dialog window or to the password entry dialog.
Volumes -> Add/Remove Keyfiles to/from Volume
This function allows you to re-encrypt a volume header with a header encryption key derived from any number of keyfiles (with or without a password), or no keyfiles at all. Thus, a volume which is possible to mount using only a password can be converted to
a volume that require keyfiles (in addition to the password) in order to be possible to mount. Note that the volume header contains the master encryption key with which the volume is encrypted. Therefore, the data stored on the volume will
not be lost after you use this function.
This function can also be used to change/set volume keyfiles (i.e., to remove some or all keyfiles, and to apply new ones).
Remark: This function is internally equal to the Password Change function.
When VeraCrypt re-encrypts a volume header, the original volume header is first overwritten 256 times with random data to prevent adversaries from using techniques such as magnetic force microscopy or magnetic force scanning tunneling microscopy [17] to recover
the overwritten header (however, see also the chapter
Security Requirements and Precautions).
/*
Derived from source code of TrueCrypt 7.1a, which is
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2017 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages.
*/
#ifndef TC_WINDOWS
#include <errno.h>
#endif
#include "EncryptionModeXTS.h"
#include "Volume.h"
#include "VolumeHeader.h"
#include "VolumeLayout.h"
#include "Common/Crypto.h"
namespace VeraCrypt
{
Volume::Volume ()
: HiddenVolumeProtectionTriggered (false),
SystemEncryption (false),
VolumeDataOffset (0),
VolumeDataSize (0),
EncryptedDataSize (0),
TopWriteOffset (0),
TotalDataRead (0),
TotalDataWritten (0),
TrueCryptMode (false),
Pim (0),
EncryptionNotCompleted (false)
{
}
Volume::~Volume ()
{
}
void Volume::CheckProtectedRange (uint64 writeHostOffset, uint64 writeLength)
{
uint64 writeHostEndOffset = writeHostOffset + writeLength - 1;
if ((writeHostOffset < ProtectedRangeStart) ? (writeHostEndOffset >= ProtectedRangeStart) : (writeHostOffset <= ProtectedRangeEnd - 1))
{
HiddenVolumeProtectionTriggered = true;
throw VolumeProtected (SRC_POS);
}
}
void Volume::Close ()
{
if (VolumeFile.get() == nullptr)
throw NotInitialized (SRC_POS);
VolumeFile.reset();
}
shared_ptr <EncryptionAlgorithm> Volume::GetEncryptionAlgorithm () const
{
if_debug (ValidateState ());
return EA;
}
shared_ptr <EncryptionMode> Volume::GetEncryptionMode () const
{
if_debug (ValidateState ());
return EA->GetMode();
}
void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, bool EMVOption, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
{
make_shared_auto (File, file);
File::FileOpenFlags flags = (preserveTimestamps ? File::PreserveTimestamps : File::FlagsNone);
try
{
if (protection == VolumeProtection::ReadOnly)
file->Open (volumePath, File::OpenRead, File::ShareRead, flags);
else
file->Open (volumePath, File::OpenReadWrite, File::ShareNone, flags);
}
catch (SystemException &e)
{
if (e.GetErrorCode() ==
#ifdef TC_WINDOWS
ERROR_SHARING_VIOLATION)
#else
EAGAIN)
#endif
{
if (!sharedAccessAllowed)
throw VolumeHostInUse (SRC_POS);
file->Open (volumePath, protection == VolumeProtection::ReadOnly ? File::OpenRead : File::OpenReadWrite, File::ShareReadWriteIgnoreLock, flags);
}
else
throw;
}
return Open (file, password, pim, kdf, truecryptMode, keyfiles, EMVOption, protection, protectionPassword, protectionPim, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
}
void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, bool EMVOption, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
{
if (!volumeFile)
throw ParameterIncorrect (SRC_POS);
// TrueCrypt doesn't support SHA-256 and Streebog
if (kdf && truecryptMode && (kdf->GetName() == L"HMAC-SHA-256" || kdf->GetName() == L"HMAC-Streebog"))
throw UnsupportedAlgoInTrueCryptMode (SRC_POS);
Protection = protection;
VolumeFile = volumeFile;
SystemEncryption = partitionInSystemEncryptionScope;
try
{
VolumeHostSize = VolumeFile->Length();
shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (keyfiles, password, EMVOption);
bool skipLayoutV1Normal = false;
// Test volume layouts
foreach (shared_ptr <VolumeLayout> layout, VolumeLayout::GetAvailableLayouts (volumeType))
{
if (skipLayoutV1Normal && typeid (*layout) == typeid (VolumeLayoutV1Normal))
{
// Skip VolumeLayoutV1Normal as it shares header location with VolumeLayoutV2Normal
continue;
}
if (useBackupHeaders && !layout->HasBackupHeader())
continue;
SecureBuffer headerBuffer (layout->GetHeaderSize());
if (layout->HasDriveHeader())
{
if (!partitionInSystemEncryptionScope)
continue;
if (!GetPath().IsDevice())
throw PartitionDeviceRequired (SRC_POS);
File driveDevice;
driveDevice.Open (DevicePath (wstring (GetPath())).ToHostDriveOfPartition());
int headerOffset = layout->GetHeaderOffset();
if (headerOffset >= 0)
driveDevice.SeekAt (headerOffset);
else
driveDevice.SeekEnd (headerOffset);
if (driveDevice.Read (headerBuffer) != layout->GetHeaderSize())
continue;
}
else
{
if (partitionInSystemEncryptionScope)
continue;
int headerOffset = useBackupHeaders ? layout->GetBackupHeaderOffset() : layout->GetHeaderOffset();
if (headerOffset >= 0)
VolumeFile->SeekAt (headerOffset);
else
VolumeFile->SeekEnd (headerOffset);
if (VolumeFile->Read (headerBuffer) != layout->GetHeaderSize())
continue;
}
EncryptionAlgorithmList layoutEncryptionAlgorithms = layout->GetSupportedEncryptionAlgorithms();
EncryptionModeList layoutEncryptionModes = layout->GetSupportedEncryptionModes();
if (typeid (*layout) == typeid (VolumeLayoutV2Normal))
{
skipLayoutV1Normal = true;
// Test all algorithms and modes of VolumeLayoutV1Normal as it shares header location with VolumeLayoutV2Normal
layoutEncryptionAlgorithms = EncryptionAlgorithm::GetAvailableAlgorithms();
layoutEncryptionModes = EncryptionMode::GetAvailableModes();
}
shared_ptr <VolumeHeader> header = layout->GetHeader();
if (header->Decrypt (headerBuffer, *passwordKey, pim, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes))
{
// Header decrypted
if (!truecryptMode && typeid (*layout) == typeid (VolumeLayoutV2Normal) && header->GetRequiredMinProgramVersion() < 0x10b)
{
// VolumeLayoutV1Normal has been opened as VolumeLayoutV2Normal
layout.reset (new VolumeLayoutV1Normal);
header->SetSize (layout->GetHeaderSize());
layout->SetHeader (header);
}
TrueCryptMode = truecryptMode;
Pim = pim;
Type = layout->GetType();
SectorSize = header->GetSectorSize();
VolumeDataOffset = layout->GetDataOffset (VolumeHostSize);
VolumeDataSize = layout->GetDataSize (VolumeHostSize);
EncryptedDataSize = header->GetEncryptedAreaLength();
Header = header;
Layout = layout;
EA = header->GetEncryptionAlgorithm();
EncryptionMode &mode = *EA->GetMode();
if (layout->HasDriveHeader())
{
if (header->GetEncryptedAreaLength() != header->GetVolumeDataSize())
{
EncryptionNotCompleted = true;
// we avoid writing data to the partition since it is only partially encrypted
Protection = VolumeProtection::ReadOnly;
}
uint64 partitionStartOffset = VolumeFile->GetPartitionDeviceStartOffset();
if (partitionStartOffset < header->GetEncryptedAreaStart()
|| partitionStartOffset >= header->GetEncryptedAreaStart() + header->GetEncryptedAreaLength())
throw PasswordIncorrect (SRC_POS);
EncryptedDataSize -= partitionStartOffset - header->GetEncryptedAreaStart();
mode.SetSectorOffset (partitionStartOffset / ENCRYPTION_DATA_UNIT_SIZE);
}
// Volume protection
if (Protection == VolumeProtection::HiddenVolumeReadOnly)
{
if (Type == VolumeType::Hidden)
throw PasswordIncorrect (SRC_POS);
else
{
try
{
Volume protectedVolume;
protectedVolume.Open (VolumeFile,
protectionPassword, protectionPim, protectionKdf, truecryptMode, protectionKeyfiles,
EMVOption,
VolumeProtection::ReadOnly,
shared_ptr <VolumePassword> (), 0, shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> (),
VolumeType::Hidden,
useBackupHeaders);
if (protectedVolume.GetType() != VolumeType::Hidden)
ParameterIncorrect (SRC_POS);
ProtectedRangeStart = protectedVolume.VolumeDataOffset;
ProtectedRangeEnd = protectedVolume.VolumeDataOffset + protectedVolume.VolumeDataSize;
}
catch (PasswordException&)
{
if (protectionKeyfiles && !protectionKeyfiles->empty())
throw ProtectionPasswordKeyfilesIncorrect (SRC_POS);
throw ProtectionPasswordIncorrect (SRC_POS);
}
}
}
return;
}
}
if (partitionInSystemEncryptionScope)
throw PasswordOrKeyboardLayoutIncorrect (SRC_POS);
if (!partitionInSystemEncryptionScope && GetPath().IsDevice())
{
// Check if the device contains VeraCrypt Boot Loader
try
{
File driveDevice;
driveDevice.Open (DevicePath (wstring (GetPath())).ToHostDriveOfPartition());
Buffer mbr (VolumeFile->GetDeviceSectorSize());
driveDevice.ReadAt (mbr, 0);
// Search for the string "VeraCrypt" or "TrueCrypt"
const char* bootSignature = truecryptMode? "TrueCrypt" : TC_APP_NAME;
size_t nameLen = strlen (bootSignature);
for (size_t i = 0; i < mbr.Size() - nameLen; ++i)
{
if (memcmp (mbr.Ptr() + i, bootSignature, nameLen) == 0)
throw PasswordOrMountOptionsIncorrect (SRC_POS);
}
}
catch (PasswordOrMountOptionsIncorrect&) { throw; }
catch (...) { }
}
if (keyfiles && !keyfiles->empty())
throw PasswordKeyfilesIncorrect (SRC_POS);
throw PasswordIncorrect (SRC_POS);
}
catch (...)
{
Close();
throw;
}
}
void Volume::ReadSectors (const BufferPtr &buffer, uint64 byteOffset)
{
if_debug (ValidateState ());
uint64 length = buffer.Size();
uint64 hostOffset = VolumeDataOffset + byteOffset;
size_t bufferOffset = 0;
if (length % SectorSize != 0 || byteOffset % SectorSize != 0)
throw ParameterIncorrect (SRC_POS);
if (VolumeFile->ReadAt (buffer, hostOffset) != length)
throw MissingVolumeData (SRC_POS);
// first sector can be unencrypted in some cases (e.g. windows repair)
// detect this case by looking for NTFS header
if (SystemEncryption && (hostOffset == 0) && ((BE64 (*(uint64 *) buffer.Get ())) == 0xEB52904E54465320ULL))
{
bufferOffset = (size_t) SectorSize;
hostOffset += SectorSize;
length -= SectorSize;
}
if (length)
{
if (EncryptionNotCompleted)
{
// if encryption is not complete, we decrypt only the encrypted sectors
if (hostOffset < EncryptedDataSize)
{
uint64 encryptedLength = VC_MIN (length, (EncryptedDataSize - hostOffset));
EA->DecryptSectors (buffer.GetRange (bufferOffset, encryptedLength), hostOffset / SectorSize, encryptedLength / SectorSize, SectorSize);
}
}
else
EA->DecryptSectors (buffer.GetRange (bufferOffset, length), hostOffset / SectorSize, length / SectorSize, SectorSize);
}
TotalDataRead += length;
}
void Volume::ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf)
{
if_debug (ValidateState ());
if (Protection == VolumeProtection::ReadOnly)
throw VolumeReadOnly (SRC_POS);
SecureBuffer newHeaderBuffer (Layout->GetHeaderSize());
Header->EncryptNew (newHeaderBuffer, newSalt, newHeaderKey, newPkcs5Kdf);
int headerOffset = backupHeader ? Layout->GetBackupHeaderOffset() : Layout->GetHeaderOffset();
if (headerOffset >= 0)
VolumeFile->SeekAt (headerOffset);
else
VolumeFile->SeekEnd (headerOffset);
VolumeFile->Write (newHeaderBuffer);
}
void Volume::ValidateState () const
{
if (VolumeFile.get() == nullptr)
throw NotInitialized (SRC_POS);
}
void Volume::WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset)
{
if_debug (ValidateState ());
uint64 length = buffer.Size();
uint64 hostOffset = VolumeDataOffset + byteOffset;
if (length % SectorSize != 0
|| byteOffset % SectorSize != 0
|| byteOffset + length > VolumeDataSize)
throw ParameterIncorrect (SRC_POS);
if (Protection == VolumeProtection::ReadOnly)
throw VolumeReadOnly (SRC_POS);
if (HiddenVolumeProtectionTriggered)
throw VolumeProtected (SRC_POS);
if (Protection == VolumeProtection::HiddenVolumeReadOnly)
CheckProtectedRange (hostOffset, length);
SecureBuffer encBuf (buffer.Size());
encBuf.CopyFrom (buffer);
EA->EncryptSectors (encBuf, hostOffset / SectorSize, length / SectorSize, SectorSize);
VolumeFile->WriteAt (encBuf, hostOffset);
TotalDataWritten += length;
uint64 writeEndOffset = byteOffset + buffer.Size();
if (writeEndOffset > TopWriteOffset)
TopWriteOffset = writeEndOffset;
}
}
