VeraCrypt-DCS icon indicating copy to clipboard operation
VeraCrypt-DCS copied to clipboard
verified publisher icon veracrypt

Smart card keyfile implementation for VeraCrypt-DCS

Open thomasnet-mc opened this issue 4 years ago • 2 comments

Hello,

I seen DCS has support for sending APDUs over to a smart card reader, and I'd be interested in adding more support for smart cards, hopefully up to being able to fetch a keyfile registered by VeraCrypt.

It's my first project with smart cards, so please feel free to correct me if I say anything wrong. The way I'm thinking of doing it is by bypassing the need for a PKCS#11 interface and directly using ISO 7816-4 APDUs to login with a PIN entered by the user, and then fetching the keyfile from the card.

Maybe the VeraCrypt app could set the file ID corresponding to the keyfile it registered in the DCS config?

I'll try more things when I actually get a keycard, though!

thomasnet-mc avatar Jun 26 '21 20:06 thomasnet-mc

+1

That sounds good! I would be very happy about this feature!

MADXhh avatar Nov 20 '21 14:11 MADXhh

  1. There is possibility to save master key to flash => data and keys are separate.
  2. Master key is protected by password, pim and key from TPM + serials of target platform. Smart card can add small improvement – the key form SC is not possible to retrieve. It is not very important – imho.

kavsrf avatar Nov 20 '21 16:11 kavsrf