VeraCrypt icon indicating copy to clipboard operation
VeraCrypt copied to clipboard
verified publisher icon veracrypt

Add PIV smart card keyfile encryption

Open the-dan opened this issue 1 year ago • 2 comments

Add an option to create a keyfile which is encrypted using a smart card's private key (e.g. YubiKey)

the-dan avatar Dec 03 '24 10:12 the-dan

@the-dan Thank you for this contribution. Native support for PKI smart cards has always been planned but I personally never found the time to work on it. Your approach strikes a good balance between native support and the keyfiles mechanism, making it a strong first step.

I will need some time to review the code changes because there are so many...this is the largest PR I have ever had to review.

That being said, I have already provided some comments and will add more as I progress with the review.

idrassi avatar Dec 08 '24 20:12 idrassi

@idrassi I’m happy that this change aligns with VeraCrypt’s direction.

Thanks for going through this! I haven’t touched the encryption part since the initial prototype started working, which is why plain RSA PKCS was used.

Instead of selecting only RSA keys and locking in the mechanism, I revisited the approach to make it more flexible. For now, it supports only RSA OAEP, but I believe it could be extended in the future.

Please take a look when you have time. Apologies for the large commits—this time, I also did a lot of renaming for clarity, which affected many files

the-dan avatar Feb 06 '25 18:02 the-dan