Manual VeraCrypt 1.16 (page 147 of 162) (English)

658731

147

Zoom out

Zoom in

1/162

143

Keyfiles

VeraCrypt keyfile is a file whose content is combined with a password. The user can use any kind

of file as a VeraCrypt keyfile. The user can also generate a keyfile using the built-in keyfile

generator, which utilizes the VeraCrypt RNG to generate a file with random content (for more

information, see the section Random Number Generator).

The maximum size of a keyfile is not limited; however, only its first 1,048,576 bytes (1 MB) are

processed (all remaining bytes are ignored due to performance issues connected with processing

extremely large files). The user can supply one or more keyfiles (the number of keyfiles is not

limited).

Keyfiles can be stored on PKCS-11-compliant [23] security tokens and smart cards protected by

multiple PIN codes (which can be entered either using a hardware PIN pad or via the VeraCrypt

GUI).

Keyfiles are processed and applied to a password using the following method:

1. Let P be a VeraCrypt volume password supplied by user (may be empty)

2. Let KP be the keyfile pool

3. Let kpl be the size of the keyfile pool KP, in bytes (64, i.e., 512 bits);

kpl must be a multiple of the output size of a hash function H

4. Let pl be the length of the password P, in bytes (in the current version: 0 pl 64)

5. if kpl > pl, append (kpl – pl) zero bytes to the password P (thus pl = kpl)

6. Fill the keyfile pool KP with kpl zero bytes.

7. For each keyfile perform the following steps:

a. Set the position of the keyfile pool cursor to the beginning of the pool

b. Initialize the hash function H

c. Load all bytes of the keyfile one by one, and for each loaded byte perform the

following steps:

i. Hash the loaded byte using the hash function H without initializing the hash,

to obtain an intermediate hash (state) M. Do not finalize the hash (the state is

retained for next round).

ii. Divide the state M into individual bytes.

For example, if the hash output size is 4 bytes, (T

|| T

) = M

iii. Write these bytes (obtained in step 7.c.ii) individually to the keyfile pool with

the modulo 2

addition operation (not by replacing the old values in the pool)

at the position of the pool cursor. After a byte is written, the pool cursor

position is advanced by one byte. When the cursor reaches the end of the

pool, its position is set to the beginning of the pool.

8. Apply the content of the keyfile pool to the password P using the following method:

a. Divide the password P into individual bytes B

...B

pl-1

Note that if the password was shorter than the keyfile pool, then the password was padded with zero

bytes to the length of the pool in Step 5 (hence, at this point the length of the password is always

greater than or equal to the length of the keyfile pool).

b. Divide the keyfile pool KP into individual bytes G

...G

kpl-1

For 0 i kpl perform: B

= B



d. P = B

|| B

|| ... || B

pl-2

|| B

pl-1

Report abuse

Libble takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Product:

Forumrules

To achieve meaningful questions, we apply the following rules:

First, read the manual;
Check if your question has been asked previously;
Try to ask your question as clearly as possible;
Did you already try to solve the problem? Please mention this;
Is your problem solved by a visitor then let him/her know in this forum;
To give a response to a question or answer, do not use this form but click on the button 'reply to this question';
Your question will be posted here and emailed to our subscribers. Therefore, avoid filling in personal details.

new questions and answers
new manuals

You will receive an email to register for one or both of the options.

Get your user manual by e-mail

Enter your email address to receive the manual of VeraCrypt 1.16 in the language / languages: English as an attachment in your email.

The manual is 2,98 mb in size.

You will receive the manual in your email within minutes. If you have not received an email, then probably have entered the wrong email address or your mailbox is too full. In addition, it may be that your ISP may have a maximum size for emails to receive.

The manual is sent by email. Check your email

If you have not received an email with the manual within fifteen minutes, it may be that you have a entered a wrong email address or that your ISP has set a maximum size to receive email that is smaller than the size of the manual.

The email address you have provided is not correct.

Please check the email address and correct it.

Your question is posted on this page

Would you like to receive an email when new answers and questions are posted? Please enter your email address.

Info

VeraCrypt 1.16 Manual

Product: