Can a keyfile alone be used? with or without a password....
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Can a keyfile without a password be used? Having a blank password isn't ideal but using just the keyfile allows a third party to still have access and not be concerned if the password gets changed. Can the option of a password or a keyfile be implemented?
For non-system encrypted volumes, yes. You can use only a keyfile without a password.
Currently, system encryption does not support keyfiles.
VeraCrypt does not support opening the same volume with using only the password or only using the keyfile on the same volume.
I doubt the developer is willing to change the header key format to allow for two header keys. One only for the password and one only for keyfiles.
The header holds the encryption key for the volume. You first unlock the header using the hash of password, keyfiles and/or PIM.
https://veracrypt.codeplex.com/wikipage?title=Header%20Key%20Derivation
https://veracrypt.codeplex.com/wikipage?title=Encryption%20Scheme
Last edit: Enigma2Illusion 2016-03-18
Yes, I'm using a container.
Manually mounting using the keyfile works. Using a batch file with the /tryemptypass and subsequently pressing enter when the password prompt appears fails to open the container. Batch file:
C:\PROGRA~1\VeraCrypt\VeraCrypt.exe /a /e /m label=ENCRYPTED /q background /k "C:\TEMP-ENCRYPT\vcfile.key" /v "vcfile.hc" /tryemptypass
The container is on a network drive, the keyfile is on a local drive. The batch file is executed from the network drive.
An idea as to why this is failing?
Thanks!
EDIT: Nevermind. I see the /a switch. What is the error message?
EDIT2: You may need to give the full path to the "vcfile.hc" container file.
You appear to be missing the drive letter assignment.
For example, to mount the volume to an available drive letter of S, include
/l S
Last edit: Enigma2Illusion 2016-03-18
Thanks Enigma....
I was able to get it to work by specifying the whole path to the container file, even though the batch file and the container are in the same directory.
If you create a keyfile and use it to access container and don't use a password, you can't ADD the keyfile to the container without manually selecting it each time (via the GUI) or using the batch file as indicated above...correct?
Hello Matt,
You can store the keyfile(s) in the GUI using Settings > Default Keyfiles
This information will be stored on your computer in the "Default Keyfiles.xml" file.