Veracrypt locking smartcard
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Today I created an encrypted partition using veracrypt 1.0f-1 using as keyfile a file stored in a smart card. It worked fine but after that process my smartcard was pin-locked as if I had entered it wrong three times. The card is gemalto optelio, and I had configured veracrypt to use the 32 bit corresponding pkcs11 library. I checked “automatically log out card session” option. My OS is 64 bit windows 7 professional.
Now is time to look for the PUK…
Hi,
I spent a lot of time trying to reproduce this issue but with no success.
After that I tested a scenario where VeraCrypt was not configured to use smart cards: I configured the PKCS#11 dll and right after that I tries to load a container. In this case, I had the PIN Locked error!
So, this issue appears only if you configure VeraCrypt to use a PKCS#11 for the first time and right after you try to load the container. If VeraCrypt is already configured before starting, then this issue doesn't happen (that's why it was missed).
After investigating, I discovered that this issue was linked to a bug in the management of internal Window handles that made the PIN dialog not appearing and the code continued running with an invalid PIN. A warning dialog is normally displayed but because of the same issue, it was not displayed and the login was retried, causing the PIN to be blocked.
I'm working for a fix to this. Meanwhile, since VeraCrypt is now configured to use the PKCS#11 dll, you will not face the issue again.
Thank you for reporting this.
I have committed a fix for the issue: https://sourceforge.net/p/veracrypt/code/ci/e507b29da17d5347c968f9b759a47b642519c767/