Beginner's Tutorial

System Encryption

 Supported Systems

 Hidden Operating System

 Rescue Disk

Plausible Deniability

 Hidden Volume

  Protection of Hidden Vol.

  Security Requirements

 Hidden Operating System



Hardware Acceleration

Encryption Algorithms





Hash Algorithms




Technical Details


 Encryption Scheme

 Modes of Operation

 Header Key Derivation

 Random Number Gen.


 Volume Format Spec.

 Standards Compliance

 Source Code

TrueCrypt Volume

 Creating New Volumes

 Favorite Volumes

 System Favorite Volumes

Main Program Window

 Program Menu

 Mounting Volumes

Supported Systems

Portable Mode


Tokens & Smart Cards

Language Packs

Hot Keys

Security Model

Security Requirements

 Data Leaks

  Paging File

  Hibernation File

  Memory Dump Files

 Unencrypted Data in RAM

 Physical Security


 Multi-User Environment

 Authenticity and Integrity

 New Passwords & Keyfiles

 Password/Keyfile Change

 Trim Operation


 Reallocated Sectors


 Journaling File Systems

 Volume Clones

 Additional Requirements

Command Line Usage

Backing Up Securely


 Use Without Admin Rights

 Sharing over Network

 Background Task

 Removable Medium Vol.

 TrueCrypt System Files

 Removing Encryption

 Uninstalling TrueCrypt

 Digital Signatures



Issues and Limitations


Future Development


Version History



Technical Details >  Keyfiles Search


Please consider making a donation.

   Donate Now >> Donate   


TrueCrypt keyfile is a file whose content is combined with a password. The user can use any kind of file as a TrueCrypt keyfile. The user can also generate a keyfile using the built-in keyfile generator, which utilizes the TrueCrypt RNG to generate a file with random content (for more information, see the section Random Number Generator).

The maximum size of a keyfile is not limited; however, only its first 1,048,576 bytes (1 MB) are processed (all remaining bytes are ignored due to performance issues connected with processing extremely large files). The user can supply one or more keyfiles (the number of keyfiles is not limited).

Keyfiles can be stored on PKCS-11-compliant [23] security tokens and smart cards protected by multiple PIN codes (which can be entered either using a hardware PIN pad or via the TrueCrypt GUI).

Keyfiles are processed and applied to a password using the following method:

  1. Let P be a TrueCrypt volume password supplied by user (may be empty)
  2. Let KP be the keyfile pool
  3. Let kpl be the size of the keyfile pool KP, in bytes (64, i.e., 512 bits);
    kpl must be a multiple of the output size of a hash function H
  4. Let pl be the length of the password P, in bytes (in the current version: 0 < pl < 64)
  5. if kpl > pl, append (kpl – pl) zero bytes to the password P (thus pl = kpl)
  6. Fill the keyfile pool KP with kpl zero bytes.
  7. For each keyfile perform the following steps:
    1. Set the position of the keyfile pool cursor to the beginning of the pool
    2. Initialize the hash function H
    3. Load all bytes of the keyfile one by one, and for each loaded byte perform the following steps:
      1. Hash the loaded byte using the hash function H without initializing the hash, to obtain an intermediate hash (state) M. Do not finalize the hash (the state is retained for next round).
      2. Divide the state M into individual bytes.
        For example, if the hash output size is 4 bytes, (T0 || T1 || T2 || T3) = M
      3. Write these bytes (obtained in step 7.c.ii) individually to the keyfile pool with the modulo 28 addition operation (not by replacing the old values in the pool) at the position of the pool cursor. After a byte is written, the pool cursor position is advanced by one byte. When the cursor reaches the end of the pool, its position is set to the beginning of the pool.
  8. Apply the content of the keyfile pool to the password P using the following method:
    1. Divide the password P into individual bytes B0...Bpl-1.
      Note that if the password was shorter than the keyfile pool, then the password was padded with zero bytes to the length of the pool in Step 5 (hence, at this point the length of the password is always greater than or equal to the length of the keyfile pool).
    2. Divide the keyfile pool KP into individual bytes G0...Gkpl-1
    3. For 0 < i < kpl perform: Bi = Bi Addition Gi
    4. P = B0 || B1 || ... || Bpl-2 || Bpl-1
  9. The password P (after the keyfile pool content has been applied to it) is now passed to the header key derivation function PBKDF2 (PKCS #5 v2), which processes it (along with salt and other data) using a cryptographically secure hash algorithm selected by the user (e.g., SHA-512). See the section Header Key Derivation, Salt, and Iteration Count for more information.

The role of the hash function H is merely to perform diffusion [2]. CRC-32 is used as the hash function H. Note that the output of CRC-32 is subsequently processed using a cryptographically secure hash algorithm: The keyfile pool content (in addition to being hashed using CRC-32) is applied to the password, which is then passed to the header key derivation function PBKDF2 (PKCS #5 v2), which processes it (along with salt and other data) using a cryptographically secure hash algorithm selected by the user (e.g., SHA-512). The resultant values are used to form the header key and the secondary header key (XTS mode).

 Ads by Google 

  Next Section >>

Legal Notices

 Ads by Google