WARNING: If password caching is enabled, the password cache also contains the
processed contents of keyfiles used to successfully mount a volume. Then it is possible to
remount the volume even if the keyfile is not available/accessible. To prevent this, click ‘
Wipe
Cache
’
or disable password caching (for more information, please see the section
Settings ->
Preferences,
subsection
Cache passwords in driver memory).
See also the section
Choosing Passwords and Keyfiles
in the chapter
Security Requirements and
Precautions
.
Keyfiles Dialog Window
If you want to use keyfiles (i.e. “apply” them) when creating or mounting volumes, or changing
passwords, look for the ‘
Use keyfiles
’
option and the
Keyfiles
button below a password input field.
*
However, if you use an MP3 file as a keyfile, you must ensure that no program modifies the ID3 tags (e.g. song title,
name of artist, etc.) within the MP3 file. Otherwise, it will be impossible to mount volumes that use the keyfile.
67
These control elements appear in various dialog windows and always have the same functions.
Check the
Use keyfiles
option and click
Keyfiles.
The keyfile dialog window should appear where
you can specify keyfiles (to do so, click
Add Files
or
Add Token Files
)
or
keyfile search paths (click
Add Path
).
Security Tokens and Smart Cards
TrueCrypt can directly use keyfiles stored on a security token or smart card that complies with the
PKCS #11 (2.0 or later) standard [23] and that allows the user to store a file (data object) on the
token/card. To use such files as TrueCrypt keyfiles, click
Add Token Files
(in the keyfile dialog
window).
Access to a keyfile stored on a security token or smart card is typically protected by PIN codes,
which can be entered either using a hardware PIN pad or via the TrueCrypt GUI. It can also be
protected by other means, such as fingerprint readers.
In order to allow TrueCrypt to access a security token or smart card, you need to install a
PKCS #11 (2.0 or later) software library for the token or smart card first. Such a library may be
supplied with the device or it may be available for download from the website of the vendor or other
third parties.
If your security token or smart card does not contain any file (data object) that you could use as a
TrueCrypt keyfile, you can use TrueCrypt to import any file to the token or smart card (if it is
supported by the device). To do so, follow these steps:
1. In the keyfile dialog window, click
Add Token Files
.
2. If the token or smart card is protected by a PIN, password, or other means (such as a
fingerprint reader), authenticate yourself (for example, by entering the PIN using a
hardware PIN pad).
3. The ‘Security Token Keyfile’ dialog window should appear. In it, click
Import Keyfile to
Token
and then select the file you want to import to the token or smart card.
Note that you can import for example 512-bit keyfiles with random content generated by TrueCrypt
(see
Tools -> Keyfile Generator
below).
To close all opened security token sessions, either select
Tools
>
Close All Security Token
Sessions
or define and use a hotkey combination (
Settings
>
Hot Keys
>
Close All Security Token
Sessions
).
|