VeraCrypt/doc/html/Keyfiles.html
mmauv 502ab9112a
Add EMV functionality (#1080)
* Add basic strcture needed for EMV implementation

* Add demo EMV functionality with C code pasted in a very dirty and unsafe way. NOT FINAL

* Refactor IccExtractor Structure

* Fix Makefile

* fix include file

* move global variables from h to c

* revert to memcpy

* fix icc data recovery functions

* Add EMV functionalities on windows

* Make EMVToken structures like SecurityToken

* Define constants instead of hard coded values

* Token structures created with inheritance

* refactor TokenKeyfile to use inherit. + polymor.

* add Token.h + Token.cpp in modules in VS2010

* Add a comment at each use of SecurityToken class or objects

* SecurityTokenKeyfilesDialog preparation

* Implemennt GetAvailableTokens in Token class on windows

* merge

* up (patching for Windows)

* foreach Token.cpp corrected

* Display EMV keyfiles on first window in graphic interface

* Add token to Windows UI

* EMVToken selection on OKButton on Linux

* Keyfile.cpp optimization

* Move getKeyfileData in the token class

* EMV::Token GetAvailableKeyfiles() base

* Move getKeyfileData in the token class on unix

* Remove test comments

* Warnings resolved

* RemoveeSecurityTokenLibraryNotInitialized exception if at least one emv token is detected

* Adding new files

* Remove old files and add the new version to the windows project

* Change make_shared to shared_ptr constructor

* IccExtractor integration working on linux

* Throwing card not EMV execption

* catch error when not EMV type in EMVToken::GetAvailableKeyfiles

* Change types to compile on windows

* list all keyfiles, security keyfiles and emv keyfiles in command line

* Change type to be coherent and remove old todo comments

* Remove todo comments

* Change indentation and resolve a bug from previous commit

* Use polymorphism for GetKeyfileData and add export option for EMVTokens on Linux

* Linux : Allow to export EMV Tokens in command lines, Windows : Disable the delete button when EMV Keyfiles are selected

* Remove SlotId from TokenInfo as it is already in Token

* Correct errors on Linux

* Disable delete option if one EMV Token is selected on Linux

* Fix bug enabling delete button if nothing is selected

* emv data used as reference then burnt

* use of normal files in linux corrected

* help updated

* help updated for export functionnality

* option EMV added to graphic interface but not yet working

* Bug fix : Allow to use multiple EMV on windows

* EMV Option added to UserPreferences

* EMV Option working for Linux

* EMV option added to Windows (not working yet)

* [NOT TESTED] EMV option for Windows

* Working EMV option on Windows

* EMV Option for data extraction working for volume creation

* EMV Option for data extraction working for Mount

* EMV Option for data extraction working for mounting favorites volumes

* EMV Option for extraction working for Changing volume password, Set Derivation Key Algorithm and Add or remove keyfile from volume

* Windows : re-checking EMV Option when getting data

* Removing error catches in the IccDataExtractor classe (It only throws error now). Changing GetPan signature to resemble the other functions signatures more

* Changing EMV errors

- Only throwing ICCExtractionException from outside of the ICC module.
- Catching all TLVExceptions and PCSCExceptions to throw the right ICCExtractionException

- Deleting APDU exceptions.

* First version of the documentation

* Adding function pointers for winscard library (but it crashes VeraCrypt)

* Debugging function pointers

* The import of the library on windows work as expected now

* Reverting EMVToken.cpp changes used to test to library import

* Searching for the System32 path instead of hard codding it

* Fixing the bug were VeraCrypt crashes if there is no readers when  "add Token files" is clicked

* Winscard library not initialized in object constructor anymore to delay it after EMVOption check

* Remove winscard lib from windows dependencies

* Properly displaying errors

* Adding a dot in Language.xml

* Catching TLVException

* Removing unused code

* Remove unusefull comments

* Trying to fix 0x1f error

* Update IccDataExtractor.cpp

* Delete History.xml

* Fix get data without get pan

* Cleanup code

* changes for linux compilation but linking not working

* error handling for linux

* erasing emv data

* Burn PAN

* Burn PAN from memory

* Uncomment selfcheck before merging master

* burn corrected

* EMV errors handling for Linux

* EMV working for Linux CLI

* Doc : Winscard Linux package and VeraCrypt versions

---------

Co-authored-by: doriandu45 <d45.poubelle@gmail.com>
Co-authored-by: red4game <redemgaiming@gmail.com>
Co-authored-by: Brice.Namy <brice.namy@insa-rennes.fr>
Co-authored-by: vocthor <pieceo108@gmail.com>
Co-authored-by: vocthor <67202139+vocthor@users.noreply.github.com>
Co-authored-by: Andrei COCAN <andrei.cocan@insa-rennes.fr>
Co-authored-by: AndreiCocan <95496161+AndreiCocan@users.noreply.github.com>
Co-authored-by: francoisLEROUX <francois3443@gmail.com>
2023-06-28 22:51:43 +02:00

223 lines
9.2 KiB
HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>
VeraCrypt - Free Open source disk encryption with strong security for the
Paranoid
</title>
<meta
name="description"
content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."
/>
<meta name="keywords" content="encryption, security" />
<link href="styles.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div>
<a href="Documentation.html"
><img src="VeraCrypt128x128.png" alt="VeraCrypt"
/></a>
</div>
<div id="menu">
<ul>
<li><a href="Home.html">Home</a></li>
<li><a href="/code/">Source Code</a></li>
<li><a href="Downloads.html">Downloads</a></li>
<li><a class="active" href="Documentation.html">Documentation</a></li>
<li><a href="Donation.html">Donate</a></li>
<li>
<a
href="https://sourceforge.net/p/veracrypt/discussion/"
target="_blank"
>Forums</a
>
</li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px" />
<a href="Technical%20Details.html">Technical Details</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px" />
<a href="Keyfiles.html">Keyfiles</a>
</p>
</div>
<div class="wikidoc">
<h1>Keyfiles</h1>
<div
style="
text-align: left;
margin-top: 19px;
margin-bottom: 19px;
padding-top: 0px;
padding-bottom: 0px;
"
>
<p>
VeraCrypt keyfile is a file whose content is combined with a password.
The user can use any kind of file as a VeraCrypt keyfile. The user can
also generate a keyfile using the built-in keyfile generator, which
utilizes the VeraCrypt RNG to generate a file with random content (for
more information, see the section
<a href="Random%20Number%20Generator.html">
<em>Random Number Generator</em></a
>).
</p>
<p>
The maximum size of a keyfile is not limited; however, only its first
1,048,576 bytes (1 MiB) are processed (all remaining bytes are ignored
due to performance issues connected with processing extremely large
files). The user can supply one or more keyfiles (the number of
keyfiles is not limited).
</p>
<p>
Keyfiles can be stored on PKCS-11-compliant [23] security tokens and
smart cards protected by multiple PIN codes (which can be entered
either using a hardware PIN pad or via the VeraCrypt GUI).
</p>
<p>
EMV-compliant smart cards' data can be used as keyfile, see chapter
<a
href="EMV%20Smart%20Cards.html"
style="text-align: left; color: #0080c0; text-decoration: none.html"
>
<em style="text-align: left">EMV Smart Cards</em></a
>.
</p>
<p>
Keyfiles are processed and applied to a password using the following
method:
</p>
<ol>
<li>
Let <em>P</em> be a VeraCrypt volume password supplied by user (may
be empty)
</li>
<li>Let <em>KP</em> be the keyfile pool</li>
<li>
Let <em>kpl</em> be the size of the keyfile pool <em>KP</em>, in
bytes (64, i.e., 512 bits);
<p>
kpl must be a multiple of the output size of a hash function H
</p>
</li>
<li>
Let <em>pl</em> be the length of the password <em>P</em>, in bytes
(in the current version: 0 &le; <em>pl</em> &le; 64)
</li>
<li>
if <em>kpl &gt; pl</em>, append (<em>kpl &ndash; pl</em>) zero bytes
to the password <em>P</em> (thus <em>pl = kpl</em>)
</li>
<li>
Fill the keyfile pool <em>KP</em> with <em>kpl</em> zero bytes.
</li>
<li>
For each keyfile perform the following steps:
<ol type="a">
<li>
Set the position of the keyfile pool cursor to the beginning of
the pool
</li>
<li>Initialize the hash function <em>H</em></li>
<li>
Load all bytes of the keyfile one by one, and for each loaded
byte perform the following steps:
<ol type="i">
<li>
Hash the loaded byte using the hash function
<em>H</em> without initializing the hash, to obtain an
intermediate hash (state) <em>M.</em> Do not finalize the
hash (the state is retained for next round).
</li>
<li>
Divide the state <em>M</em> into individual bytes.<br />
For example, if the hash output size is 4 bytes, (<em>T</em
><sub>0</sub> || <em>T</em><sub>1</sub> || <em>T</em
><sub>2</sub> || <em>T</em><sub>3</sub>) = <em>M</em>
</li>
<li>
Write these bytes (obtained in step 7.c.ii) individually to
the keyfile pool with the modulo 2<sup>8</sup> addition
operation (not by replacing the old values in the pool) at
the position of the pool cursor. After a byte is written,
the pool cursor position is advanced by one byte. When the
cursor reaches the end of the pool, its position is set to
the beginning of the pool.
</li>
</ol>
</li>
</ol>
</li>
<li>
Apply the content of the keyfile pool to the password
<em>P</em> using the following method:
<ol type="a">
<li>
Divide the password <em>P</em> into individual bytes <em>B</em
><sub>0</sub>...<em>B</em><sub>pl-1</sub>.<br />
Note that if the password was shorter than the keyfile pool,
then the password was padded with zero bytes to the length of
the pool in Step 5 (hence, at this point the length of the
password is always greater than or equal to the length of the
keyfile pool).
</li>
<li>
Divide the keyfile pool <em>KP</em> into individual bytes
<em>G</em><sub>0</sub>...<em>G</em><sub>kpl-1</sub>
</li>
<li>For 0 &le; i &lt; kpl perform: Bi = Bi &oplus; Gi</li>
<li>
<em>P</em> = <em>B</em><sub>0</sub> || <em>B</em><sub>1</sub> ||
... || <em>B</em><sub>pl-2</sub> || <em>B</em><sub>pl-1</sub>
</li>
</ol>
</li>
<li>
The password <em>P</em> (after the keyfile pool content has been
applied to it) is now passed to the header key derivation function
PBKDF2 (PKCS #5 v2), which processes it (along with salt and other
data) using a cryptographically secure hash algorithm selected by
the user (e.g., SHA-512). See the section
<a href="Header%20Key%20Derivation.html">
<em>Header Key Derivation, Salt, and Iteration Count</em></a
>
for more information.
</li>
</ol>
<p>
The role of the hash function <em>H</em> is merely to perform
diffusion [2]. CRC-32 is used as the hash function <em>H</em>. Note
that the output of CRC-32 is subsequently processed using a
cryptographically secure hash algorithm: The keyfile pool content (in
addition to being hashed using CRC-32) is applied to the password,
which is then passed to the header key derivation function PBKDF2
(PKCS #5 v2), which processes it (along with salt and other data)
using a cryptographically secure hash algorithm selected by the user
(e.g., SHA-512). The resultant values are used to form the header key
and the secondary header key (XTS mode).
</p>
<p>&nbsp;</p>
<p>
<a
href="Personal%20Iterations%20Multiplier%20%28PIM%29.html"
style="
text-align: left;
color: #0080c0;
text-decoration: none;
font-weight: bold.html;
"
>Next Section &gt;&gt;</a
>
</p>
</div>
</div>
<div class="ClearBoth"></div>
</body>
</html>