This project has moved and is read-only. For the latest updates, please go here.

Use smartcard without screen, keyboard and mouse

Topics: Technical Issues, Users Discussion
Apr 15, 2015 at 1:24 PM
Hi all,

we want to protect the harddisk of our systems with harddisk encryption en pre-boot authnetication using a smartcard. But our systems is just a PC without a screen, keyboard and mouse attached.

Is it possible to use VeraCrypt without GUI in operational mode?

What I would like is:
  • system is turned off
  • insert the smartcard which holds the keyfile (without PINcode or with the PINcode inside the PKCS11 module)
  • turn on the system
  • smartcard is used to read the keyfile
  • harddisk is decrypted
Is this possible with VeraCrypt?

Thanks in advance,
RvdP
Apr 16, 2015 at 4:02 PM
Hello RvdP,

Currently per the documentation on keyfiles, keyfiles are currently not supported for system encryption.

https://veracrypt.codeplex.com/wikipage?title=Keyfiles%20in%20VeraCrypt

Also, TrueCrypt/VeraCrypt expect to present the bootloader screen.

Regards.
May 25, 2015 at 10:08 PM
Sorry for the shameless plug, but I believe what you are attempting (essentially: start a fully encrypted system with as little manual work as possible) caan be archieved with a Yubikey USB Stick.

You set up your system and encrypt the thing. At boot time all you need to do is plug in the USB Key, it will register with the System as a HID (Interfave Device, as in Keyboard) and at the touch of a button send the static password you used for encryption of the drive. The sequence would be slightly different...
  • Fire up system
  • Wait until you can be sure system passed POST and is not sitting idle at the password prompt
  • plug in yubikey, wait 2- sec for it to register (they have a LED to let you know)
  • push button to send password
  • unplug while the device is booting into the OS