This project has moved and is read-only. For the latest updates, please go here.

pre-boot authentication via keyfile


I couldn't find anything in this regard in the FAQ:

is it possible to unlock a system (boot..) partition with an (USB..) keyfile, similar to bitlocker?


idrassi wrote Jan 13, 2015 at 3:29 PM

Currently, VeraCrypt bootloader only supports the use of a password.
Supporting keyfile for pre-boot authentication would need to implement accessing USB storage from the bootloader which means implementing the possibility to access and read USB devices and filesystems (FAT, NTFS). This kind of implementation needs extra code that will not fit in the 32KB of the current bootloader.

I don't know exactly how bitlocker works internally but it certainly uses a more advanced bootloader stored either in the 100 MB system partition of Windows or in the USB key directly.

One planned feature for VeraCrypt is the possibility of creating the bootloader in a USB key and not the system disk ( Thus, the system can't even boot without the use of this USB key and USB keys created for other VeraCrypt systems won't work.
Of course, this is not the same as using a keyfile but it will offer a security enhancement over what is used today.

That being said, I'm marking this issue as a feature as it is clearly very important for the future of VeraCrypt.

perler wrote Jan 16, 2015 at 11:56 AM