Hard Disk Encryption#
(Nitrokey HSM 2 - Windows)
VeraCrypt (formerly TrueCrypt)#
VeraCrypt is a free and Open Source disk encryption software for Windows, macOS, and GNU+Linux. It is the successor of TrueCrypt and thus recommended, although the following instructions should apply to TrueCrypt as well.
Follow these steps to use the program with Nitrokey:
Install the latest release of OpenSC, or download the PKCS#11 library.
Choose the library in VeraCrypt under Settings>Preferences>Security Token (location depends on system, e.g.
Generate a 64 Byte key file via Tools>Keyfile Generator.
Now you should be able to import the generated key file via Tools>Manage Security Token Keyfiles. You should choose the first Slot (
 User PIN). The keyfile is then stored on the Nitrokey as ‘Private Data Object 1’ (
After this you should wipe the original keyfile on your Computer securely!
Now you can use VeraCrypt with the Nitrokey: Create a container, choose the keyfile on the device as an alternative to a password.
Please note that VeraCrypt doesn’t make use of the full security which Nitrokey (and smart cards in general) offer. Instead it stores a keyfile on the Nitrokey which theoretically could be stolen by a computer virus after the user enters the PIN.
Note: Aloaha Crypt is based on TrueCrypt/VeraCrypt but without the described security limitation.