Hard Disk Encryption#

(Nitrokey HSM 2 - Windows)

VeraCrypt (formerly TrueCrypt)#

VeraCrypt is a free and Open Source disk encryption software for Windows, macOS, and GNU+Linux. It is the successor of TrueCrypt and thus recommended, although the following instructions should apply to TrueCrypt as well.

Follow these steps to use the program with Nitrokey Storage 2 or Nitrokey Pro 2:

  1. Install the latest release of OpenSC, or download the PKCS#11 library.

  2. Choose the library in VeraCrypt under Settings>Preferences>Security Token (location depends on system, e.g. /usr/lib/opensc).

  3. Generate a 64 Byte key file via Tools>Keyfile Generator.

  4. Now you should be able to import the generated key file via Tools>Manage Security Token Keyfiles. You should choose the first Slot ([0] User PIN). The keyfile is then stored on the Nitrokey as ‘Private Data Object 1’ (PrivDO1).

  5. After this you should wipe the original keyfile on your Computer securely!

  6. Now you can use VeraCrypt with the Nitrokey: Create a container, choose the keyfile on the device as an alternative to a password.


Security Consideration

Please note that VeraCrypt doesn’t make use of the full security which Nitrokey (and smart cards in general) offer. Instead it stores a keyfile on the Nitrokey which theoretically could be stolen by a computer virus after the user enters the PIN.

Note: Aloaha Crypt is based on TrueCrypt/VeraCrypt but without the described security limitation.