UniToken Integration TrueCrypt Keyfile

From SecuTech Wiki
Jump to: navigation, search

Install the PKI Package

This section explains how to install the PKI package that can be found inside the UniToken SDK. The End User package can be found inside the folder "Redist/Enduser/".

1 Right-click on the PKI package installation file and choose [Run as administrator].Execute the file with an account that has administrator rights on this computer. Bitlocker img01.jpg
2 Click on [Next] in the InstallShield Wizard welcome screen. Bitlocker img02.jpg
3 Input your User Name and Company Name and click on [Next]. Bitlocker img03.jpg
4 Select [Complete] and click on [Next]. Bitlocker img04.jpg
5 Click on [Install] to begin the installation of the PKI package. Bitlocker img05.jpg
6 Verify that the InstallShield Wizard completed successfully and click on [Finish]. Bitlocker img06.jpg

Configure PKCS Support in TrueCrypt

1 In the main menu of TrueCrypt, click on [Settings],[Security Tokens].
Truecrypt img01.jpg
2 In the [TrueCrypt - Security Token Preferences] window, click [Select Library...] and select the library file to be used. By default, the PKI package will install this file in the Windows%System32% directory, library file "utp11.dll". Click [OK]. Truecrypt img02.jpg

Create an Encrypted Volume with TrueCrypt

1 To create a new encrypted volume, in the main window, click [Create Volume]. Then, on the first page of the wizard, click [New]. Freeotfe img03.jpg
2 On the [Volume Type] page, click on [Next] to continue the volume creation procedure. Freeotfe img04.jpg
3 Click [Select File] to choose where to store the encrypted volume. Click [Next] to continue. Freeotfe img05.jpg
4 Choose a file name for your encrypted volume and click [Next] to continue. Freeotfe img06.jpg
5 Once you’ve chosen where to save your file. Click [Next] to continue. Freeotfe img07.jpg
6 Keep the default encryption algorithms or change it depending on your needs. Click on [Next] to continue. Freeotfe img08.jpg
7 Choose the size for your volume. Click [Next]. Freeotfe img09.jpg
8 Choose a password for your volume, make sure that [Use keyfiles] is checked and click on [Keyfiles] in order to create a keyfile for your volume (later we will store this keyfile inside the UniToken). Freeotfe img10.jpg
9 Click [Generate Random Keyfile…] to generate a new keyfile. Freeotfe img11.jpg
10 Click [Generate and Save Keyfile] to save the file. Freeotfe img12.jpg

Create a keyfile for the encrypted volume and store it inside UniToken

1 In the main menu, click on [Tools] [Create keyfile…] Freeotfe img13.jpg
2 Choose the type of your encrypted volume (file or partition) and click on [Next]. Freeotfe img14.jpg
3 Indicate where your encrypted volume is located and click on [Next]. Freeotfe img15.jpg
4 Input the password of your volume and click on [Next]. Freeotfe img16.jpg
5 Choose where you want to store the keyfile (At this step you cannot directly store the keyfile directly to the Token, you first have to save it to your computer and import it to your Token later). Freeotfe img17.jpg
6 Input a password for your keyfile and confirm it. Click on [Next] to continue. Freeotfe img18.jpg
7 Choose the elements that you want to use for password salting and random padding data. We have decided to choose Microsoft CrytoAPI and PKCS#11 Token. Click on [Next]. Freeotfe img19.jpg
8 Check that the correct UniToken is selected and click on [Finish]. Freeotfe img20.jpg
9 In the main menu, choose [Tools] [PKCS#11 token management]. Freeotfe img21.jpg
10 Input the PIN for the UniToken and click on [OK]. Freeotfe img22.jpg
11 In the [Keyfiles] tab, click on [Import] and select the keyfile that you just created. Freeotfe img23.jpg
12 When the dialog box [Keyfile imported successfully as : (name of the keyfile)] appears, the import is finished. For more security, you can choose to delete the keyfile stored on your computer and keep only the one inside the UniToken. Freeotfe img24.jpg

Unlock the encrypted volume with the keyfile stored in UniToken

1 If you lost the password for your volume, you can now use your UniToken to access the data. Click on [Mount file] (or [Mount Partition] if you encrypted a whole partition).
Freeotfe img25.jpg
2 Check [PKCS#11] and when the [Security Token/SmartCard PIN] dialog box appears, fill in your PIN and click on OK. Freeotfe img26.jpg
3 Input the password for the keyfile in the password field and select the right keyfile in the PKCS#11 file. Click on [OK] to confirm and get access to your encrypted volume. Freeotfe img27.jpg


Public Key Infrastructure (PKI): a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

Microsoft Cryptography API, MS-CAPI: an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography.

PKCS: refers to a group of public-key cryptography standards devised and published by RSA Security.