Smart card keyfile implementation for VeraCrypt-DCS

[thomasnet-mc]

Hello,

I seen DCS has support for sending APDUs over to a smart card reader, and I'd be interested in adding more support for smart cards, hopefully up to being able to fetch a keyfile registered by VeraCrypt.

It's my first project with smart cards, so please feel free to correct me if I say anything wrong.
The way I'm thinking of doing it is by bypassing the need for a PKCS#11 interface and directly using ISO 7816-4 APDUs to login with a PIN entered by the user, and then fetching the keyfile from the card.

Maybe the VeraCrypt app could set the file ID corresponding to the keyfile it registered in the DCS config?

I'll try more things when I actually get a keycard, though!

[MADXhh]

+1

That sounds good! I would be very happy about this feature!

[kavsrf]

1. There is possibility to save master key to flash => data and keys are separate.
2. Master key is protected by password, pim and key from TPM + serials of target platform.
   Smart card can add small improvement – the key form SC is not possible to retrieve. It is not very important – imho.