Mittwoch, 29. Dezember 2010

Using .NET SmartCard with TrueCrypt

This post is about the usage of the .NET SmartCard in Thunderbird. You might want to read Installing and configuring a .NET Smartcard first.


It is possible to use the SmartCard with TrueCrypt, however, it does not provide the level of security it could be. This is because TrueCrypt is not able to use the certificats stored on the card. The strong security of the card is based on the fact that secret portion of the certificate cannot be read from the card and thus, cannot be copied. TrueCrypt can use only security tokens, which can be stored on the card. The token can be read and copied by any application that is provided with the PIN of the card.
Anyway, using the security token is typically much more safe than using a password.


Configuring the security device

Open truecrypt, go to Settings –> Security Tokens


Select the Gemalto PKCS#11 Library. Mine was located at
C:\Program Files (x86)\Gemalto\PKCS11 for .NET V2 smart cards\gtop11dotnet.dll

Set the checkmark for “Close token session (log out) after a volume is successfully mounted

Loading a token onto the card

Go to Settings –> Default Keyfiles


Press Generate Random Keyfile… and save the generated keyfile


Press Add Token Files… and add the generated keyfile to the card via Import Keyfile To Token…


Make sure you securely delete the generated keyfile from your harddisk now!

Done! Now you can use the keyfile on the SmartCard for container creation and for mounting the volumes.

Keine Kommentare: