Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add VeraCrypt support #65

wants to merge 12 commits into from

Add VeraCrypt support #65

wants to merge 12 commits into from


Copy link

@idrassi idrassi commented Nov 25, 2014

These patches implement support for VeraCrypt (, a fork of TrueCrypt.
The first two patches are not related to VeraCrypt but are needed by the third patch which implement VeraCrypt support.

The first patch corrects the encoding of the minimum version field in the volume header.
The second patch brings a better handling of PRF algorithms by separating those used in system encryption from those used in standard containers encryption.
The third patch adds a switch ("veracrypt-mode") to tc-play that will activated VeraCrypt support in the used commands. The differences between normal mode and VeraCrypt mode are:

  • PRF algorithms Iterations count (much higher than in TrueCrypt)
  • SHA256 support for system encryption and in standard containers.
  • value minimum version field in the volume header is 0x010b instead of 0x0700.
  • Volume header signature is "VERA" instead of "TRUE"

VeraCrypt documentation that is derived from TrueCrypt one (without the mistakes):

Differences between VeraCrypt and TrueCrypt :

mhogomchungu and others added 9 commits Mar 18, 2015
bump version number to make it easy to separate versions with VeraCrypt support and those without. Remove several compilation warnings.
fix a build issue when trying to compile while "DEBUG" variable is set by adding a missing comma
fix a potential memory leak
Copy link

fcore117 commented Nov 20, 2015

any progress on merge?

Copy link

xavier83 commented May 1, 2016

looks like tc-play is dead.

Copy link

mhogomchungu commented May 1, 2016

Upstream seems to no longer care about it but it lives on with zuluCrypt[1] where all these patches are already in.

tc-play in zuluCrypt for example can create and unlock VeraCrypt volumes that use a PIM value.This ability is not among patches above.


@bwalex bwalex mentioned this pull request Sep 3, 2017
Copy link

kevinoid commented Sep 7, 2018

As someone currently evaluating cross-platform disk encryption options, I'd really like to see VeraCrypt support in tcplay. Not least because the TrueCrypt Security Assessment specifically calls out the weak volume header key derivation "iteration count is too small to prevent password guessing attacks for even moderately complex passwords" which is addressed by VeraCrypt.

Perhaps now that a few more years have passed, the other TrueCrypt forks are dead or stagnant, VeraCrypt has undergone its own security audit, and VeraCrypt support has been added to cryptsetup and other similar tools, it's worth re-evaluating the merits of including support for VeraCrypt?

If this PR in its current form is not acceptable, is there any form which would be accepted?

Copy link

bwalex commented Feb 27, 2020

VeraCrypt support is now merged as a simple selection of PBKDF2 PRFs, without the need of any additional flags or API changes.

@bwalex bwalex closed this Feb 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

None yet

6 participants