forked from ggkitsas/cryptostick-truecrypt
fakedrake/cryptostick-truecrypt
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
----- True Crypt improvement Description: True Crypt already has the capability to use smart cards (via PKCS#11) to unlock encrypted volumes. However, this feature is suboptimal (from a security standpoint) and need to be improved. Currently TrueCrypt simply stores the so called keyfile in the (PIN protected) smart card. Instead TrueCrypt should use the expected challenge-response mechanism of smart cards: The volume key should be encrypted with smart card's certificate/key and stored at the volume. In order to unlock an encrypted volume, TrueCrypt should send the encrypted volume key to the smart card and receive the unencrypted key back. The unencrypted key should never be stored anywhere. A user documentation incl. screen shots should be created. Tasks Involved: 1) Understand PKCS#11 interface and TrueCrypt's internals. You can see how PKCS#11 interface is implemented in OpenSC. This guy is author of pkcs#11 implementation in many application. I think TrueCrypt has implemented a part of pkcs#11 already (to store keyfile to smartcard) 2) Develop solution and agree with TrueCrypt's developers. 3) Patch and test TrueCrypt with Crypto Stick. 4) Commit patch to TrueCrypt and incorporate potential feedback from developers. 5) Publish fork of TrueCrypt including binaries 6) Create user documentation. ----- Folder structure truecrypt: contains: truecrypt sources wxwidgets sources needed to build truecrypt pkcs11 headers cryptostick: Here lives cryptostick firmware and client sources docs: Contains needed documentation for the project
About
GSoC 2014 - Crypto stick project: True Crypt imporovement
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published