Operation Manual
70
Volumes -> Add/Remove Keyfiles to/from Volume
This function allows you to re-encrypt a volume header with a header encryption key derived from
any number of keyfiles (with or without a password), or no keyfiles at all. Thus, a volume which is
possible to mount using only a password can be converted to a volume that require keyfiles (in
addition to the password) in order to be possible to mount. Note that the volume header contains
the master encryption key with which the volume is encrypted. Therefore, the data stored on the
volume will not be lost after you use this function.
This function can also be used to change/set volume keyfiles (i.e., to remove some or all keyfiles,
and to apply new ones).
Remark: This function is internally equal to the Password Change function.
When VeraCrypt re-encrypts a volume header, the original volume header is first overwritten 256
times with random data to prevent adversaries from using techniques such as magnetic force
microscopy or magnetic force scanning tunneling microscopy [17] to recover the overwritten
header (however, see also the chapter Security Requirements and Precautions).
Volumes -> Remove All Keyfiles from Volume
This function allows you to re-encrypt a volume header with a header encryption key derived from a
password and no keyfiles (so that it can be mounted using only a password, without any keyfiles).
Note that the volume header contains the master encryption key with which the volume is
encrypted. Therefore, the data stored on the volume will not be lost after you use this function.
Remark: This function is internally equal to the Password Change function.
When VeraCrypt re-encrypts a volume header, the original volume header is first overwritten 256
times with random data to prevent adversaries from using techniques such as magnetic force
microscopy or magnetic force scanning tunneling microscopy [17] to recover the overwritten
header (however, see also the chapter Security Requirements and Precautions).
Tools -> Keyfile Generator
You can use this function to generate a file or more with random content, which you can use as a
keyfile(s) (recommended). This function uses the VeraCrypt Random Number Generator. Note
that, by default, only one key file is generated and the resulting file size is 64 bytes (i.e., 512 bits),
which is also the maximum possible VeraCrypt password length. It is also possible to generate
multiple files and specify their size (either a fixed value for all of them or let VeraCrypt choose file
sizes randomly). In all cases, the file size must be comprised between 64 bytes and 1048576
bytes (which is equal to 1MB, the maximum number of a key file bytes processed by VeraCrypt).
Settings -> Default Keyfiles
Use this function to set default keyfiles and/or default keyfile search paths. This function is
particularly useful if you, for example, store keyfiles on a USB memory stick that you carry with
you. You can add its drive letter to the default keyfile configuration. To do so, click Add Path,
browse to the drive letter assigned to the USB memory stick, and click OK. Now each time you
mount a volume (and if Use keyfiles is checked in the password dialog), VeraCrypt will scan the
path and use all files that it finds there as keyfiles.