Multiple Encrypted Volumes

Just a thought on my part about an enhancement, would be to set up 2 encrypted volumes. One would have normal encrypted files and the other would be the one used for hidden volumes that people could put things in that wouldn’t change, so as to not mess up the hidden. That would leave the other to have changeable contents. Would this be possible or would it require drastic changes in the app? The thing would be that other then the owner no one would know which was which.

The encrypted volume of the Nitrokey Storage can be unlocked by entering the User PIN which is the same for the smart card. Your suggestion would implicate that encrypted volumes would need to be unlocked with a PIN different from the User PIN. Otherwise the PIN could be easily verified (and a false PIN could be unmasked) by accessing the smart card. This additional PIN would sum up to five PINs/password: User PIN, Admin PIN, Firmware Password, PIN for encrypted volume 1, PIN for encrypted volume 2. I think from a usability perspective this is way too complicated for most users.

In addition the available storage capacity would need to be considered. For instance, do you want to split the available storage between both encrypted volumes? This would result in 50% less capacity, for users who don’t want to use the 2nd encrypted volume.

Thanks! As I said it was something of a thought and I didn’t know
exactly what would be involved. Personally I wouldn’t mind the split but
I can see others wouldn’t. My only reason for it was using a hidden
means I can’t do anything else with the encrypted it’s in without
killing the hidden.

1 Like

Hi @ThePhoenyx,

but that is not too bad, is it? I mean you can create a hidden volume which uses nearly all the available space. Then you are fine as you can use most of the space and do not need to bother about the encrypted disk you should not use.

Kind regards

True, it’s just that someone might ask “why aren’t you using this
encrypted volume?”


it is normally advised to put some files in the “normal” encrypted area which are not suspicous for anyone before setting up hidden volumes. This is small camouflage. The important thing of hidden volumes is the deniability anyway. Nobody can force you to proof that you do not have a hidden volume you do not unhide, because that is not possible technically.
It is not a crime to have an empty encrypted volume either :joy:

Kind regards