What are keyfiles? how do they work ?

You may have seen in some applications that have an encryption option such as Kepass or Veracrypt where you can create a “keyfile” but what is a keyfile ? what is its purpose?.

Security Stock Image

A keyfile is a file with an encryption key that is random generated either by entering random text and numbers or moving a mouse around the key values that are generated are then outputted to a file used to decrypt the files. You can think of this as an alternative to a passphrase.

See below for a screenshot from Keepass which is a password manager. in the case of Keepass, you use your mouse to generate random values of up to 256bit the idea is the random motion of the mouse will generate a good amount of entropy.


Keyfiles can be used on their own or with another form of authentication such as a passphrase this is my personal preference I have a keyfile that is on a USB stick and also a passphrase the 2 combined are a great way to protect your data especially with something like a password manager.

A keyfile can have any extension it can also be hidden inside an image file for some sneaky stereography.

Like your private keys for your certificates, you want to guard the keyfile  as this is essentially your private key you ideally want to have the keyfile separate from the database of files you are protecting.

It is not a good idea to have the keyfile and the data on the same computer especially if this is the only way in which you are using to authenticate yourself.

You may be a bit safe if you are using a passphrase as well as the keyfile.

Keyfiles are used in a wide range of applications that have an encryption mechanism I recommend the use of keyfile along with a passphrase always remember to treat a keyfile as you would a private key for a certificate

you can find Keepass @ https://keepass.info/

find Veracrypt @ https://veracrypt.codeplex.com





Leave a Reply

Your email address will not be published. Required fields are marked *