Skip to content

Keychain Store

Save password

Version 3.5.0 introduces the option to save a mount password. The mount password is extremely sensitive since it provides full access to the content of the encrypted disk.

Disk Decipher stores the encrypted password in the keychain (of course), and allows you to control the protection level of the keychain entry (for each encrypted disk individually).

You can choose between several different access control levels:

  • None - this will allow anyone who is able to open the Disk Decipher app to use the saved password. Be sure to enable passcode protection in iOS and/or Disk Decipher (preferably both)
  • User Presence - requires biometry (either currently enrolled or future) or providing the device passcode
  • User Presence and Password - this adds an extra layer to User Presence by requiring an extra password (of your choice)
  • Device Passcode
  • Current Biometry - requires currently enrolled biometry (enrolling new TouchID or FaceID registrations will invalidate the keychain entry)
  • Current Biometry and Device Passcode - requires both currently enrolled biometry and providing the device passcode

Do let me know if you need another combination, there are many possible combinations, the ones listed above are the most common ones.

If one (or more) of the options above are greyed out on your device, please check if the corresponding item is available and enrolled. E.g. for Device Passcode to be available, a passcode must obviously be set on your device.

Availability

This feature is available both in the Disk Decipher app (since version 3.5.0) and in the iOS File Provider (since version 3.5.4).

Note that iOS closes the iOS File Provider user interface on performing biometric or passcode authentication. Just tap the "Authenticate" button a second time and your saved password will be there.

Save algorithms

For some disk formats, most notably VeraCrypt, Disk Decipher has to try many different combinations of hash and cipher algorithms to mount a disk, which can take a lot of time.
Note that this is by design to discourage brute-force password attacks.

Version 5.0.2 adds the "Save algorithms" option to the mount dialog. By enabling this option on mounting a disk, the app will store the hash and cipher algorithms that are auto-detected securely in the keychain, thus saving time on consecutive mounts.
This option does not store any cryptographic key, only the names of the algorithms that are used.

Other items stored in the keychain

Disk Decipher uses the keychain for storing other items too, considering the sensitivity of the data. This includes

  • Disk configuration data
  • Keyfiles (keyfiles are not stored anymore for security reasons, keyfiles stored with older Disk Decipher versions are still available for selection)
  • App Passcode
  • Storage Provider OAuth2 tokens
  • WebDAV username and password