How to use OnlyKey for full-disk encryption
Edit me

Full-Disk Encryption

OnlyKey may be used to store a long random password (up to 56 characters long) that is ideal for full-disk encryption. As OnlyKey is detected as a regular USB keyboard this method of full-disk encryption password entry works on all devices and operating sytems.

Windows Bitlocker

OnlyKey may be used to enter passphrase/PIN to unlock Bitlocker encrypted drives.


OnlyKey may be used to enter passphrase to unlock LUKS encrypted drives.


OnlyKey may be used to unlock any encrypted drive that supports a PIN, password, or passphrase such as VeraCrypt drives.

Head-less Device Authentication Scenarios

There are quite a few scenarios where secure authentication with a head-less (no monitor) computer is required. Here is an example use case and how OnlyKey may be utilized:

  • A consulting company wants to ship a testing device to a customer. Full-disk encryption is enabled to ensure that only the customer at the destination can decrypt and access the server. Company ships both the server and a provisioned OnlyKey protected by a PIN code. Upon receiving the shipment customer calls client to obtain PIN code (or sent via secure messaging). The client inserts the OnlyKey, unlocks with PIN code and presses a button which sends a very strong 56 character password to unlock the server.

OnlyKey helps is several ways:

  • Sending the client the password securely may be an issue. If the password is intercepted by a hacker it may be used to access the server. On the other hand, the OnlyKey PIN is only usable by a hacker if they also have access to the physical OnlyKey device.
  • The client may decide to write the password down or store it insecurely, with OnlyKey there is no password to write down.
  • The client may become frustrated typing that long of a password. OnlyKey automatically types the password at the push of a button which adds convenience without compromise of security.
  • OnlyKey gives visible feedback to the user when FDE login is successful on Linux systems by using custom UDEV rule here which makes OnlyKey blink blue after login success.