TrueCrypt in Linux

Installation

1. The following package are needed:
   • kernel-source
   • dmsetup
   • device mapper

2. • ./build.sh
     ./install.sh
       

Creating a file based encryption volume

1. Can be use normal user

   • $ truecrypt --size 10M
     $ cd /tmp
     $ truecrypt
     $ pwd
     /tmp
     $ truecrypt --size 10M -c 10m.tc
     Volume type:
      1) Normal
      2) Hidden
     Select [1]: 1
     
     Filesystem:
      1) FAT
      2) None
     Select [1]: 1
     
     Hash algorithm:
      1) RIPEMD-160
      2) SHA-1
      3) Whirlpool
     Select [1]: 2
     
     Encryption algorithm:
      1) AES
      2) Blowfish
      3) CAST5
      4) Serpent
      5) Triple DES
      6) Twofish
      7) AES-Twofish
      8) AES-Twofish-Serpent
      9) Serpent-AES
     10) Serpent-Twofish-AES
     11) Twofish-Serpent
     Select [1]: 2
     
     Enter password for new volume '10m.tc': 
     Re-enter password: 
     
     Enter keyfile path [none]:
     
     TrueCrypt will now collect random data.
     
     Is your mouse connected directly to computer where TrueCrypt is running? [Y/n]: n
     
     Please type at least 320 randomly chosen characters and then press Enter:
     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
     
     
     Done: 9.75 MB  Speed: 6.09 MB/s  Left: 0:00:00
     Volume created.
     $ truecrypt -p abcd1234 -u 10m.tc /tmp/ttt/
     $ cd /tmp/ttt/
     $ df -k /tmp/ttt
     Filesystem           1K-blocks      Used Available Use% Mounted on
     /dev/mapper/truecrypt0
                             130794         0    130794   0% /tmp/ttt
     
     $ truecrypt -d /dev/mapper/truecrypt0
       

2. In fact we can create the encryption volume in a partition / LV. But this time root is required.

   • (assume there is a VG called vg01)
     #lvcreate -L 128M -n abc_lv vg01
       Logical volume "abc_lv" created
     #truecrypt -c /dev/vg01/abc_lv
     Volume type:
      1) Normal
      2) Hidden
     Select [1]: 1
     
     Filesystem:
      1) FAT
      2) None
     Select [1]: 1
     
     Hash algorithm:
      1) RIPEMD-160
      2) SHA-1
      3) Whirlpool
     Select [1]: 2
     
     Encryption algorithm:
      1) AES
      2) Blowfish
      3) CAST5
      4) Serpent
      5) Triple DES
      6) Twofish
      7) AES-Twofish
      8) AES-Twofish-Serpent
      9) Serpent-AES
     10) Serpent-Twofish-AES
     11) Twofish-Serpent
     Select [1]: 2
     
     Enter password for new volume '/dev/vg01/abc_lv':
     Re-enter password:
     Passwords do not match.
     
     Enter password for new volume '/dev/vg01/abc_lv':
     Re-enter password:
     
     Enter keyfile path [none]:
     
     TrueCrypt will now collect random data.
     
     Is your mouse connected directly to computer where TrueCrypt is running? [Y/n]: n
     
     Please type at least 320 randomly chosen characters and then press Enter:
     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
     
     Done: 125.55 MB  Speed: 15.26 MB/s  Left: 0:00:00
     Volume created.
     #truecrypt /dev/vg01/abc_lv /abc
     Enter password for '/dev/vg01/abc_lv':
     #df -k /abc
     Filesystem           1K-blocks      Used Available Use% Mounted on
     /dev/mapper/truecrypt1
                             130794         0    130794   0% /abc
     #df -T /abc
     Filesystem    Type   1K-blocks      Used Available Use% Mounted on
     /dev/mapper/truecrypt1
                   vfat      130794         0    130794   0% /abc
     #truecrypte -d /dev/mapper/truecrypt1
       

3. Please note that vfat/fat32 is the default filesystem. So how about if we want to have an encrypted reiserfs filesystes?

   • #truecrypte --filesystem reiserfs /dev/vg01/abc_lv
     (skip the interactive wizard)
     #truecrypte -N 0 /dev/vg01/abc_lv
     
     #mkfs.reiserfs /dev/mapper/truecrypt0
     mkfs.reiserfs 3.6.19 (2003 www.namesys.com)
     
     A pair of credits:
     Joshua Macdonald wrote the first draft of the transaction manager. Yuri Rupasov
     did testing  and benchmarking,  plus he invented the r5 hash  (also used by the
     dcache  code).  Yura  Rupasov,  Anatoly Pinchuk,  Igor Krasheninnikov,  Grigory
     Zaigralin,  Mikhail  Gilula,   Igor  Zagorovsky,  Roman  Pozlevich,  Konstantin
     Shvachko, and Joshua MacDonald are former contributors to the project.
     
     Lycos Europe  (www.lycos-europe.com)  had  a  support  contract  with  us  that
     consistently came in just when we would otherwise have missed payroll, and that
     they kept doubling every year. Much thanks to them.
     
     
     Guessing about desired format.. Kernel 2.6.17-11-generic is running.
     Format 3.6 with standard journal
     Count of blocks on the device: 32752
     Number of blocks consumed by mkreiserfs formatting process: 8212
     Blocksize: 4096
     Hash function used to sort names: "r5"
     Journal Size 8193 blocks (first block 18)
     Journal Max transaction length 1024
     inode generation number: 0
     UUID: 7ffaa516-0015-46bc-bfc0-6fdd7dca59ba
     ATTENTION: YOU SHOULD REBOOT AFTER FDISK!
             ALL DATA WILL BE LOST ON '/dev/mapper/truecrypt0'!
     Continue (y/n):y
     Initializing journal - 0%....20%....40%....60%....80%....100%
     Syncing..ok
     
     Tell your friends to use a kernel based on 2.4.18 or later, and especially not a
     kernel based on 2.4.9, when you use reiserFS. Have fun.
     
     ReiserFS is successfully created on /dev/mapper/truecrypt0.
     #truecrypt /dev/vg01/abc_lv  /abc
     truecrypt: Volume already mapped
     #truecrypt -d /dev/vg01/abc_lv
     #truecrypt /dev/vg01/abc_lv  /abc
     Enter password for '/dev/vg01/abc_lv':
     #df -T /abc
     Filesystem    Type   1K-blocks      Used Available Use% Mounted on
     /dev/mapper/truecrypt0
               reiserfs      131000     32840     98160  26% /abc