Truecrypt

From MEPIS Documentation Wiki

Jump to: navigation, search

Contents

Introduction

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). See this introduction for details.

Installation

Due to licensing issues, Truecrypt is not in any repository, thus manual installation is required by following below instructions.

MEPIS 8.5, 11 and 12

  1. From http://www.truecrypt.org/downloads, download standard linux tar.gz file (choose 32 or 64 bit)
  2. Go to your download directory in Dolphin
  3. Right click the tar.gz file and select Extract Archive Here...
  4. You should now have a file listed called “truecrypt-7.1a-setup-x64” (depending on version number and 32 or 64 bit)
  5. To run that file as root, hit F4 key to open a terminal, enter command:
    su -c './truecrypt-7.1a-setup-x64'
  6. A new xmessage box will pop up.
  7. Click Install TrueCrypt
  8. Read and Agree with the license terms
  9. Click OK for the how to uninstall message
  10. A new TrueCrypt Setup window will open.
  11. When it is done, it will ask you to press Enter to exit.
  12. You can delete the downloaded tar.gz and setup file now as they are no longer needed after installation.

MEPIS 8.0

MEPIS 6.5 / 7.0

This method will get TrueCrypt working on 6.5 and 7.0. Note that you must already have installed the build-essential package, kernel headers and kernel sources. At least, extract the linux kernel source with

cd /usr/src
bzip2 -dc linux-source-2.6.xx.tar.bz2 | tar xvf -
  1. Get the Truecrypt source codes and extract them to a folder in your home directory
  2. In that folder you'll find a subfolder Linux. Open Konqueror and go to that folder
  3. Press F4 to bring up a shell
  4. su + root password
  5. ./build
  6. ./install

When it's done, first try as root

modprobe truecrypt 

If that doesn't work, try

modprobe -f truecrypt


MEPIS 6.0

Truecrypt now has a .deb that you can directly install on MEPIS 6. Use the Ubuntu 6.06 version.

Download and install at.

http://www.truecrypt.org/downloads.php

If you are using a 2.6.18 or 2.6.19 kernel, a patch for the Truecrypt source 4.2a can be found here.

Warning

Truecrypt does not encrypt existing files (as far as I know). It creates a encrypted container to put new and or existing files into. DO NOT encrypt a entire partition or drive that has existing data on it that you want to keep as it will be formatted when the volume is created. If you want to use truecrypt on a partition that has data on it create a file type volume instead of a partition or drive. A file type volume would look like any other file except it would be the size of the volume you want to create and it resides among all the other files. You are unable to tell the difference between a truecrypt file type volume and any other file. The size is the only thing that give's it away. Like a 10 gig file size. Your encrypted files or data go into this file type volume just like any other truecrypt volume no matter if its a drive , partition or the file type volume.

Example

/home/454redhawk/truecrypt-volume.tc <-----this is the name of the file type volume. Call it whatever you want and store it wherever you want

/dev/sda2 <---- This would be the name of a entire partition that you want to encrypt

/dev/sda <---- This would be the name of an entire drive that you want to encrypt

Replace the above references with whatever it is for you.

This is really easy and anyone of you can do it. In this example we are creating a file type volume and using FAT. It makes no difference what the file system of your current system is. When we talk about the file system in truecrypt we are talking about the file system INSIDE the volume container. So we can use a FAT system for the volume container but have that truecrypt file volume stored on an ext3 system.


UPDATE for ext3 file systems The below example is using an entire drive or entire partition. Modify to suit your needs if you just want to create a file type volume on your existing partition as was done in the above example.

To create the volume

truecrypt -c /dev/sda

That creates a truecrypt volume using the ENTIRE disk of sda. If you had a disk with other partitions on it you would choose the exact partition you want encrypted like /dev/sda1. Or if you wanted to create a ext3 file system on a file type volume you would just name the file as in /home/454redhawk/filename instead of /dev/whatever. Replace /sda , /sda1 or filename with whatever it is for you in the above example.

Continue on and answer each question with the default except the filesystem FAT or none, Choose NONE.

When you are finished type this

truecrypt /dev/sda

Replace /sda for whatever it is for you. type in your password when asked.

That command will place an entry in the /dev/mapper directory. Go see what the name of it is. Most likely truecrypt0

Now we want to create the ext3 filesystem on the drive. DONOT execute this command as root. You will not be able to access the volume as a user if you do. Other than the VERY first step in this [HOW TO] you do not need to be root.

mkfs.ext3 /dev/mapper/truecrypt0

replace truecrypt0 with whatever it is for you.

It will create the ext3 file system (if its a large drive it will take awhile so be patient).

when its finished unmount the volume ( truecrypt -d ) and then you can mount the volume as you normally would.

truecrypt /dev/sda /home/454redhawk/somemountpoint

Take note of the space between /sda and /home

Type your password

goto the mountpoint create a sample file unmount the volume with the desktop link you created before or use the following command

truecrypt -d

goto the mount point make sure nothing is there. (You might have to refresh the directory with the F5 key) Remount the volume with the desktop link you created before. goto the mount point and see if your sample file is there. (You might have to refresh the directory with the F5 key)

Use

MEPIS 8.5, 11 and 12

TrueCrypt runs with sudo which is not set up in MEPIS by default. So if you run TrueCrypt from Kmenu >>> Utilities, you will get an error when trying to mount a volume. Two ways to solve this are:
1. Always run TrueCrypt as root by using krunner: ATL-F2 and enter kdesu /usr/bin/truecrypt.
2. Set up sudo (the sudoers file), so that the Kmenu entry works:

  • In a konsole run as root: visudo
  • add this to the bottom of the file, but replace daddy with the name of the user
# User alias specification
User_Alias TRUECRYPTERS = daddy
# Cmnd alias specification
Cmnd_Alias TRUECRYPT = /usr/bin/truecrypt
# User privilege specification
TRUECRYPTERS ALL = (root) TRUECRYPT
  • CTRL-o to save and CTRL-x to exit.


To actually set up and use encrypted volumes, the TrueCrypt website has a very nice Beginner's Tutorial and other documentation. See the links section below.

M 8

M 6.5 and 7

When you want to run truecrypt under your normal user account, there may be a problem that the truecrypt module gets unloaded every time you unmount the encrypted 'partition'. In order to be able to modprobe without having to su to root, you can use the sudoers file to give yourself permission:

open console
su to root
visudo
create a line under 'User privilege specification' like this: YourAccount    ALL=/sbin/modprobe -f truecrypt
save with Ctrl-O
exit with Ctrl-X

That's it. From now on you can load the module from your account by issuing

sudo /sbin/modprobe -f truecrypt


Now, a very cool way to use Truecrypt is by downloading some Konqueror servicemenus from kde-apps.org. These will allow you to mount directly from KDE. It is possible to create a couple of shortcuts on the desktop, with neat KDE popup boxes asking for the root password, and you can even launch konqueror to automatically open the encrypted partition after mounting it. To do that, edit the script that you have downloaded from kde-apps as follows:

kwrite mount_truecrypt.sh
find line that says 'usr/bin/kdialog --title "Truecrypt: $DST mounted" --msgbox "Truecrypt partition $DST mounted successfully"'
replace with '/usr/bin/kfmclient openProfile filemanagement /home/YourAccount/TrueCryptMountPoint'
save file


For further directions, see the TrueCrypt tutorial.

M 6

OK, so you just installed it and want to know what it is and how it works.

If you have used Truecrypt in windows you know it has a GUI. As of yet we don't have that in linux so its command line interface for us. No big deal as it requires very little interaction.

TrueCrypt requires administrator (root) privileges. If you intend to use TrueCrypt from a user account, you should execute the following command as root in a terminal. This will only have to be done once.

chmod u+s /usr/bin/truecrypt

Exit root terminal

Next we want to create a TrueCrypt volume (container for our encrypted files) you can make this container any size you want.

truecrypt -c /home/454redhawk/filename

Replace 454redhawk and filename with what ever you want. In windows I used to stash the container in the service pack files DIR and give it a name that looked like a windows system file (system.sys). You can name it and place it where ever you want.

You can just follow the prompts from here or continue along if you want. If you follow the prompts on your own skip down after you finish making the volume to see how I made it easy to mount and unmount the Volumes.


TrueCrypt will now ask what kind of volume you want to create. Just hit the enter key to accept the default normal volume. It will then ask what type of file system to create. again just hit the enter key to accept the default FAT. Now it wants to know what size volume you want to make. For example type 200K or 100M or 5G Its just the number of (K)kilobytes, (M)megabytes or (G)gigabytes.

Now it will ask for the Hash algorithm. You can pick your own or hit enter to accept the default.

Next it asks for the Encryption algorithm. Again pick your own or hit the default enter.

Now it wants the password for the container. This can be any word or phrase you want. You can also include spaces in the phrase. Example “John has a long mustache�? or “The chair is against the wall�?

OK, after you have entered your pass phrase 2 times to confirm the pass phrase it will ask for the keyfile path. Hit enter unless you plan to use one. Default is none so hit enter.

Next you will create some random data by moving your mouse around so hit enter to the prompt “Is your mouse connected directly to computer where TrueCrypt is running?�? Now move your mouse wildly all over the screen in a random manner until you reach 100%

OK, we are almost done. Don't get discouraged. All of this you could have done without my help due to the prompts. I hope I have not insulted your intelligence.

EASY WAY TO MOUNT AND UNMOUNT

The next several steps is what I have done to make it easy to mount and unmount to use your newly encrypted container. Create a mount point(directory) for the mounted volume. Example /home/454redhawk/your-mount-point I then created a text file in my /home/454redhawk and called it tcmount place this inside of the text file.

#!/bin/sh

truecrypt -u /home/454redhawk/your-trucrypt-file /home/454redhawk/mount-point

Replace 454redhawk and your-trucrypt-file and mount-point with whatever it should be for you. Note the space between the word file and /home.

Save and exit. Now right click on that file you just made and choose properties. Click the permissions tab and click “is Executable�?. Click OK to exit.

Now make one more text file for the unmount called tcumount. Use the same method as above except put this in the file. #!/bin/sh truecrypt -d

Don't forget to make it executable.


Now go to your desktop and right click and choose Create new link to application. At the General tab call it TC mount. In the application tab click browse and navigate to your tcmount file and select it. Then click on advanced options and select “run in terminal�? Select OK to finish. Do the same thing for the tcumount file except you don't need to make it run in the terminal.


Now you are ready to mount and use you encrypted container. Click the link you made on your desktop for the mount. It will ask for your password and close after you type it in. It should now be mounted and you can copy and delete files to that location just like from any other folder.

To test it.

goto the mountpoint create a sample file unmount the volume with the desktop link you created goto the mount point make sure nothing is there. (You might have to refresh the directory with the F5 key)

Remount the volume with the desktop link you created goto the mount point and see if your sample file is there. (You might have to refresh the directory with the F5 key)

Thats all there is to it.

When you are finished working on that volume click the unmount link on the desktop and the volume will be unmounted. You can navigate to that location after you do this to verify nothing is there.

Just to make it even easier I created a link to URL on my desktop to the truecrypt volume mount point and gave it a nice looking drive icon.


I hope this helped some of you.

Tips and tricks

Links

Personal tools
In other languages