As much as i adore truecrypt, installation on command-line only linux is not as simple as it should be.
So I documented the process here:
Run a quick update
#apt-get update
You need to install the libgtk2.0-0 package, even though I have no GUI installed. Truecrypt requires this, as it doesn't allow you to install command-line only.
#apt-get install libgtk2.0-0
Once this is done you'll see an error since you don't have any other gtk/gui packages installed. To fix this simeply do:
#apt-get -f install
Now on to actually install truecrypt itself.
download you specific .deb package from truecrypt.org
I'm running the 64bit os so i grabbed:
Ubuntu - x64 (64-bit) .deb
Untar the package.
#tar zxvf truecrypt-6.1a-ubuntu-x64.tar.gz
Simply run the automatic setup
#./truecrypt-6.1a-setup-ubuntu-x64
test with
#truecrypt -h
Provided that last step worked, you are now all set.
Thursday, March 26, 2009
Sunday, March 1, 2009
Truecrypt and ext4 (full disk) on Ubuntu 9.04 (Jaunty Jackalope)
While it's fairly trivial to create an encrypted container using command-line truecrypt on linux, when I began to look for documentation on how to encrypt an entire drive; I found next to nothing.
To correct this, I wrote the following walkthrough on how to do exactly that. For this I used Ubuntu 9.04 Alpha (Jaunty Jackalope) because I wanted ext4 and truecrypt6.1a.
*** Backup all your data onto a different disk; formatting this drive will erase all data! ***
Find the unencrypted drive that is associated with your chosen mount point.
#mount
/dev/sdb1 on /home/storage type ext4 (rw,noatime)
Unmount the drive you want to work on.
#umount /home/storage
Comment out the line for this drive in your fstab
#vim /etc/fstab
Create the truecrypt container. (Recommended choices in blue.)
#truecrypt -t -c /dev/sdb1
Volume type:
1) Normal
2) Hidden
Select [1]: 1 (Hidden drive not covered by this guide)
Encryption algorithm:
1) AES
2) Serpent
3) Twofish
4) AES-Twofish
5) AES-Twofish-Serpent
6) Serpent-AES
7) Serpent-Twofish-AES
8) Twofish-Serpent
Select [1]: 1 (Depending on your preference (read: level of paranoia) you may prefer another option. I chose AES because it's the fastest. Twofish would be my second choice.)
Hash algorithm:
1) RIPEMD-160
2) SHA-512
3) Whirlpool
Select [1]: 3 (Personal Preference)
Filesystem:
1) FAT
2) None
Select [1]: 1 (I ran into an issue when I tried None, I know this works when you pick FAT, but it takes longer to create the volume initially. I am going to test again and see if I can get this working with no initial formatting to speed things up.)
Enter password:
Re-enter password:
Enter keyfile path [none]:
Please type at least 320 randomly chosen characters and then press Enter:
Done: 0.071% Speed: 125 MB/s Left: 3 hours
Now you wait a while for truecrypt to build the archive and format... For my 1.5 tb drive (raid 10) it took several hours. Be patient.
Mount drive with truecrypt (This includes the arugments to use to mount a volume prompting only for its password)
#truecrypt -t -k "" --protect-hidden=no /dev/sdb1 /home/storage
Find the truecrypt dev mapper for your drive
#mount /dev/mapper/truecrypt1 on /home/storage type vfat (rw)
Now you need to unmount the that dev device
#umount /home/storage
Format in ext4
mkfs.ext4 /dev/mapper/truecrypt1
once done do a truecrypt unmount (Note this will unmount all truecrypt drives.)
#truecrypt -d
You will now be able to mount your encrypted drive with truecrypt and it will be formatted in ext4
#truecrypt -t -k "" --protect-hidden=no /dev/sdb1 /home/storage
#mount
/dev/mapper/truecrypt1 on /home/storage type ext4 (rw)
Voila! Drive is now encrypted and using ext4.
To correct this, I wrote the following walkthrough on how to do exactly that. For this I used Ubuntu 9.04 Alpha (Jaunty Jackalope) because I wanted ext4 and truecrypt6.1a.
*** Backup all your data onto a different disk; formatting this drive will erase all data! ***
Find the unencrypted drive that is associated with your chosen mount point.
#mount
/dev/sdb1 on /home/storage type ext4 (rw,noatime)
Unmount the drive you want to work on.
#umount /home/storage
Comment out the line for this drive in your fstab
#vim /etc/fstab
Create the truecrypt container. (Recommended choices in blue.)
#truecrypt -t -c /dev/sdb1
Volume type:
1) Normal
2) Hidden
Select [1]: 1 (Hidden drive not covered by this guide)
Encryption algorithm:
1) AES
2) Serpent
3) Twofish
4) AES-Twofish
5) AES-Twofish-Serpent
6) Serpent-AES
7) Serpent-Twofish-AES
8) Twofish-Serpent
Select [1]: 1 (Depending on your preference (read: level of paranoia) you may prefer another option. I chose AES because it's the fastest. Twofish would be my second choice.)
Hash algorithm:
1) RIPEMD-160
2) SHA-512
3) Whirlpool
Select [1]: 3 (Personal Preference)
Filesystem:
1) FAT
2) None
Select [1]: 1 (I ran into an issue when I tried None, I know this works when you pick FAT, but it takes longer to create the volume initially. I am going to test again and see if I can get this working with no initial formatting to speed things up.)
Enter password:
Re-enter password:
Enter keyfile path [none]:
Please type at least 320 randomly chosen characters and then press Enter:
Done: 0.071% Speed: 125 MB/s Left: 3 hours
Now you wait a while for truecrypt to build the archive and format... For my 1.5 tb drive (raid 10) it took several hours. Be patient.
Mount drive with truecrypt (This includes the arugments to use to mount a volume prompting only for its password)
#truecrypt -t -k "" --protect-hidden=no /dev/sdb1 /home/storage
Find the truecrypt dev mapper for your drive
#mount /dev/mapper/truecrypt1 on /home/storage type vfat (rw)
Now you need to unmount the that dev device
#umount /home/storage
Format in ext4
mkfs.ext4 /dev/mapper/truecrypt1
once done do a truecrypt unmount (Note this will unmount all truecrypt drives.)
#truecrypt -d
You will now be able to mount your encrypted drive with truecrypt and it will be formatted in ext4
#truecrypt -t -k "" --protect-hidden=no /dev/sdb1 /home/storage
#mount
/dev/mapper/truecrypt1 on /home/storage type ext4 (rw)
Voila! Drive is now encrypted and using ext4.
cat /dev/null >> /dev/random
Or out of nothing comes randomness.
This is a little experiment I'm trying. I intend to use this space to document various technical projects I'm working on, along with instructions to act as a guide if anyone else should like to try them as well.
Despite the link name these will be more than just crypto projects. That's why I chose the title /dev/random. This will hopefully become a collection of random technical and not technical projects as I work on them.
Anyway, if there is anything useful on this page at the time you're reading this, I hope you enjoy it.
Cheers
-buho
This is a little experiment I'm trying. I intend to use this space to document various technical projects I'm working on, along with instructions to act as a guide if anyone else should like to try them as well.
Despite the link name these will be more than just crypto projects. That's why I chose the title /dev/random. This will hopefully become a collection of random technical and not technical projects as I work on them.
Anyway, if there is anything useful on this page at the time you're reading this, I hope you enjoy it.
Cheers
-buho
Subscribe to:
Posts (Atom)
Posts
