While it's fairly trivial to create an encrypted container using command-line truecrypt on linux, when I began to look for documentation on how to encrypt an entire drive; I found next to nothing.
To correct this, I wrote the following walkthrough on how to do exactly that. For this I used Ubuntu 9.04 Alpha (Jaunty Jackalope) because I wanted ext4 and truecrypt6.1a.
*** Backup all your data onto a different disk; formatting this drive will erase all data! ***
Find the unencrypted drive that is associated with your chosen mount point.
#mount
/dev/sdb1 on /home/storage type ext4 (rw,noatime)
Unmount the drive you want to work on.
#umount /home/storage
Comment out the line for this drive in your fstab
#vim /etc/fstab
Create the truecrypt container. (Recommended choices in blue.)
#truecrypt -t -c /dev/sdb1
Volume type:
1) Normal
2) Hidden
Select [1]: 1 (Hidden drive not covered by this guide)
Encryption algorithm:
1) AES
2) Serpent
3) Twofish
4) AES-Twofish
5) AES-Twofish-Serpent
6) Serpent-AES
7) Serpent-Twofish-AES
8) Twofish-Serpent
Select [1]: 1 (Depending on your preference (read: level of paranoia) you may prefer another option. I chose AES because it's the fastest. Twofish would be my second choice.)
Hash algorithm:
1) RIPEMD-160
2) SHA-512
3) Whirlpool
Select [1]: 3 (Personal Preference)
Filesystem:
1) FAT
2) None
Select [1]: 1 (I ran into an issue when I tried None, I know this works when you pick FAT, but it takes longer to create the volume initially. I am going to test again and see if I can get this working with no initial formatting to speed things up.)
Enter password:
Re-enter password:
Enter keyfile path [none]:
Please type at least 320 randomly chosen characters and then press Enter:
Done: 0.071% Speed: 125 MB/s Left: 3 hours
Now you wait a while for truecrypt to build the archive and format... For my 1.5 tb drive (raid 10) it took several hours. Be patient.
Mount drive with truecrypt (This includes the arugments to use to mount a volume prompting only for its password)
#truecrypt -t -k "" --protect-hidden=no /dev/sdb1 /home/storage
Find the truecrypt dev mapper for your drive
#mount /dev/mapper/truecrypt1 on /home/storage type vfat (rw)
Now you need to unmount the that dev device
#umount /home/storage
Format in ext4
mkfs.ext4 /dev/mapper/truecrypt1
once done do a truecrypt unmount (Note this will unmount all truecrypt drives.)
#truecrypt -d
You will now be able to mount your encrypted drive with truecrypt and it will be formatted in ext4
#truecrypt -t -k "" --protect-hidden=no /dev/sdb1 /home/storage
#mount
/dev/mapper/truecrypt1 on /home/storage type ext4 (rw)
Voila! Drive is now encrypted and using ext4.
Showing posts with label linux. Show all posts
Showing posts with label linux. Show all posts
Sunday, March 1, 2009
cat /dev/null >> /dev/random
Or out of nothing comes randomness.
This is a little experiment I'm trying. I intend to use this space to document various technical projects I'm working on, along with instructions to act as a guide if anyone else should like to try them as well.
Despite the link name these will be more than just crypto projects. That's why I chose the title /dev/random. This will hopefully become a collection of random technical and not technical projects as I work on them.
Anyway, if there is anything useful on this page at the time you're reading this, I hope you enjoy it.
Cheers
-buho
This is a little experiment I'm trying. I intend to use this space to document various technical projects I'm working on, along with instructions to act as a guide if anyone else should like to try them as well.
Despite the link name these will be more than just crypto projects. That's why I chose the title /dev/random. This will hopefully become a collection of random technical and not technical projects as I work on them.
Anyway, if there is anything useful on this page at the time you're reading this, I hope you enjoy it.
Cheers
-buho
Subscribe to:
Comments (Atom)
Posts
