Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HowTo (v 1.0.2): TrueCrypt encryption: Windows XP and Linux
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Pergamon
Tux's lil' helper
Tux's lil' helper


Joined: 01 Feb 2004
Posts: 117

PostPosted: Sat Nov 05, 2005 11:42 am    Post subject: HowTo (v 1.0.2): TrueCrypt encryption: Windows XP and Linux Reply with quote

TrueCrypt 4.0

Update: An ebuild is currently been tested at Bugs.Gentoo.Org. However this seems to be still work-in-progress.

Truecrypt is an ideal tool if you plan to exchange volume based encrypted data between Windows and Linux. It allows to create encrypted volumes within a file or partition and mount them from both Linux and Windows. The encrypted file system can reside for examle within a file on an USB stick, or the entire USB stick can be an encrypted volume.

Additionally, TrueCrypt supports hidden crypted volumes within an encrypted volume. Those hidden volumes can never be detected even if the password of the outer volume gets compromised - the hidden volume is indistingushable from random data.

Currently, there is no ebuild available for truecrypt 4.0 www.truecrypt.org.

This (hopefully soon obsolete) howto helps setting up truecrypt while there is no ebuild.

Manual compilation

First, go to the download page of truecrypt: http://www.truecrypt.org/downloads.php
an get the source code of truecrypt:

http://www.truecrypt.org/downloads/truecrypt-4.0-source-code.tar.gz

Code:
cd ~
mkdir truecrypt
cd truecrypt
gzip -dc <path-to-your-download>/truecrypt-4.0-source-code-tar.gz | tar xvf -
cd truecrypt-4.0/Linux
# Edit build.sh and replace occurences of "- 1" with "-n 1", otherwise you will get warnings.
su
./build.sh
./install.sh

Chose /usr/bin as installation path for the executables and /usr/share/man for man files.
Thats it.

Documentation

Code:
man truecrypt

explains how to use it.

There es an excellent user documentation, that easily rivals the quality of commercial products available at: TrueCrypt user guide

I tested with XP, created an encrypted file system on an USB stick, mounted it on linux and with
Code:
truecrypt /mnt/stick/my-encrypted-volume /mnt/crypt

files are easily accessible.

Current limitations with Linux

Currently, there is one limitation for the linux implementation: In order to create a new volume (either partition based or within a file) you have to use Windows XP. Once a truecrypt volume is created, its file system and the content can be changed with the linux implementation.

Howfully this howto is soon rendered obsolete by a nice truecrypt ebuild!

Changes

v 1.0.1: Corrected error concerning possibility of creating new volumes with linux
v 1.0.2: Link zu ebuild in bug database


Last edited by Pergamon on Wed Nov 16, 2005 9:46 am; edited 2 times in total
Back to top
View user's profile Send private message
gruemelmonster
n00b
n00b


Joined: 05 Oct 2004
Posts: 4

PostPosted: Sat Nov 05, 2005 1:36 pm    Post subject: Reply with quote

Quote:
Of course encrypted volumes can also be created with Linux


How do you do that??? I read that manpage and could not find anything about how to create a volume..
Maybe im just blind...
Back to top
View user's profile Send private message
mahdi1234
Guru
Guru


Joined: 19 Feb 2005
Posts: 559
Location: Being There

PostPosted: Sat Nov 05, 2005 7:05 pm    Post subject: Reply with quote

same problem is discussed in main product's forum http://www.truecrypt.org/forum.php so i guess it doesn't work under linux yet ;(.
Back to top
View user's profile Send private message
Pergamon
Tux's lil' helper
Tux's lil' helper


Joined: 01 Feb 2004
Posts: 117

PostPosted: Sun Nov 06, 2005 9:05 am    Post subject: Correct: truecrypt cannot create new volumes with Linux Reply with quote

Unfortunately it seems you are both right: for the moment it seems like truecrypt cannot create new volumes under Linux. So at this point we have to rely on Windows.

I change the howto to reflect this.

Thanks.
Back to top
View user's profile Send private message
rschwarze
n00b
n00b


Joined: 01 Jul 2005
Posts: 63
Location: Germany

PostPosted: Sun Nov 06, 2005 3:48 pm    Post subject: Reply with quote

Hi,

I followed the howto and installed truecrypt. But when I try to mount a trecrypt file i get the following error:
Code:
truecrypt /media/MAXTORFAT32/crypto.tc /mnt/crypt
Enter password for '/media/MAXTORFAT32/crypto.tc':

Code:
truecrypt: No free loopback device available for file-hosted volume


any suggestions?
Back to top
View user's profile Send private message
DOSBoy
Tux's lil' helper
Tux's lil' helper


Joined: 26 Jun 2005
Posts: 84

PostPosted: Mon Nov 07, 2005 7:03 am    Post subject: Reply with quote

Does your kernel have support for loopback filesystems?
Back to top
View user's profile Send private message
Martux
Veteran
Veteran


Joined: 04 Feb 2005
Posts: 1917

PostPosted: Tue Nov 08, 2005 3:10 pm    Post subject: Reply with quote

rschwarze wrote:
Quote:

Code:
   
truecrypt: No free loopback device available for file-hosted volume



I've got the same problem. The only fix seems to be mounting as root (even if you said users should be able to mount it)...
hth, marcus
_________________
"Coincidence is God's way of remaining anonymous."
Albert Einstein
"The road to success is always under construction"
Back to top
View user's profile Send private message
rschwarze
n00b
n00b


Joined: 01 Jul 2005
Posts: 63
Location: Germany

PostPosted: Tue Nov 08, 2005 8:02 pm    Post subject: Reply with quote

yes, with root it works.
Back to top
View user's profile Send private message
webmaxx
n00b
n00b


Joined: 30 Apr 2005
Posts: 33
Location: Germany

PostPosted: Sun Jan 01, 2006 1:00 am    Post subject: Reply with quote

I am able to mount a truecrypt volume as a normal user.

I'm using sudo and allowed my useraccount to execute mount (and put an alias in my ~/.bashrc).

With truecrypt --mount-options uid=<USERID> /.../truecrypt.tc /home/... the user can also fully access the files.
Back to top
View user's profile Send private message
rschwarze
n00b
n00b


Joined: 01 Jul 2005
Posts: 63
Location: Germany

PostPosted: Mon Apr 24, 2006 3:47 am    Post subject: Reply with quote

in the new version, 4.2, its actually fully working under linux!

can someone consider making an ebuild? that would be great!

thanks, roman
Back to top
View user's profile Send private message
mahdi1234
Guru
Guru


Joined: 19 Feb 2005
Posts: 559
Location: Being There

PostPosted: Mon Apr 24, 2006 8:59 pm    Post subject: Reply with quote

rschwarze wrote:
in the new version, 4.2, its actually fully working under linux!

can someone consider making an ebuild? that would be great!

thanks, roman


in fact there's already ebuild for quite a long time, recently updated to 4.2 - check https://bugs.gentoo.org/show_bug.cgi?id=112197

If you don't know how to use portage overlay search for something like gentoo + wiki + portage overlay.
Back to top
View user's profile Send private message
rschwarze
n00b
n00b


Joined: 01 Jul 2005
Posts: 63
Location: Germany

PostPosted: Tue Apr 25, 2006 5:03 pm    Post subject: Reply with quote

I know how to use an overlay.

i would just like to have it in regular portage and i thought, now that everything works without windows, it would be possible to include it in portage.

edit: but thank you very much for pointing me to the ebuild :) its still easier than installing it by hand.
btw: ebuild works great.
Back to top
View user's profile Send private message
palmer
Guru
Guru


Joined: 17 Nov 2004
Posts: 322
Location: Berkeley, CA

PostPosted: Sat May 20, 2006 8:51 pm    Post subject: Reply with quote

Anybody gotten it to create a file under linux?

truecrypt -c is stuck at the "enough entropy available in the kernel"
The % meter goes up to ~50%, then falls back to the single digits
The file is only 1mb, and has been running for ~20mins

I have tried different hash and encryption algorithms

EDIT: It's been going for ~4 hours now

-palmem
Back to top
View user's profile Send private message
vitaming
n00b
n00b


Joined: 11 May 2006
Posts: 9

PostPosted: Wed May 24, 2006 3:28 pm    Post subject: Reply with quote

palmem wrote:
Anybody gotten it to create a file under linux?

truecrypt -c is stuck at the "enough entropy available in the kernel"
The % meter goes up to ~50%, then falls back to the single digits
The file is only 1mb, and has been running for ~20mins

I have tried different hash and encryption algorithms

EDIT: It's been going for ~4 hours now

-palmem


the message said also something like "press any keys or move the mouse to increase entropy".
For me the encryption also didn't start when I was logged in remotely - I had to go to the physical mashine and hammer on the keybord for quite a while :).
Back to top
View user's profile Send private message
quag7
Apprentice
Apprentice


Joined: 12 Aug 2002
Posts: 288
Location: Marana, Arizona - USA

PostPosted: Wed May 24, 2006 6:10 pm    Post subject: Reply with quote

Thanks for the ebuild; I have it working here...

Creating a container:

Code:

[quag7@antarctica] /mnt/priv/cabinets : truecrypt -c testcabinet       
Volume type:
 1) Normal
 2) Hidden
Select [1]: 1

Filesystem:
 1) FAT
 2) None
Select [1]: 2

Enter volume size (bytes - size/sizeK/sizeM/sizeG): 100M

Hash algorithm:
 1) RIPEMD-160
 2) SHA-1
 3) Whirlpool
Select [1]: 2

Encryption algorithm:
 1) AES
 2) Blowfish
 3) CAST5
 4) Serpent
 5) Triple DES
 6) Twofish
 7) AES-Twofish
 8) AES-Twofish-Serpent
 9) Serpent-AES
10) Serpent-Twofish-AES
11) Twofish-Serpent
Select [1]: 2

Enter password for new volume 'testcabinet':
Re-enter password:

Done: 99.42 MB  Speed: 6.77 MB/s  Left: 0:00:00 
Volume created.



Container created:

Code:

[quag7@antarctica] /mnt/priv/cabinets : ls -al
total 102512
drwxr-xr-x  2 quag7 quagworks       4096 May 24 10:36 .
drwxrwx--- 15 quag7 restricted      4096 May 24 09:35 ..
-rw-r--r--  1 quag7 quagworks  104857600 May 24 10:36 testcabinet


Attempt to mount the container for formatting:

Code:

[root@antarctica] /mnt/priv/cabinets : truecrypt --filesystem ext3 ./testcabinet /mnt/cabinet
Enter password for '/mnt/priv/cabinets/./testcabinet':
mount: wrong fs type, bad option, bad superblock on /dev/mapper/truecrypt0,
       missing codepage or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

truecrypt: Mount failed


However, mapping is accessible via /dev/mapper/truecrypt0 and the mount was just a partial failure. Or at least, for our purposes, the mapping will allow formatting even though the mount technically failed.

Creating an ext3 filesystem on the container so it will mount:

Code:

[root@antarctica] /mnt/priv/cabinets : mke2fs -j /dev/mapper/truecrypt0
mke2fs 1.38 (30-Jun-2005)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
25688 inodes, 102396 blocks
5119 blocks (5.00%) reserved for the super user
First data block=1
13 block groups
8192 blocks per group, 8192 fragments per group
1976 inodes per group
Superblock backups stored on blocks:
        8193, 24577, 40961, 57345, 73729

Writing inode tables: done                           
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.


First, ensure that everything is unmounted. Even though the above message says the mount failed, truecrypt still thinks it is mounted since it is mapped:

Code:

[root@antarctica] /mnt/priv/cabinets : truecrypt -d


Mount the container:

Code:

[root@antarctica] /mnt/priv/cabinets : truecrypt ./testcabinet /mnt/cabinet/
Enter password for '/mnt/priv/cabinets/./testcabinet':


The container is ready for use:

Code:

[root@antarctica] /mnt/cabinet : ls -al
total 17
drwxr-xr-x  3 root root  1024 May 24 10:42 .
drwxr-xr-x 14 root root  4096 May 24 09:41 ..
drwx------  2 root root 12288 May 24 10:42 lost+found


Just to make sure we're looking at the container:

Code:

[root@antarctica] /mnt/cabinet : touch "We were somewhere around Barstow on the edge of the desert..."
[root@antarctica] /mnt/cabinet : ls -al
total 17
drwxr-xr-x  3 root root  1024 May 24 10:57 .
drwxr-xr-x 14 root root  4096 May 24 09:41 ..
-rw-r--r--  1 root root     0 May 24 10:57 We were somewhere around Barstow on the edge of the desert...
drwx------  2 root root 12288 May 24 10:42 lost+found

[root@antarctica] /mnt/cabinet : cd ..
[root@antarctica] /mnt : truecrypt -d
[root@antarctica] /mnt : cd cabinet/
[root@antarctica] /mnt/cabinet : ls -al
total 8
drwx------  2 quag7 quag7 4096 May 24 09:41 .
drwxr-xr-x 14 root  root  4096 May 24 09:41 ..
[root@antarctica] /mnt/cabinet :


So, Barstow and lost+found are gone (as should be normal since we unmounted the container), so this is now just an unused mountpoint; an empty directory.

Now, I remount and look at the directory of the container:

Code:

[root@antarctica] /mnt/priv/cabinets : truecrypt ./testcabinet /mnt/cabinet
Enter password for '/mnt/priv/cabinets/./testcabinet':
[root@antarctica] /mnt/priv/cabinets : cd /mnt/cabinet
[root@antarctica] /mnt/cabinet : ls -al
total 17
drwxr-xr-x  3 root root  1024 May 24 10:57 .
drwxr-xr-x 14 root root  4096 May 24 09:41 ..
-rw-r--r--  1 root root     0 May 24 10:57 We were somewhere around Barstow on the edge of the desert...
drwx------  2 root root 12288 May 24 10:42 lost+found
[root@antarctica] /mnt/cabinet :


Don't know if this is helpful to anyone. I didn't get any messages related to entropy in the kernel, so I can't help with that unfortunately. A 100 megabyte container took perhaps 10 or 15 seconds total to create on my Celeron 1 GHz, and formatted almost instantly.

I haven't used it long enough to have any comments on reliability. The forums on the Truecrypt site suggest there may be a lot of instability yet, and a lot of problems, so don't feel too bad if you're one of those people. I was personally thrown by the file system creation. I used --filesystem ext3 when I issued truecrypt -c but this was not actually creating the filesystem; hence the traditional mke2fs -j command, which works fine.

However, container creation *does* work natively in Linux, at least on my machine. Windows isn't necessary.

Make sure you have the latest ebuild from bugzilla and that you have Device Mapper support enabled in your kernel, as well as whatever filesystems you want to use for your containers:

Code:

Device Drivers
    Multi-Device Support
        <*> Device mapper support

_________________
http://www.dataswamp.net
Back to top
View user's profile Send private message
palmer
Guru
Guru


Joined: 17 Nov 2004
Posts: 322
Location: Berkeley, CA

PostPosted: Sun May 28, 2006 6:58 pm    Post subject: Reply with quote

vitaming wrote:

the message said also something like "press any keys or move the mouse to increase entropy".
For me the encryption also didn't start when I was logged in remotely - I had to go to the physical mashine and hammer on the keybord for quite a while :).


During those 4 hours, I used the computer as normal (I typed ~1pg of homework, browsed the web, etc)
I think something's broken...


Code:
 Device Drivers
     Multi-Device Support
         <*> Device mapper support


What kernel are you using?

I am using genkernel with 2.6.16-gentoo-r3
There is no multi-device support in the options

The ebuild wants to install sys-fs/device-mapper

-palmem[/code]
Back to top
View user's profile Send private message
Gergan Penkov
Veteran
Veteran


Joined: 17 Jul 2004
Posts: 1464
Location: das kleinste Kuhdorf Deutschlands :)

PostPosted: Sun May 28, 2006 9:12 pm    Post subject: Reply with quote

just using the ebuild from bugzilla, I was able to create already three volumes with whirlpool-hash and serpent, without any problems and they work just fine here.
I'm still not certain, which hashes are better and, which encryption algorithms to use, if anyone could explain this a little bit better, as in the documentation there are only key-lengths, which does not mean in fact anything.
_________________
"I knew when an angel whispered into my ear,
You gotta get him away, yeah
Hey little bitch!
Be glad you finally walked away or you may have not lived another day."
Godsmack
Back to top
View user's profile Send private message
Darknight
Guru
Guru


Joined: 26 Jan 2004
Posts: 483
Location: Italy

PostPosted: Sat Sep 16, 2006 11:39 pm    Post subject: Reply with quote

I'll just give you a few pointers, besides you probably don't need them anymore (someone else may benefit).
All that follows is IMHO with no assumption regarding its completeness...
Some of the "best" algorithms for encryption are: blowfish, twofish, aes, serpent, this list should more or less be in order of quickest->slowest and, to some extent secure->more secure.
As a general rule you will use blowfish for the stuff you don't want your roommate or mom to see (it's already overkill) or where speed is most needed.
Key length is an important factor,the bigger the key the more difficult decrypting becomes for an attacker. Always use the maximum key size for your chosen algorithm.
Most hashes work well, the "sha" series are among the most used.
Back to top
View user's profile Send private message
ivanova
Apprentice
Apprentice


Joined: 12 Apr 2004
Posts: 158
Location: South Africa

PostPosted: Thu Sep 28, 2006 8:40 am    Post subject: Reply with quote

rschwarze wrote:
Hi,

I followed the howto and installed truecrypt. But when I try to mount a trecrypt file i get the following error:
Code:
truecrypt /media/MAXTORFAT32/crypto.tc /mnt/crypt
Enter password for '/media/MAXTORFAT32/crypto.tc':

Code:
truecrypt: No free loopback device available for file-hosted volume


any suggestions?

make sure the loop module is loaded with:
Code:
modprobe loop

_________________
Ladies and Gentlemen... we are floating in space.
Back to top
View user's profile Send private message
fire-fly
n00b
n00b


Joined: 15 Jan 2007
Posts: 2

PostPosted: Mon Jan 15, 2007 9:10 am    Post subject: Reply with quote

Hi quag7

I did as you mentioned,

Code:

[root@antarctica] /mnt/priv/cabinets : truecrypt ./testcabinet /mnt/cabinet/
Enter password for '/mnt/priv/cabinets/./testcabinet':


However, the ownership becomes root, athough I login as an odinary user.
How do I mount it with other ownershitp ?

By the way I am using FC4

Thanks in advance.

Cheers
Fire-fly
Back to top
View user's profile Send private message
ronmon
Veteran
Veteran


Joined: 15 Apr 2002
Posts: 1043
Location: Key West, FL

PostPosted: Mon Jan 15, 2007 8:26 pm    Post subject: Reply with quote

Can't get any decent help in the Fedora forums? No big surprise there :)

Here's how I mount mine as a user in the "adm" group and assign rwx permissions to that group.

First, I edited my sudoers with "visudo" and added this:
Code:

# Truecrypt
%adm    localhost=(root) NOPASSWD: /usr/bin/truecrypt /home/vcr/v /home/vcr/m,/usr/bin/truecrypt -d
%adm    localhost=(root) NOPASSWD: /usr/bin/chgrp adm /home/vcr/m,/usr/bin/chmod 770 /home/vcr/m


Then, I simplified things with a couple aliases in my ~/.bashrc:
Code:

alias con="sudo truecrypt /home/vcr/v /home/vcr/m && \
            sudo chgrp adm /home/vcr/m && \
            sudo chmod 770 /home/vcr/m"
alias cof="sudo truecrypt -d"

You'll get prompted for the truecrypt password. Of course you need to adjust those to point to wherever you have set up your truecrypt volume and mountpoint.
_________________
Ask Questions the Smart Way - by ESR
Back to top
View user's profile Send private message
saturday
Apprentice
Apprentice


Joined: 20 Dec 2004
Posts: 246
Location: de/munich/home

PostPosted: Tue Jan 16, 2007 9:45 pm    Post subject: Reply with quote

I did "chmod 4755 /usr/bin/truecrypt" to be able to mount truecrypt volumes as user.

But I don't think that's a recommended way to do it. There may be security concerns, but I don't know enough about it to be able to evaluate this.
Back to top
View user's profile Send private message
fire-fly
n00b
n00b


Joined: 15 Jan 2007
Posts: 2

PostPosted: Wed Jan 17, 2007 1:30 pm    Post subject: Reply with quote

Hi Ronmon,Apprentice
thanks for the suggestions, I will try the suggestions later, a bit busy with my work.
Anyway I forgot to mention I complied with the option, user is able to doing mounting.

I believe it is a bug, when mounting ext3,
becuase truecrpte -d works with FAT!

I will update you guys
Thanks!
Back to top
View user's profile Send private message
ronmon
Veteran
Veteran


Joined: 15 Apr 2002
Posts: 1043
Location: Key West, FL

PostPosted: Wed Jan 17, 2007 9:08 pm    Post subject: Reply with quote

Linux file systems understand permissions, FAT does not. That's the difference. Using setuid is not a good idea, for security reasons.
_________________
Ask Questions the Smart Way - by ESR
Back to top
View user's profile Send private message
smypee
n00b
n00b


Joined: 11 Oct 2003
Posts: 64
Location: Zurich

PostPosted: Sun Feb 18, 2007 8:09 am    Post subject: Reply with quote

I successfully created a encrypted volume (with no file system). I can mount this volume but when I try to format it using
Code:
mke2fs -j /dev/mapper/truecrypt0
my system freezes hard. Only thing I can do is reset the machine. The encrypted volume is located on a USB disk.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum