(i) Please refer to EncryptedFilesystems for further documentation.

Introduction

This is a guide explaining how to create a secret encrypted drive the easy way using a graphic user interface. It covers installing and using the TrueCrypt software (version 6.1) and Ubuntu 8.10 (Intrepid Ibex).

TrueCrypt is not currently available in the Ubuntu repositories.

Before we start

Why would you want to create an encrypted drive? Why not? Probably the main reason is that you have some security sensitive file that you don't want other people to have access to. An encrypted drive provides a safe place to put these kind of files so that people cannot see or access them without a password.

Why would you want to create a hidden drive? There are two main reasons. The first is because you have sensitive files as mentioned above. Perhaps you don't want people to know they exist. The second reason is more serious. Recently a number of governments have implemented laws where you can be forced to provide encryption keys to officers (for example at airports) so that they can decrypt your files. It can be a criminal offence not to provide or to claim you have forgotten these keys.

Imagine if you could comply, give them a key that they can use, decrypt some files you don't care about and still not have access to your sensitive files. Imagine if they could never prove that you were hiding any additional documents and that you could therefore show that you have been completely complaint with the law and yet still keep your files safe. This is now possible!

DISCLAIMER: I do not, and will not ever advocate breaking laws. If you fail to prove an encryption key when legally required to do so, you could breaking the law. Don't do it.

How it works

Basically, first a container encrypted drive is created. Some non sensitive files are put on this drive. The remaining space is made up of random data. Then within this random data, a second hidden drive is placed. This drive can only be accessed with a second encryption key. Without that key it should be mathematically impossible to identify whether the random data is in fact random data or a second hidden encrypted drive. It could just be free space within the first drive.

When forced under coercion to provide an encryption key, you provide the first one. They can decrypt the first container drive. They see your not so sensitive hidden files. They cannot ascertain if there is anything in the free space remaining and you have complied with the law and provided the decryption key. Provided the dummy files you have provided are interesting enough they'll probably be kept busy trying to work out why you encrypted them or simply feel happy you didn't have anything worth finding.

The TrueCrypt system is easy to use, uses very strong encryption (US government agencies are authorised to use this cipher for all levels up to top secret), and is also Windows and Mac compatible for those people who share external devices with Windows / Mac systems too.

Installing TrueCrypt

TrueCrypt is not currently available in the repositories for various reasons (possibly licensing). However, it is opensource and free for you to use. You need to download it from:

http://www.truecrypt.org/downloads.php

Go to the Linux section and select Ubuntu DEB. 86 and 64-bit versions are available. It will come in a compressed file, so you'll need to decompress it and then run the deb file. It should install itself from then. The GUI will become available in the 'other' folder in your applications menu. While you're at it, make sure you have the 'GParted' package installed too. This is the GNOME Partition Editor and is available in the normal repositories.

Two Different Types of Drive

There are two different types of drive. One is stored like a normal partition on a physical drive. The other is stored in a container file. The file can then be stored anywhere that a normal file can. It can be renamed, copied, emailed etc. For the first example, we will use a physical drive. Then I will cover creating a file too. The benefits of a drive is that you just have don't have a file lying about that could draw attention to itself. For onlookers it will appear you just have an empty unformatted drive. Maybe it's new, maybe you haven't formatted it yet (actually you are hiding stuff there). The benefit of a file is that you don't need to do any formatting or partitioning, etc. You can send, move, copy, rename the file, etc. Both systems use the same technology and are essentially just as secure, except that the file option obviously suffers from all the usual security issues with having a file.

Using the Physical Drive Method

In this example, we will use a USB key. I'm using the whole drive, you can use a partition on the key if you want, but I'm going to use the whole drive for simplicity. Make sure there is nothing on the drive you need. Then open GParted. This can be found in the System / Administration / Partition Editor menu. Ubuntu should automatically detect the device. If it has mounted existing volumes, dismount (eject) them. In GParted, find the drive in the drop down list at the top right. In my example it is /dev/sdb (117.66). If you're no sure, use the size to determine which drive. Warning, don't follow the next few steps on your primary hard disk or you could delete everything on your PC!!!

As you can see in my example, there are no partitions. That's what you want. If there are some existing ones, delete them (right click on them). Once you are finished, click on the apply button at the toolbar. It should bring you to a screen that looks something like the example. Unallocated is what you want. A disk that looks completely empty, no partitions. Remember the name of the drive (/dev/sdb in my case)

1gparted.png

Setting up the Encrypted Drives

Open TrueCrypt (Applications / Other / TrueCrypt). Select Volumes / Create New Volume... Then select "Create a volume within a partition / drive".

2create volume.png

Then select "Hidden TrueCrypt Volume".

3hidden volume.png

You will now be prompted to select your device. Click on the "Select Device..." button and select the drive that we cleared earlier (/dev/sdb in my case).

4volume location.png

Clicking on next will bring up a warning message. Provided you have selected the correct drive, there is no danger of clicking OK. Please check you have selected the correct drive before proceeding.

At this point it will ask you for the encryption type to use for the outer volume. In the example, I have used AES as it is the most common cipher. You can change it if you want.

5outer volume.png

It will now prompt you to enter the outer volume password. This is the password you might have to divulge under duress. It should not be a dictionary word and should include a combination of letters and numbers. You probably don't want to have "Display password" on as in my example.

6outer password.png

Now select your file system. I recommend FAT as it is readable in Windows as well.

7file system.png

The next screen will allow you to format this drive. Moving the mouse around a bit will allow you to generate a completely random seed to format the disk with. This fills it will random data. Finally, you will be prompted to open the outer volume.

8open outer.png

This is where you have the opportunity to place a few 'dummy' files that someone would be able to see if you provided them with the dummy key.

09Outer volume.png

When you have finished, close the browser for that drive and return to TrueCrypt. Click on "next" and you will be prompted to go through the processes again for the hidden drive.

10hidden size.png

You can just use the same encryption as you did for the first drive. Make sure that the password you use this time is different from the first one!

11secret password.png

You will need to choose a size. This is the size that the hidden drive will take up. It needs to be smaller than the container drive because it sits in its free space. In my example I've chosen 120MB so as to leave a couple of megabytes to store the dummy files in. Select FAT as the file system again and format. You have now set up your hidden drives.

16Hidden drive.png

How to Mount the Drive

There are two ways to mount the drive - automatic and manual. Automatic is less hassle but takes longer, manual requires you to select the device.

In the main TrueCrypt dialogue, select "Auto-Mount Devices". You will be prompted for your password. Here enter the password for the hidden drive (the second one you used earlier).

12mount password.png

TrueCrypt will search and find your device automatically. It will mount it in /media/truecrypt1. This is your hidden drive. Feel free to use it as you wish. Files stored there are automatically encrypted.

13mounted drive.png

Make sure you unmount it when you've finished. This can be done easily by right hand clicking on the TrueCrypt icon in the system tray and selecting "Dismount All Mounted Volumes".

14Dismount All.png

Manually Mounting

Let's manually mount a drive and also see what happens if we try to mount the outer drive. Make sure you've dismounted the hidden volume, then click on "Select Device" button in TrueCrypt. Select your drive, then click on "Mount". This time enter the first password you used.

15mount outer.png

It will mount the outer volume. Here you can see you dummy file that you used earlier. This is what other people would see you if were forced to divulge the fake key. Make sure you don't add any more data to this drive as it will write over your secret drive. In fact, after setting up the outer drive, better not to use it at all. You can open in in protected mode so that the hidden system is protected. This is done using options in the mount dialogue.

For quicker mounting, you can add mount points to your favourites so that you can quickly mount that volume by right clicking on the TrueCrypt icon in the system tray.

Using a File

Instead of using a drive, you can create an encrypted volume and a hidden volume within a file. This is done pretty much the same way as in the first example, but you select "Create an encrypted file container" in the "Create New Volume" dialogue. When mounting those volumes, you will need to select the file instead of device.

Things to Remember

Following the above instructions should allow you to set up your hidden encrypted drives. Remember, always use the second password and so the hidden volume. Only ever give away the first password. Don't write data in the container drive unless you've protected it. Make sure the dummy files look realistic or it will be harder to claim that it is you actual encrypted drive. Remember to dismount drives after you've finished using them. Operate a physical security regime.

Though it will take a very long time to brute force crack this strong encryption system, no system is ever safe against a brute force (guess every possible key) attack. Better to prevent someone coming into contact with your physical disk! Use long passwords that are a mixture of words and numbers that you can remember, other people cannot guess and are preferably not in a dictionary. For keeping a list of passwords secure, I recommend using KeePass. It is also available for Linux and Windows and uses string encryption.


CategorySecurity

TrueCrypt (last edited 2011-09-15 22:08:18 by elatllat)