|
Size: 2431
Comment:
|
Size: 3587
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ## How to create a hidden encrypted volume with Truecrypt attachment:IconsPage/PicDocs.png |
#title Hidden encrypted volume with Truecrypt |
| Line 4: | Line 3: |
| = Encrypted filesystems and hidden volume = | ||<rowbgcolor="#FFF280"> {i} Please refer to EncryptedFilesystems for further documentation.|| |
| Line 6: | Line 5: |
| There is [https://help.ubuntu.com/community/Security a lot of documentation] on how to create an encrypted volume. However, a significant problem caused by most of the existing implementations is that the owner of the data may be forced to reveal the password used to encrypt the data. | ||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; background-repeat: no-repeat; background-position: 98% 0.5ex; margin: 0 0 1em 1em; padding: 0.5em;"><<TableOfContents>>|| |
| Line 8: | Line 7: |
| To address this, different projects exist to implement some [http://en.wikipedia.org/wiki/Steganography steganography] mechanisms, but at the time of writing, only [http://www.truecrypt.org Truecrypt] is full-featured and production quality. | For instructions on using the new TrueCrypt GUI, please see [[https://help.ubuntu.com/community/TrueCrypt|TrueCrypt GUI]] |
| Line 10: | Line 9: |
| [http://www.truecrypt.org Truecrypt] is a free open-source disk encryption software available on Ubuntu. | There is [[https://help.ubuntu.com/community/Security|a lot of documentation]] on how to create an encrypted volume. However, a significant problem caused by most of the existing implementations is that the owner of the data may be forced to reveal the password used to encrypt the data. To address this, different projects exist to implement some [[http://en.wikipedia.org/wiki/Steganography|steganography]] mechanisms, but at the time of writing, only [[http://www.truecrypt.org|Truecrypt]] is full-featured and production quality. [[http://www.truecrypt.org|Truecrypt]] is a free open-source disk encryption software available on Ubuntu. |
| Line 13: | Line 16: |
| More information is available at [http://www.truecrypt.org/hiddenvolume.php]. | More information is available at [[http://www.truecrypt.org/hiddenvolume.php]]. |
| Line 15: | Line 18: |
| This page is based on the truecrypt 4.3a man page and intents to give a short recipe to implement [http://www.truecrypt.org Truecrypt] hidden volumes on Ubuntu. | This page is mostly based on the ''man page'' of ''truecrypt 4.3a'' and intents to give a short recipe to implement [[http://www.truecrypt.org|Truecrypt]] hidden volumes on Ubuntu. Note: So far the 5.x releases(5.1a is current) of Truecrypt will not create hidden partitions on linux or OS X, although they will read them. Reimplementing hidden partitions is planned for the future, though. Also, most of these CLI switches no longer work with 5.x. Your best bet is to use `-t` and manually make the selections if you need CLI support. |
| Line 19: | Line 24: |
| 0. Install Truecrypt:{{{ sudo apt-get install truecrypt |
0. Download and install [[http://www.truecrypt.org|Truecrypt]] 0. Create an outer volume (ex: on ''/dev/sdb1''):{{{ truecrypt --filesystem none --type normal --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1 #In truecrypt 5.1a: truecrypt --text --filesystem=none --volume-type=normal --encryption=AES --hash=SHA-1 --random-source=/dev/urandom -c /dev/sdb1 |
| Line 22: | Line 31: |
| 0. Create an outer volume:{{{ truecrypt --filesystem none --type normal --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1 }}} 0. Map the corresponding crypto device, but do not mount it:{{{ |
0. Map the corresponding volume (ex: on ''/dev/sdb1''), but do not mount it:{{{ |
| Line 27: | Line 33: |
| truecrypt --text --list #To see where was this mounted (/dev/mapper/truecrypt0 or /dev/loop0) | |
| Line 34: | Line 41: |
| 0. Create a (ex: 50M) hidden volume:{{{ | 0. Create a (ex: 50M) hidden volume within the outer volume (ex: on ''/dev/sdb1''):{{{ |
| Line 37: | Line 44: |
| 0. Map the corresponding crypto device, but do not mount it:{{{ | 0. Map the corresponding hidden volume (ex: on ''/dev/sdb1''), but do not mount it:{{{ |
| Line 40: | Line 47: |
| 0. Format hidden volume with a filesystem recognised by mount(8):{{{ | 0. Format the hidden volume with a filesystem recognised by ''mount(8)'':{{{ |
| Line 46: | Line 53: |
| 0. Mount the outer volume with the hidden volume protected:{{{ | 0. Mount the outer volume (ex: ''/dev/sdb1'' on ''/mnt/tc'') with the hidden volume protected:{{{ |
| Line 55: | Line 62: |
| 0. Mount either volume and enjoy:{{{ | 0. Mount either volume (ex: ''/dev/sdb1'' on ''/mnt/tc'') and enjoy:{{{ |
|
Please refer to Contents |
For instructions on using the new TrueCrypt GUI, please see TrueCrypt GUI
There is a lot of documentation on how to create an encrypted volume. However, a significant problem caused by most of the existing implementations is that the owner of the data may be forced to reveal the password used to encrypt the data.
To address this, different projects exist to implement some steganography mechanisms, but at the time of writing, only Truecrypt is full-featured and production quality.
Truecrypt is a free open-source disk encryption software available on Ubuntu. It offers a convenient hidden volumes management that includes protection against damages.
More information is available at http://www.truecrypt.org/hiddenvolume.php.
This page is mostly based on the man page of truecrypt 4.3a and intents to give a short recipe to implement Truecrypt hidden volumes on Ubuntu.
Note: So far the 5.x releases(5.1a is current) of Truecrypt will not create hidden partitions on linux or OS X, although they will read them. Reimplementing hidden partitions is planned for the future, though. Also, most of these CLI switches no longer work with 5.x. Your best bet is to use -t and manually make the selections if you need CLI support.
Truecrypt hidden volumes
Download and install Truecrypt
Create an outer volume (ex: on /dev/sdb1):
truecrypt --filesystem none --type normal --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1 #In truecrypt 5.1a: truecrypt --text --filesystem=none --volume-type=normal --encryption=AES --hash=SHA-1 --random-source=/dev/urandom -c /dev/sdb1
Map the corresponding volume (ex: on /dev/sdb1), but do not mount it:
truecrypt /dev/sdb1 truecrypt --text --list #To see where was this mounted (/dev/mapper/truecrypt0 or /dev/loop0)
Format outer volume with FAT:
sudo mkfs.vfat /dev/mapper/truecrypt0
Dismount the volume:
truecrypt -d
Create a (ex: 50M) hidden volume within the outer volume (ex: on /dev/sdb1):
truecrypt --filesystem none --type hidden --size 50M --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1
Map the corresponding hidden volume (ex: on /dev/sdb1), but do not mount it:
truecrypt /dev/sdb1 # (use the hidden password)
Format the hidden volume with a filesystem recognised by mount(8):
sudo mkfs.xfs /dev/mapper/truecrypt0
Dismount the hidden volume:
truecrypt -d
Mount the outer volume (ex: /dev/sdb1 on /mnt/tc) with the hidden volume protected:
truecrypt -P /dev/sdb1 /mnt/tc
Copy files to the outer volume:
cp outer_volume_file.txt /mnt/tc
Dismount the outer volume:
truecrypt -d
Mount either volume (ex: /dev/sdb1 on /mnt/tc) and enjoy:
truecrypt /dev/sdb1 /mnt/tc # (use the password relevant to the volume you want to mount)