|
Size: 3354
Comment:
|
Size: 3244
Comment: Removed outdated part. Added link to GUI page.
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| #title Hidden encrypted volume with Truecrypt | #title Hidden encrypted volume with Truecrypt (command line) ||<rowbgcolor="#FFF280"> {i} Please refer to EncryptedFilesystems for further documentation.|| |
| Line 4: | Line 6: |
For instructions on using the new TrueCrypt GUI, please see [[https://help.ubuntu.com/community/TrueCrypt|TrueCrypt GUI]] |
|
| Line 16: | Line 20: |
| Note: So far the 5.x releases(5.1a is current) of Truecrypt will not create hidden partitions on linux or OS X, although they will read them. Reimplementing hidden partitions is planned for the future, though. Also, most of these CLI switches no longer work with 5.x. Your best bet is to use `-t` and manually make the selections if you need CLI support. |
|
| Line 20: | Line 22: |
| 0. Install [[http://www.truecrypt.org|Truecrypt]] }}} |
0. Download and install [[http://www.truecrypt.org|Truecrypt]] |
|
Please refer to Contents |
For instructions on using the new TrueCrypt GUI, please see TrueCrypt GUI
There is a lot of documentation on how to create an encrypted volume. However, a significant problem caused by most of the existing implementations is that the owner of the data may be forced to reveal the password used to encrypt the data.
To address this, different projects exist to implement some steganography mechanisms, but at the time of writing, only Truecrypt is full-featured and production quality.
Truecrypt is a free open-source disk encryption software available on Ubuntu. It offers a convenient hidden volumes management that includes protection against damages.
More information is available at http://www.truecrypt.org/hiddenvolume.php.
This page is mostly based on the man page of truecrypt 4.3a and intents to give a short recipe to implement Truecrypt hidden volumes on Ubuntu.
Truecrypt hidden volumes
Download and install Truecrypt
Create an outer volume (ex: on /dev/sdb1):
truecrypt --filesystem none --type normal --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1 #In truecrypt 5.1a: truecrypt --text --filesystem=none --volume-type=normal --encryption=AES --hash=SHA-1 --random-source=/dev/urandom -c /dev/sdb1
Map the corresponding volume (ex: on /dev/sdb1), but do not mount it:
truecrypt /dev/sdb1 truecrypt --text --list #To see where was this mounted (/dev/mapper/truecrypt0 or /dev/loop0)
Format outer volume with FAT:
sudo mkfs.vfat /dev/mapper/truecrypt0
Dismount the volume:
truecrypt -d
Create a (ex: 50M) hidden volume within the outer volume (ex: on /dev/sdb1):
truecrypt --filesystem none --type hidden --size 50M --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1
Map the corresponding hidden volume (ex: on /dev/sdb1), but do not mount it:
truecrypt /dev/sdb1 # (use the hidden password)
Format the hidden volume with a filesystem recognised by mount(8):
sudo mkfs.xfs /dev/mapper/truecrypt0
Dismount the hidden volume:
truecrypt -d
Mount the outer volume (ex: /dev/sdb1 on /mnt/tc) with the hidden volume protected:
truecrypt -P /dev/sdb1 /mnt/tc
Copy files to the outer volume:
cp outer_volume_file.txt /mnt/tc
Dismount the outer volume:
truecrypt -d
Mount either volume (ex: /dev/sdb1 on /mnt/tc) and enjoy:
truecrypt /dev/sdb1 /mnt/tc # (use the password relevant to the volume you want to mount)