Diff for "TruecryptHiddenVolume"


Differences between revisions 14 and 19 (spanning 5 versions)
Revision 14 as of 2008-10-26 05:51:25
Size: 3462
Editor: CPE-121-223-89-119
Comment: Added link to the EncryptedFilesystems index page - part of the Encrypted Filesystem documentation cleanup
Revision 19 as of 2012-06-08 18:04:27
Size: 4346
Editor: 69-196-147-42
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
#title Hidden encrypted volume with Truecrypt #title Hidden encrypted volume with TrueCrypt (command line)
Line 7: Line 7:
For instructions on using the new TrueCrypt GUI, please see [[https://help.ubuntu.com/community/TrueCrypt|TrueCrypt GUI]]
Line 9: Line 11:
To address this, different projects exist to implement some [[http://en.wikipedia.org/wiki/Steganography|steganography]] mechanisms, but at the time of writing, only [[http://www.truecrypt.org|Truecrypt]] is full-featured and production quality. To address this, different projects exist to implement some [[http://en.wikipedia.org/wiki/Steganography|steganography]] mechanisms. [[http://www.truecrypt.org|TrueCrypt]] is an open-source disk encryption software implementing steganography but as of 7.1 dose not fully support Ubuntu due to an incompatible license and only limited features & documentation are available on Ubuntu.
Line 11: Line 13:
[[http://www.truecrypt.org|Truecrypt]] is a free open-source disk encryption software available on Ubuntu.
It offers a convenient hidden volumes management that includes protection against damages.
It is important that you keep a dummy OS and destroy or hide(usb flash drive buried in the garden) the TrueCrypt boot data, otherwise there is no plausible deniability.

= TrueCrypt 7.1 volume example =


{{{
#Get truecrypt
mkdir /opt/truecrypt
cd /opt/truecrypt
wget "http://www.truecrypt.org/download/truecrypt-7.1-linux-console-x86.tar.gz"
tar -xvvf truecrypt-7.1-linux-console-x86.tar.gz
cd ./truecrypt-7.1-setup-console-x86
bash ./truecrypt-7.1-setup-console-x86
cd ../
rm truecrypt-7.1-linux-console-x86.tar.gz
rm -r truecrypt-7.1-setup-console-x86

#Read the documentation
truecrypt --help |less

#Make a key
truecrypt --create-keyfile --random-source=/dev/urandom test_truecrypt.key

#Make a volume
truecrypt --filesystem=none --volume-type=normal --encryption=AES --hash=SHA-512 --random-source=/dev/urandom --quick --keyfiles=test_truecrypt.key --password=Test_pa55word -c /dev/sdb5

#Mount the volume without trying to mounting the absent filesystem
truecrypt --keyfiles=test_truecrypt.key --password=Test_pa55word --filesystem=none --protect-hidden=no /dev/sdb5

#List your new encrypted volumes
truecrypt --list

#You can now format and mount the volume etc (optionally using LVM first)
mkfs.ext4 /dev/mapper/truecrypt1
mkdir /media/tc1
mount /dev/mapper/truecrypt1 /media/tc1

}}}

= TrueCrypt 4.3a hidden volume example =
Line 15: Line 55:

This page is mostly based on the ''man page'' of ''truecrypt 4.3a'' and intents to give a short recipe to implement [[http://www.truecrypt.org|Truecrypt]] hidden volumes on Ubuntu.

Note: So far the 5.x releases(5.1a is current) of Truecrypt will not create hidden partitions on linux or OS X, although they will read them. Reimplementing hidden partitions is planned for the future, though. Also, most of these CLI switches no longer work with 5.x. Your best bet is to use `-t` and manually make the selections if you need CLI support.

= Truecrypt hidden volumes =

(i) Please refer to EncryptedFilesystems for further documentation.

For instructions on using the new TrueCrypt GUI, please see TrueCrypt GUI

There is a lot of documentation on how to create an encrypted volume. However, a significant problem caused by most of the existing implementations is that the owner of the data may be forced to reveal the password used to encrypt the data.

To address this, different projects exist to implement some steganography mechanisms. TrueCrypt is an open-source disk encryption software implementing steganography but as of 7.1 dose not fully support Ubuntu due to an incompatible license and only limited features & documentation are available on Ubuntu.

It is important that you keep a dummy OS and destroy or hide(usb flash drive buried in the garden) the TrueCrypt boot data, otherwise there is no plausible deniability.

TrueCrypt 7.1 volume example

#Get truecrypt
mkdir /opt/truecrypt
cd /opt/truecrypt
wget "http://www.truecrypt.org/download/truecrypt-7.1-linux-console-x86.tar.gz"
tar -xvvf truecrypt-7.1-linux-console-x86.tar.gz 
cd ./truecrypt-7.1-setup-console-x86 
bash ./truecrypt-7.1-setup-console-x86
cd ../
rm truecrypt-7.1-linux-console-x86.tar.gz
rm -r truecrypt-7.1-setup-console-x86

#Read the documentation
truecrypt --help |less

#Make a key 
truecrypt --create-keyfile --random-source=/dev/urandom test_truecrypt.key

#Make a volume 
truecrypt --filesystem=none --volume-type=normal --encryption=AES --hash=SHA-512 --random-source=/dev/urandom --quick --keyfiles=test_truecrypt.key --password=Test_pa55word -c /dev/sdb5

#Mount the volume without trying to mounting the absent filesystem
truecrypt --keyfiles=test_truecrypt.key --password=Test_pa55word --filesystem=none --protect-hidden=no /dev/sdb5

#List your new encrypted volumes
truecrypt --list

#You can now format and mount the volume etc (optionally using LVM first)
mkfs.ext4 /dev/mapper/truecrypt1
mkdir /media/tc1
mount /dev/mapper/truecrypt1 /media/tc1

TrueCrypt 4.3a hidden volume example

More information is available at http://www.truecrypt.org/hiddenvolume.php.

  1. Download and install Truecrypt

  2. Create an outer volume (ex: on /dev/sdb1):

    truecrypt --filesystem none --type normal --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1 
    #In truecrypt 5.1a:
    truecrypt --text --filesystem=none --volume-type=normal --encryption=AES --hash=SHA-1 --random-source=/dev/urandom -c /dev/sdb1
  3. Map the corresponding volume (ex: on /dev/sdb1), but do not mount it:

    truecrypt /dev/sdb1
    truecrypt --text --list #To see where was this mounted (/dev/mapper/truecrypt0 or /dev/loop0)
  4. Format outer volume with FAT:

    sudo mkfs.vfat /dev/mapper/truecrypt0
  5. Dismount the volume:

    truecrypt -d
  6. Create a (ex: 50M) hidden volume within the outer volume (ex: on /dev/sdb1):

    truecrypt --filesystem none --type hidden --size 50M --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1
  7. Map the corresponding hidden volume (ex: on /dev/sdb1), but do not mount it:

    truecrypt /dev/sdb1 # (use the hidden password)
  8. Format the hidden volume with a filesystem recognised by mount(8):

    sudo mkfs.xfs /dev/mapper/truecrypt0
  9. Dismount the hidden volume:

    truecrypt -d
  10. Mount the outer volume (ex: /dev/sdb1 on /mnt/tc) with the hidden volume protected:

    truecrypt -P /dev/sdb1 /mnt/tc
  11. Copy files to the outer volume:

    cp outer_volume_file.txt /mnt/tc
  12. Dismount the outer volume:

    truecrypt -d
  13. Mount either volume (ex: /dev/sdb1 on /mnt/tc) and enjoy:

    truecrypt /dev/sdb1 /mnt/tc # (use the password relevant to the volume you want to mount)

TruecryptHiddenVolume (last edited 2012-06-08 18:04:27 by 69-196-147-42)