|
Size: 2449
Comment:
|
Size: 4176
Comment: it's awsome -> only limited features & documentation are available on Ubuntu
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ## How to create a hidden encrypted volume with Truecrypt attachment:IconsPage/PicDocs.png |
#title Hidden encrypted volume with TrueCrypt (command line) |
| Line 4: | Line 3: |
| = Encrypted filesystems and hidden volume = | ||<rowbgcolor="#FFF280"> {i} Please refer to EncryptedFilesystems for further documentation.|| |
| Line 6: | Line 5: |
| There is [https://help.ubuntu.com/community/Security a lot of documentation] on how to create an encrypted volume. However, a significant problem caused by most of the existing implementations is that the owner of the data may be forced to reveal the password used to encrypt the data. | ||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; background-repeat: no-repeat; background-position: 98% 0.5ex; margin: 0 0 1em 1em; padding: 0.5em;"><<TableOfContents>>|| |
| Line 8: | Line 7: |
| To address this, different projects exist to implement some [http://en.wikipedia.org/wiki/Steganography steganography] mechanisms, but at the time of writing, only [http://www.truecrypt.org Truecrypt] is full-featured and production quality. | For instructions on using the new TrueCrypt GUI, please see [[https://help.ubuntu.com/community/TrueCrypt|TrueCrypt GUI]] |
| Line 10: | Line 9: |
| [http://www.truecrypt.org Truecrypt] is a free open-source disk encryption software available on Ubuntu. It offers a convenient hidden volumes management that includes protection against damages. |
There is [[https://help.ubuntu.com/community/Security|a lot of documentation]] on how to create an encrypted volume. However, a significant problem caused by most of the existing implementations is that the owner of the data may be forced to reveal the password used to encrypt the data. |
| Line 13: | Line 11: |
| More information is available at [http://www.truecrypt.org/hiddenvolume.php]. | To address this, different projects exist to implement some [[http://en.wikipedia.org/wiki/Steganography|steganography]] mechanisms. [[http://www.truecrypt.org|TrueCrypt]] is an open-source disk encryption software implementing steganography but as of 7.1 dose not fully support Ubuntu due to an incompatible license and only limited features & documentation are available on Ubuntu. |
| Line 15: | Line 13: |
| This page is mostly based on the ''man page'' of ''truecrypt 4.3a'' and intents to give a short recipe to implement [http://www.truecrypt.org Truecrypt] hidden volumes on Ubuntu. | |
| Line 17: | Line 14: |
| = Truecrypt hidden volumes = | = TrueCrypt 7.1 volume example = |
| Line 19: | Line 16: |
| 0. Install Truecrypt:{{{ sudo apt-get install truecrypt |
{{{ #Get truecrypt mkdir /opt/truecrypt cd /opt/truecrypt wget "http://www.truecrypt.org/download/truecrypt-7.1-linux-console-x86.tar.gz" tar -xvvf truecrypt-7.1-linux-console-x86.tar.gz cd ./truecrypt-7.1-setup-console-x86 bash ./truecrypt-7.1-setup-console-x86 cd ../ rm truecrypt-7.1-linux-console-x86.tar.gz rm -r truecrypt-7.1-setup-console-x86 #Read the documentation truecrypt --help |less #Make a key truecrypt --create-keyfile --random-source=/dev/urandom test_truecrypt.key #Make a volume truecrypt --filesystem=none --volume-type=normal --encryption=AES --hash=SHA-512 --random-source=/dev/urandom --quick --keyfiles=test_truecrypt.key --password=Test_pa55word -c /dev/sdb5 #Mount the volume without trying to mounting the absent filesystem truecrypt --keyfiles=test_truecrypt.key --password=Test_pa55word --filesystem=none --protect-hidden=no /dev/sdb5 #List your new encrypted volumes truecrypt --list #You can now format and mount the volume etc (optionally using LVM first) mkfs.ext4 /dev/mapper/truecrypt1 mkdir /media/tc1 mount /dev/mapper/truecrypt1 /media/tc1 |
| Line 22: | Line 50: |
| 0. Create an outer volume:{{{ | = TrueCrypt 4.3a hidden volume example = More information is available at [[http://www.truecrypt.org/hiddenvolume.php]]. 0. Download and install [[http://www.truecrypt.org|Truecrypt]] 0. Create an outer volume (ex: on ''/dev/sdb1''):{{{ |
| Line 24: | Line 59: |
| #In truecrypt 5.1a: truecrypt --text --filesystem=none --volume-type=normal --encryption=AES --hash=SHA-1 --random-source=/dev/urandom -c /dev/sdb1 |
|
| Line 25: | Line 62: |
| 0. Map the corresponding crypto device, but do not mount it:{{{ | 0. Map the corresponding volume (ex: on ''/dev/sdb1''), but do not mount it:{{{ |
| Line 27: | Line 64: |
| truecrypt --text --list #To see where was this mounted (/dev/mapper/truecrypt0 or /dev/loop0) | |
| Line 34: | Line 72: |
| 0. Create a (ex: 50M) hidden volume:{{{ | 0. Create a (ex: 50M) hidden volume within the outer volume (ex: on ''/dev/sdb1''):{{{ |
| Line 37: | Line 75: |
| 0. Map the corresponding crypto device, but do not mount it:{{{ | 0. Map the corresponding hidden volume (ex: on ''/dev/sdb1''), but do not mount it:{{{ |
| Line 40: | Line 78: |
| 0. Format hidden volume with a filesystem recognised by mount(8):{{{ | 0. Format the hidden volume with a filesystem recognised by ''mount(8)'':{{{ |
| Line 46: | Line 84: |
| 0. Mount the outer volume with the hidden volume protected:{{{ | 0. Mount the outer volume (ex: ''/dev/sdb1'' on ''/mnt/tc'') with the hidden volume protected:{{{ |
| Line 55: | Line 93: |
| 0. Mount either volume and enjoy:{{{ | 0. Mount either volume (ex: ''/dev/sdb1'' on ''/mnt/tc'') and enjoy:{{{ |
|
Please refer to For instructions on using the new TrueCrypt GUI, please see TrueCrypt GUI
There is a lot of documentation on how to create an encrypted volume. However, a significant problem caused by most of the existing implementations is that the owner of the data may be forced to reveal the password used to encrypt the data.
To address this, different projects exist to implement some steganography mechanisms. TrueCrypt is an open-source disk encryption software implementing steganography but as of 7.1 dose not fully support Ubuntu due to an incompatible license and only limited features & documentation are available on Ubuntu.
TrueCrypt 7.1 volume example
#Get truecrypt mkdir /opt/truecrypt cd /opt/truecrypt wget "http://www.truecrypt.org/download/truecrypt-7.1-linux-console-x86.tar.gz" tar -xvvf truecrypt-7.1-linux-console-x86.tar.gz cd ./truecrypt-7.1-setup-console-x86 bash ./truecrypt-7.1-setup-console-x86 cd ../ rm truecrypt-7.1-linux-console-x86.tar.gz rm -r truecrypt-7.1-setup-console-x86 #Read the documentation truecrypt --help |less #Make a key truecrypt --create-keyfile --random-source=/dev/urandom test_truecrypt.key #Make a volume truecrypt --filesystem=none --volume-type=normal --encryption=AES --hash=SHA-512 --random-source=/dev/urandom --quick --keyfiles=test_truecrypt.key --password=Test_pa55word -c /dev/sdb5 #Mount the volume without trying to mounting the absent filesystem truecrypt --keyfiles=test_truecrypt.key --password=Test_pa55word --filesystem=none --protect-hidden=no /dev/sdb5 #List your new encrypted volumes truecrypt --list #You can now format and mount the volume etc (optionally using LVM first) mkfs.ext4 /dev/mapper/truecrypt1 mkdir /media/tc1 mount /dev/mapper/truecrypt1 /media/tc1
TrueCrypt 4.3a hidden volume example
More information is available at http://www.truecrypt.org/hiddenvolume.php.
Download and install Truecrypt
Create an outer volume (ex: on /dev/sdb1):
truecrypt --filesystem none --type normal --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1 #In truecrypt 5.1a: truecrypt --text --filesystem=none --volume-type=normal --encryption=AES --hash=SHA-1 --random-source=/dev/urandom -c /dev/sdb1
Map the corresponding volume (ex: on /dev/sdb1), but do not mount it:
truecrypt /dev/sdb1 truecrypt --text --list #To see where was this mounted (/dev/mapper/truecrypt0 or /dev/loop0)
Format outer volume with FAT:
sudo mkfs.vfat /dev/mapper/truecrypt0
Dismount the volume:
truecrypt -d
Create a (ex: 50M) hidden volume within the outer volume (ex: on /dev/sdb1):
truecrypt --filesystem none --type hidden --size 50M --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1
Map the corresponding hidden volume (ex: on /dev/sdb1), but do not mount it:
truecrypt /dev/sdb1 # (use the hidden password)
Format the hidden volume with a filesystem recognised by mount(8):
sudo mkfs.xfs /dev/mapper/truecrypt0
Dismount the hidden volume:
truecrypt -d
Mount the outer volume (ex: /dev/sdb1 on /mnt/tc) with the hidden volume protected:
truecrypt -P /dev/sdb1 /mnt/tc
Copy files to the outer volume:
cp outer_volume_file.txt /mnt/tc
Dismount the outer volume:
truecrypt -d
Mount either volume (ex: /dev/sdb1 on /mnt/tc) and enjoy:
truecrypt /dev/sdb1 /mnt/tc # (use the password relevant to the volume you want to mount)