|
Size: 2449
Comment:
|
Size: 2663
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 19: | Line 19: |
| 0. Install Truecrypt:{{{ | 0. Install [http://www.truecrypt.org Truecrypt]:{{{ |
| Line 22: | Line 22: |
| 0. Create an outer volume:{{{ | 0. Create an outer volume (ex: on ''/dev/sdb1''):{{{ |
| Line 25: | Line 25: |
| 0. Map the corresponding crypto device, but do not mount it:{{{ | 0. Map the corresponding volume (ex: on ''/dev/sdb1''), but do not mount it:{{{ |
| Line 34: | Line 34: |
| 0. Create a (ex: 50M) hidden volume:{{{ | 0. Create a (ex: 50M) hidden volume within the outer volume (ex: on ''/dev/sdb1''):{{{ |
| Line 37: | Line 37: |
| 0. Map the corresponding crypto device, but do not mount it:{{{ | 0. Map the corresponding hidden volume (ex: on ''/dev/sdb1''), but do not mount it:{{{ |
| Line 40: | Line 40: |
| 0. Format hidden volume with a filesystem recognised by mount(8):{{{ | 0. Format the hidden volume with a filesystem recognised by ''mount(8)'':{{{ |
| Line 46: | Line 46: |
| 0. Mount the outer volume with the hidden volume protected:{{{ | 0. Mount the outer volume (ex: ''/dev/sdb1'' on ''/mnt/tc'') with the hidden volume protected:{{{ |
| Line 55: | Line 55: |
| 0. Mount either volume and enjoy:{{{ | 0. Mount either volume (ex: ''/dev/sdb1'' on ''/mnt/tc'') and enjoy:{{{ |
attachment:IconsPage/PicDocs.png
Encrypted filesystems and hidden volume
There is [https://help.ubuntu.com/community/Security a lot of documentation] on how to create an encrypted volume. However, a significant problem caused by most of the existing implementations is that the owner of the data may be forced to reveal the password used to encrypt the data.
To address this, different projects exist to implement some [http://en.wikipedia.org/wiki/Steganography steganography] mechanisms, but at the time of writing, only [http://www.truecrypt.org Truecrypt] is full-featured and production quality.
[http://www.truecrypt.org Truecrypt] is a free open-source disk encryption software available on Ubuntu. It offers a convenient hidden volumes management that includes protection against damages.
More information is available at [http://www.truecrypt.org/hiddenvolume.php].
This page is mostly based on the man page of truecrypt 4.3a and intents to give a short recipe to implement [http://www.truecrypt.org Truecrypt] hidden volumes on Ubuntu.
Truecrypt hidden volumes
Install [http://www.truecrypt.org Truecrypt]:
sudo apt-get install truecrypt
Create an outer volume (ex: on /dev/sdb1):
truecrypt --filesystem none --type normal --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1
Map the corresponding volume (ex: on /dev/sdb1), but do not mount it:
truecrypt /dev/sdb1
Format outer volume with FAT:
sudo mkfs.vfat /dev/mapper/truecrypt0
Dismount the volume:
truecrypt -d
Create a (ex: 50M) hidden volume within the outer volume (ex: on /dev/sdb1):
truecrypt --filesystem none --type hidden --size 50M --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1
Map the corresponding hidden volume (ex: on /dev/sdb1), but do not mount it:
truecrypt /dev/sdb1 # (use the hidden password)
Format the hidden volume with a filesystem recognised by mount(8):
sudo mkfs.xfs /dev/mapper/truecrypt0
Dismount the hidden volume:
truecrypt -d
Mount the outer volume (ex: /dev/sdb1 on /mnt/tc) with the hidden volume protected:
truecrypt -P /dev/sdb1 /mnt/tc
Copy files to the outer volume:
cp outer_volume_file.txt /mnt/tc
Dismount the outer volume:
truecrypt -d
Mount either volume (ex: /dev/sdb1 on /mnt/tc) and enjoy:
truecrypt /dev/sdb1 /mnt/tc # (use the password relevant to the volume you want to mount)