Revision 1 as of 2007-08-08 13:29:32

Clear message

attachment:IconsPage/PicDocs.png

Encrypted filesystems and hidden volume

There is [https://help.ubuntu.com/community/Security a lot of documentation] on how to create an encrypted volume. However, a significant problem caused by most of the existing implementations is that the owner of the data may be forced to reveal the password used to encrypt the data.

To address this, different projects exist to implement some [http://en.wikipedia.org/wiki/Steganography steganography] mechanisms, but at the time of writing, only [http://www.truecrypt.org Truecrypt] is full-featured and production quality.

[http://www.truecrypt.org Truecrypt] is a free open-source disk encryption software available on Ubuntu. It offers a convenient hidden volumes management that includes protection against damages.

More information is available at [http://www.truecrypt.org/hiddenvolume.php].

This page is based on the truecrypt 4.3a man page and intents to give a short recipe to implement [http://www.truecrypt.org Truecrypt] hidden volumes on Ubuntu.

Truecrypt hidden volumes

  1. Install Truecrypt:

    sudo apt-get install truecrypt

  2. Create an outer volume:

    truecrypt --filesystem none --type normal --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1

  3. Map the corresponding crypto device, but do not mount it:

    truecrypt /dev/sdb1

  4. Format outer volume with FAT:

    sudo mkfs.vfat /dev/mapper/truecrypt0

  5. Dismount the volume:

    truecrypt -d

  6. Create a (ex: 50M) hidden volume:

    truecrypt --filesystem none --type hidden --size 50M --encryption AES --hash SHA-1 --random-source /dev/urandom -c /dev/sdb1

  7. Map the corresponding crypto device, but do not mount it:

    truecrypt /dev/sdb1 # (use the hidden password)

  8. Format hidden volume with a filesystem recognised by mount(8):

    sudo mkfs.xfs /dev/mapper/truecrypt0

  9. Dismount the hidden volume:

    truecrypt -d

  10. Mount the outer volume with the hidden volume protected:

    truecrypt -P /dev/sdb1 /mnt/tc

  11. Copy files to the outer volume:

    cp outer_volume_file.txt /mnt/tc

  12. Dismount the outer volume:

    truecrypt -d

  13. Mount either volume and enjoy:

    truecrypt /dev/sdb1 /mnt/tc # (use the password relevant to the volume you want to mount)