TrueCrypt is an open source disk-encryption software which runs on Windows (Vista/XP/2000) and on Linux. It creates encrypted disks (containers) which can reside within an existing native file system or as a disk partition, and its use is quite transparent to the underlying system: the encrypted volume behaves as a native file system to the operating system. TrueCrypt volumes are portable between supported operating systems, as long as the original file system the volume was created on is supported. So if I create an NTFS encrypted volume on an NTFS-formatted device such as an external USB disk, I can mount that TrueCrypt volume under Linux as long as my Linux groks NTFS. Getting TrueCrypt to run under Windows is a cynch; simply download and run the installer and within a few minutes, TrueCrypt is ready to run (without rebooting). Creation of an encrypted volume can take some time: a 64GB volume required about an hour on my notebook, but this is a one-time operation. Getting TrueCrypt to run on Linux is a different matter. Either your version is supported or you have to download the source code and compile it yourself. I downloaded the kernel source package for my version and installed the source RPM, and prepared it for building with cd /usr/src/redhat/SPECS; rpmbuild –bp ––target i686–unknown–linux kernel-2.6.spec. After changing to /usr/src/redhat/BUILD/kernel-2.6.9/linux-2.6.9, I edited the Makefile and set EXTRAVERSION= to blank and left the kernel otherwise uncompiled. I then downloaded and unpacked the truecrypt 4.3 source, and launched the building process, after which I installed the software.

# tar xvzf /tmp/truecrypt-4.3-source-code.tar.gz
# cd truecrypt-4.3-source-code/Linux/
# ./
Checking build requirements...
Linux kernel (2.6.9-42.0.3.ELsmp) source directory [/usr/src/linux]: /usr/src/redhat/BUILD/kernel-2.6.9/linux-2.6.9
Building kernel module... Done.
Building truecrypt... Done.

# ./ 
Checking installation requirements...
Testing truecrypt... Done.

Install binaries to [/usr/bin]: 
Install man page to [/usr/share/man]: 
Install user guide and kernel module to [/usr/share/truecrypt]: 
Allow non-admin users to run TrueCrypt [y/N]: y
Installing kernel module... Done.
Installing truecrypt to /usr/bin... Done.
Installing man page to /usr/share/man/man1... Done.
Installing user guide to /usr/share/truecrypt/doc... Done.
Installing backup kernel module to /usr/share/truecrypt/kernel... Done.

I then mounted my external USB disk and proceeded to create a TrueCrypt volume on it.

# mount /dev/sdb2 /mnt
$ truecrypt --size 70G -c /mnt/

TrueCrypt prompts me for missing options such as the file system type, hash algorithm and encryption algorithm, as well as the password with which the volume is to be protected, and it then spent the better part of fourty minutes creating the volume. Consult the online documentation and the manual page for the details. As soon as this is completed, the TrueCrypt volume is read, but I still have to create a Linux file system on it.

# truecrypt -N 2 /mnt/
# ls -l /dev/mapper/truecrypt2 
brw-rw----  1 root disk 253, 0 Mar 19 21:22 /dev/mapper/truecrypt2
# mke2fs /dev/mapper/truecrypt2
# truecrypt -d /mnt/

Now the volume is ready to be used, and I can mount it onto an existing mount point.

# mkdir /tc
$ truecrypt /mnt/ /tc
Password: **************

TrueCrypt is ideal for storing sensitive data or simply to create a backup on an external drive that you want to keep off site. I can give the drive to neighbours for safe-keeping without having to worry that they will look at my data. And what is the downside? Well, cryptography does put some strain on your CPU

load average: 63.22, 36.24, 16.71

when the volume is heavily utilized… :-(

Linux and Security :: 20 Mar 2007 :: e-mail