TrueCrypt is an open source disk-encryption software which runs on
Windows (Vista/XP/2000) and on Linux. It creates encrypted disks (containers)
which can reside within an existing native file system or as a disk partition,
and its use is quite transparent to the underlying system: the encrypted
volume behaves as a native file system to the operating system. TrueCrypt
volumes are portable between supported operating systems, as long as the
original file system the volume was created on is supported. So if I create an
NTFS encrypted volume on an NTFS-formatted device such as an external USB
disk, I can mount that TrueCrypt volume under Linux as long as my Linux groks
NTFS. Getting TrueCrypt to run under Windows is a cynch; simply download
and run the installer and within a few minutes, TrueCrypt is ready to run
(without rebooting). Creation of an encrypted volume can take some time: a
64GB volume required about an hour on my notebook, but this is a one-time
operation. Getting TrueCrypt to run on Linux is a different matter. Either
your version is supported or you have to download the source code
and compile it yourself. I downloaded the kernel source package for my version
and installed the source RPM, and prepared it for building with cd
/usr/src/redhat/SPECS; rpmbuild –bp ––target i686–unknown–linux
kernel-2.6.spec
. After changing to
/usr/src/redhat/BUILD/kernel-2.6.9/linux-2.6.9
, I edited the Makefile and
set EXTRAVERSION=
to blank and left the kernel otherwise uncompiled. I then
downloaded and unpacked the truecrypt 4.3 source, and launched the
building process, after which I installed the software.
# tar xvzf /tmp/truecrypt-4.3-source-code.tar.gz
# cd truecrypt-4.3-source-code/Linux/
# ./build.sh
Checking build requirements...
Linux kernel (2.6.9-42.0.3.ELsmp) source directory [/usr/src/linux]: /usr/src/redhat/BUILD/kernel-2.6.9/linux-2.6.9
Building kernel module... Done.
Building truecrypt... Done.
# ./install.sh
Checking installation requirements...
Testing truecrypt... Done.
Install binaries to [/usr/bin]:
Install man page to [/usr/share/man]:
Install user guide and kernel module to [/usr/share/truecrypt]:
Allow non-admin users to run TrueCrypt [y/N]: y
Installing kernel module... Done.
Installing truecrypt to /usr/bin... Done.
Installing man page to /usr/share/man/man1... Done.
Installing user guide to /usr/share/truecrypt/doc... Done.
Installing backup kernel module to /usr/share/truecrypt/kernel... Done.
I then mounted my external USB disk and proceeded to create a TrueCrypt volume on it.
# mount /dev/sdb2 /mnt
$ truecrypt --size 70G -c /mnt/backup.tc
TrueCrypt prompts me for missing options such as the file system type, hash algorithm and encryption algorithm, as well as the password with which the volume is to be protected, and it then spent the better part of fourty minutes creating the volume. Consult the online documentation and the manual page for the details. As soon as this is completed, the TrueCrypt volume is read, but I still have to create a Linux file system on it.
# truecrypt -N 2 /mnt/backup.tc
# ls -l /dev/mapper/truecrypt2
brw-rw---- 1 root disk 253, 0 Mar 19 21:22 /dev/mapper/truecrypt2
# mke2fs /dev/mapper/truecrypt2
# truecrypt -d /mnt/backup.tc
Now the volume is ready to be used, and I can mount it onto an existing mount point.
# mkdir /tc
$ truecrypt /mnt/backup.tc /tc
Password: **************
TrueCrypt is ideal for storing sensitive data or simply to create a backup on an external drive that you want to keep off site. I can give the drive to neighbours for safe-keeping without having to worry that they will look at my data. And what is the downside? Well, cryptography does put some strain on your CPU
load average: 63.22, 36.24, 16.71
when the volume is heavily utilized… :-(