Monday, November 5, 2007


I have used the Truecrypt for several years under WinXP. It is probably the best tool for encrypting (virtual) disk volumes out there. It is also open source, which is a must when it comes to encryption tools and security related software.

The WinXP-version of Truecrypt has a nice and easy to use GUI for creating and mounting volumes. No GUI is supported by Truecrypt for the Linux platform, however.

Below, I will cover how to make and mount a Truecrypt volume formated to the Ext3-file-system in Ubuntu 7.04. The installation of Truecrypt is quite straight forward and is covered in the documentation on their website.

After you have downloaded and installed Truecrypt, you need to prepare a partition that is going to host your encrypted volume. In my case, I just used Gparted (sudo aptitude install gparted) to make a new 10GB partition on one of my harddrives. You may also use external drives, USB-sticks or whatever.

Prepare a mount-point (an empty folder) where you want your Truecrypt volume. I have mine at /home/adder1972/Truecrypt.

The partition made by Gparted was named /dev/hda9. Ubuntu tends to automount everything. Make sure the volume is not mounted by entering

sudo umount /dev/hda9 (substitute for your volume name)

Now, we create an encrypted volume on our partition

sudo truecrypt -c /dev/hda9

Please refer to the documentation if you need an explanation for the options presented. The defaults should be OK for now, except you should choose "Filesystem: None" instead of "Filesystem:FAT". You don't need a key-file for now either. You will be asked to enter a password. Let us assume your mouse is connected directly to the computer; move it around randomly when asked. Otherwise, you will be asked to type 320 randomly chosen characters.

When finished, truecrypt-mount your partition

sudo truecrypt /dev/hda9

Now type

sudo truecrypt -l

The output will be something like this

/dev/mapper/truecrypt0 /dev/hda9

We want to use the Ext3-file system. We format the Truecrypt volume by

sudo /sbin/mkfs.ext3 /dev/mapper/truecrypt0

And then unmount

truecrypt -d

The volume is now prepared and ready to be mounted in your home folder

truecrypt /dev/hda9 /home/adder1972/Truecrypt

(Note that I don't use sudo here). To set the correct permissions

sudo chown adder1972:users /home/adder1972/Truecrypt

(substitute adder1972 with whatever is correct in your system).

Now, the volume is mounted and ready. When you need to use it after you have powered up your computer, rebooted or unmounted, you mount it using

truecrypt /dev/hda9 /home/adder1972/Truecrypt

and unmount it

truecrypt -d

(No sudo here)

This post is based on a forum entry at the Truecrypt forums and my own experiences

No comments: