From Mageia wiki
Jump to: navigation, search

This page is also available in:

FIXME

This page need to be revised/updated. See https://forums.mageia.org/en/viewtopic.php?f=5&t=8938

1) For fresh install it is convenient to set up encrypted partition using Mageia installer directly. I usually set up a separate /boot, then one large encrypted partition, and in that LVM, and in the LVM /, /home, /swap + spare space for extending + snapshots.

2) We have Veracrypt packaged, which is more developed than TrueCrypt and very versatile, with a good GUI.

3) We can also mention that we have EncFS packaged, that encrypts a folder file-by-file, and that shows up and is used lie a normal folder - good for external file synchronisation.


Introduction

TrueCrypt is software for creating and using on-the-fly-encrypted volumes for data security.

Operating systems : Linux, Windows, Mac OSX

Official website : truecrypt.org

Licence: This is open-source and free software but it is released by the editor under a specific licence.

Main features:

  • Creates a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts an entire partition or storage device such as USB flash drive or hard drive.
  • Encrypts a partition or drive where Windows is installed (pre-boot authentication).
  • Encryption is automatic, real-time (on-the-fly) and transparent.
  • Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
  • Encryption can be hardware-accelerated on modern processors.
  • Provides plausible deniability, in case an adversary forces you to reveal the password:
  • Hidden volume (steganography) and hidden operating system.
  • More information about the features of TrueCrypt may be found in the documentation.

Encrypted container or partition File systems:

  • The Linux version allows creating FAT, Ext2, Ext3, or Ext4 containers or partitions.
  • Reading and writing in NFTS containers or partitions is possible but these cannot be created from the Linux version.

Alternatives (Linux only): cryptsetup, LUKS

How to Use / Documentation

Check the complete Documentation on the editor's website, starting with a useful Beginner's tutorial.

When using Truecrypt from a console, all commands are available by entering truecrypt --help.

Installation

Download and Install the editor's package

Due to the specific licence, this software is not accessible with the Mageia repositories. It is still possible to install it using the editor's script, given minimal console knowledge:

  • Go to the page Downloads.
  • Choose and Select the Linux package depending on the type: Standard (graphic interface) or Console only, and the architecture (x86 or x64)
  • Click download and extract the file from your file manager (e.g. Dolphin). This will create a file like truecrypt-7.1-setup-x64 which is ready to be executed.
  • Start a console (e.g. F4 key in Dolphin) and simply type ./truecrypt-7.1-setup-x64 ou ./truecrypt-7.1-setup-x86
  • Here are the few steps:
Installation options:
1) Install truecrypt_7.1_amd64.tar.gz
2) Extract package file truecrypt_7.1_amd64.tar.gz and place it to /tmp

=> Choose 1 for a permanent installation, or choose 2 for a temporary installation.

Before you can use, extract, or install TrueCrypt, you must accept the terms of the TrueCrypt License.

Press Enter to scroll through the licence terms and answer:

Do you accept and agree to be bound by the license terms? (yes/no): 

The installation is completed and the last information given is:

Uninstalling TrueCrypt:
 -----------------------
 To uninstall TrueCrypt, please run 'truecrypt-uninstall.sh'.
 Installing package...

Truecrypt is now installed and an entry has been made in the menu, in the Tools category.

Complete some settings in Mageia

Access rights

You will need super user rights to access to a container or partition that was not created with your current user or to access to an NTFS container. If do not have these rights, you may get messages like "... sudoers..." when trying to mount the container.

1- It is possible to get these rights by starting Truecrypt from a console as root (su then truecrypt). But without additional settings, you will need to do this every time.

2- If you want to have permanent rights to mount any container or partition, you need to use and configure sudo:

2.1- Install visudo

2.2- To add one user in the sudoers file:

  • use a console and switch to super user (su)
  • edit the sudoers file by entering visudo
  • comment this line out: #Defaults requiretty (juste add the #)
  • After the line ## The COMMANDS section may have other options added to it., add this line:
your_username     your_hostname=(root) NOPASSWD:/usr/bin/truecrypt

Note: This command will give you your_username

whoami

and this command will give you your_hostname ('localhost.localdomain' by defaut)

hostname

2.3- If you need to grant these rights to several users, it is possible to create a group named truecrypt, add yourself and other users to this group, and add this group to the suders file:

  • use a console and switch to super user (su)
  • edit the sudoers file by entering visudo
  • comment this line out: #Defaults requiretty (juste add the #)
  • After the line ## The COMMANDS section may have other options added to it., add this line:
%truecrypt     your_hostname=(root) NOPASSWD:/usr/bin/truecrypt


Add loop module (Mageia 3 only)

Just after installing Truecrypt and editing the sudoers file, you will still get an error message when trying to mount a container or partition: "failed to set up loop device !"

This is a known issue in Mageia 3 which requires to start an additional module: loop

To start it rapidly, open a console, log in as root (su), and run: modprobe loop. But this will be necessary everytime you start your computer. To have this module loaded during every boot: open a console, log in as root (su), and run: echo loop >> /etc/modules Check the result, enter cat /etc/modules:

# /etc/modules: kernel modules to load at boot time.
#
# This file should contain the names of kernel modules that are
# to be loaded at boot time, one per line.  Comments begin with
# a `#', and everything on the line after them are ignored.

loop

Another possiblity is to add /sbin/modprobe loop; to /etc/modprobe.conf Example: enter cat /etc/modprobe.conf |grep loop

install scsi_hostadapter /sbin/modprobe sata_nv; /sbin/modprobe pata_amd; /sbin/modprobe loop; /bin/true

Notes and references

Truecrypt on Mandriva wiki fr [1]

Useful links

VeraCrypt (similar software)