Work and Technology‎ > ‎Security‎ > ‎Encryption‎ > ‎

Truecrypt

On Linux:
A decent article on installing via apt is here available. However, you may want to grab the console-only package directly.
  • http://www.liberiangeek.net/2012/07/install-truecrypt-via-ppa-in-ubuntu-12-04-precise-pangolin/
  • http://www.truecrypt.org/downloads
Once installed, prep your disk (assuming you're using a whole disk) by putting a new label in place 
If you're using a mdadm device, you don't need to do this.
  • dmesg     #observe the new device
  • sudo parted /dev/sdc mklabel gpt
Create a truecrypt volume. Assuming you want to use ExFAT for portability, do so without having Truecrypt create a filesystem as it does not support ExFAT
  • truecrypt -t -c --quick  #go through the wizard, selecting Normal, AES, RIPEMD, filesystem as none
  • truecrypt --filesystem=none /dev/sdc
  • truecrypt -l    #observe the mapped location
Make that ExFAT filesystem on that mapped volume, then mount it
  • sudo mkfs.exfat /dev/mapper/truecrypt1
  • sudo mkdir /mnt/tcvol1
  • sudo mount /dev/mapper/truecrypt1 /mnt/tcvol1
In the future, mount the file system with Truecrypt like so (it will prompt you for some information)
  • truecrypt /dev/sdc

On OSX

First, prep the device by removing any partitions. For a GPT partitioned disk, you must remove the EFI partition (created by default whenever you use diskutil on a large disk)
  • diskutil list
  • diskutil eject disk3 # or whatever your physical volume is
  • sudo gpt remove -a disk3
You probably want an ExFAT file system (for portability). 
  • Create a volume  and choose file system type: none
  • Mount the volume, and in the advanced tab under Filesystem, select 'Do not mount'
  • In terminal, issue the commands
    • 'diskutil list'
    • diskutil erasevolume ExFAT IVIEW disk4
By using the eraseVolume directive we can directly format the mapped volume (as would happen in linux) without creating additional overhead partitions and so on. The new filesystem will mount automatically, and in the future will do with the truecrypt mount command.



Notes:
* I'm a little bit misty on what truecrypt does when it works with device mapper. Since you can directly make a file system on the mapped device (as opposed to partitioning the mapped device first) it may be that is a feature supported by the OS.
** You may not need to 'prep your disk' when using the linux command line method. The  GUI wizard on some versions prevents you from using an entire volume if there are partitions on it. Famously, the Mac will not create a GPT disk without putting an EFI partition on it, preventing you from using the volume.

Comments