Using TrueCrypt on CentOS

TrueCrypt is an open source disk-encryption software which runs on Windows (Vista/XP/2000) and on Linux. It creates encrypted disks (containers) which can reside within an existing native file system or as a disk partition, and its use is quite transparent to the underlying system: the encrypted volume behaves as a native file system to the operating system.

TrueCrypt volumes are portable between supported operating systems, as long as the original file system the volume was created on is supported. So if I create an NTFS encrypted volume on an NTFS-formatted device such as an external USB disk, I can mount that TrueCrypt volume under Linux as long as my Linux groks NTFS.

Getting TrueCrypt to run under Windows is a cynch; simply download and run the installer and within a few minutes, TrueCrypt is ready to run (without rebooting). Creation of an encrypted volume can take some time: a 64GB volume required about an hour on my notebook, but this is a one-time operation.

Getting TrueCrypt to run on Linux is a different matter. Either your version is supported or you have to download the source code and compile it yourself. I downloaded the kernel source package for my version and installed the source RPM, and prepared it for building with

cd /usr/src/redhat/SPECS; rpmbuild –bp ––target i686–unknown–linux kernel-2.6.spec. After changing to /usr/src/redhat/BUILD/kernel-2.6.9/linux-2.6.9, I edited the Makefile and set EXTRAVERSION= to blank and left the kernel otherwise uncompiled.

I then downloaded and unpacked the truecrypt 4.3 source, and launched the building process, after which I installed the software.

# tar xvzf /tmp/truecrypt-4.3-source-code.tar.gz
# cd truecrypt-4.3-source-code/Linux/
# ./build.sh
Checking build requirements...
Linux kernel (2.6.9-42.0.3.ELsmp) source directory [/usr/src/linux]: /usr/src/redhat/BUILD/kernel-2.6.9/linux-2.6.9
Building kernel module... Done.
Building truecrypt... Done.

# ./install.sh
Checking installation requirements...
Testing truecrypt... Done.

Install binaries to [/usr/bin]:
Install man page to [/usr/share/man]:
Install user guide and kernel module to [/usr/share/truecrypt]:
Allow non-admin users to run TrueCrypt [y/N]: y
Installing kernel module... Done.
Installing truecrypt to /usr/bin... Done.
Installing man page to /usr/share/man/man1... Done.
Installing user guide to /usr/share/truecrypt/doc... Done.
Installing backup kernel module to /usr/share/truecrypt/kernel... Done.

I then mounted my external USB disk and proceeded to create a TrueCrypt volume on it.

# mount /dev/sdb2 /mnt
$ truecrypt --size 70G -c /mnt/backup.tc

TrueCrypt prompts me for missing options such as the file system type, hash algorithm and encryption algorithm, as well as the password with which the volume is to be protected, and it then spent the better part of fourty minutes creating the volume. Consult the online documentation and the manual page for the details.

As soon as this is completed, the TrueCrypt volume is read, but I still have to create a Linux file system on it.

# truecrypt -N 2 /mnt/backup.tc
# ls -l /dev/mapper/truecrypt2
brw-rw----  1 root disk 253, 0 Mar 19 21:22 /dev/mapper/truecrypt2
# mke2fs /dev/mapper/truecrypt2
# truecrypt -d /mnt/backup.tc

Now the volume is ready to be used, and I can mount it onto an existing mount point.

# mkdir /tc
$ truecrypt /mnt/backup.tc /tc
Password: **************

TrueCrypt is ideal for storing sensitive data or simply to create a backup on an external drive that you want to keep off site. I can give the drive to neighbours for safe-keeping without having to worry that they will look at my data.

And what is the downside? Well, cryptography does put some strain on your CPU

load average: 63.22, 36.24, 16.71

when the volume is heavily utilized… :-(

Entry posted on March 20th, 2007 at 6:59 PM in Linux, Security.

Related Posts

TrueCrypt now has System Encryption, Unwatched X11 Server, Enforced pause, Top utilities in 2007 and Your computer will be more reliable

Comments (7) left to “Using TrueCrypt on CentOS”

  1. Grzegorz Rumatowski wrote on 26-Mar-07 at 11:44 am

    Does make TrueCrypt under Linux really a sense? Isn't better to use other crypto FS? Like, for example, eCryptfs ?

  2. Jan-Piet Mens wrote on 26-Mar-07 at 12:01 pm

    It makes sense if you want to be able to mount encrypted volumes on both Linux and Windows.

  3. Vaibhav Pradhan wrote on 18-Apr-07 at 4:38 pm

    Hey,
    I am using the version 2.6.20-1.2949.fc7
    can u please guide me to install truecrypt on my system?

    thanx in advance…

    sincerely,
    Vaibhav

  4. christine wrote on 16-Jan-08 at 4:35 am

    i cannot understant to mount the ntfs to linux volume
    kindly help me for that problem then tech me to how to install the program(ntfs to linux).
    thank's
    christine

  5. Ken wrote on 19-Jan-08 at 10:04 am

    THANK YOU!! I've been searching for a day on how to install TrueCrypt 4.3a on my CentOS 5.1 system. Your post was very clear and worked like a charm Google should put your page at the very top

  6. Linker3000 wrote on 21-May-08 at 1:13 am

    Just a note that when I copied and pasted "rpmbuild –bp ––target i686–unknown–linux kernel-2.6.spec", I got weird errors until I deleted and re-entered the dashes ('-') – some kind of unicode/font issue!?

    I also had to do the following to cure some make errors:

    cd /root/src/redhat/BUILD/kernel-2.6.9/linux-2.6.9/drivers/md/
    5. cp * /usr/src/kernels/2.6.9-22.0.1.EL-i686/drivers/md/

    (others following that bit will have to substitute their kernel version)

    Apart from that, many thanks for the write up – it helped a lot

  7. Linker3000 wrote on 21-May-08 at 1:15 am

    ..oops – don't type the '5.' in the above post!

Post a Comment

*Required Full name
*Required (Never published)
 
« The Business Case for Open Source
Veiled »
Home