Truecrypt on Linux

Truecrypt allows you to create encrypted files that act as "disks".

Truecrypt is helpful if you use wvdial, for example, because wvdial puts your password in plain view in the files ~/.wvdialrc and /etc/ppp/chap-secrets. If someone steals your laptop, they can simply read your ISP password by booting from a live disk. Or by just taking out your disk and putting it into their USB craddle. If you put the files on an encrypted disk, they cannot.

While there is Linux software that does equivalent things, with Truecrypt you can open the disks using both Windows and Linux.

To get Truecrypt, go to truecrypt.org. Then

For Ubuntu, there is a package. Select Ubuntu x86 unless you installed the 64 bit kernel. Save the ....tar.gz file to a suitable location. In terminal, cd to the location of the file, then
```
  gunzip ....tar.gz
  tar xvf ....tar
  chmod u+x truecrypt-...-setup-ubuntu-x86
  truecrypt-...-setup-ubuntu-x86
```
It is another example of Beautiful Compatibility. The Truecrypt author says that he has never seen an operating system as inconsistent as Linux. In any case, for Debian (and others, I assume) you need to compile the sources. Get the sources from the "other downloads" page, selecting the Mac/Linux version. In terminal, cd to the location of the saved file and unzip it as
```
  gunzip ....tar.gz
  tar xvf ....tar
```
Then make sure you have the right version of your kernel. In a terminal:
```
  uname -r
```
Now use synaptic to get linux-headers (two packages), linux-kbuild, and linux-source for that kernel. Look in the installed files. You may have to go to /usr/src and unzip the sources manually; that was not done on my Debian system.

Now DO NOT trustingly start building Truecrypt. Truecrypt has a nasty habit of trying to rebuild your kernel without asking permission, an impossible task that makes a mess of thousands of files that can only be cleaned up by reinstalling Linux from scratch.

Instead, in the truecrypt source distribution, go into the file build.sh in the installation directory. You want to make absolutely sure that build.sh can find the files it needs and that it does not start rebuilding the kernel if for some reason it does not. Take a look at how I edited my version of build.sh, and you get the idea: my edited build.sh

Truecrypt is looking for the files $KERNEL_SRC/drivers/md/dm.h, $KERNEL_BUILD/include/asm/, $KERNEL_BUILD/Module.symvers, and $KERNEL_BUILD/.config. The first file I found under /usr/src as /usr/src/linux-headers-2.6.21-2-686/drivers/md/dm.h, so at the start of build.sh I set
```
  KERNEL_BUILD=/usr/src/linux-headers-2.6.21-2-686
```
Similarly, the other three files were all in /usr/src/linux-source-2.6.21 so I also set
```
  KERNEL_SRC=/usr/src/linux-source-2.6.21
```
Then I went through build.sh and wherever it would want to start remaking kernels, I put an exit. The changes are marked with "Leon". After that, it was safe to follow the installation instructions. The kernel sources can be deleted after making truecrypt to save disk space. Leave the truecrypt sources; you may have to do it again if you change your kernel.

To create a file /sctdat.tc to hold your secret files on a "disk" named /sct, in a terminal, enter the commands

sudo -u root mkdir /sct
sudo -u root truecrypt

Then select "create" to create the file /sctdat.tc. To be able to read the disk using MS Windows, use filetype FAT. Alternatively, try ext2 and install ext2ifs on Windows. If you have a multi-user setup, or allow outside access, you may need to avoid NTFS, since file protection is crippled with NTFS. At the time of writing you can only create NTFS disks from Windows anyway.

To mount the disk, use

truecrypt /sctdat.tc /sct

Note that you can also run Truecrypt from the Applications/ Other/ menu. It will prompt you for your password as needed. Note that you may need to enter both the disk password and your account password: keep them apart. If the disk file is in the header, you disk password is needed.

Applies to software obtained May 2009.

Return to Install Packages