TrueCrypt

TrueCrypt is a powerful yet free Open-Source disk encryption Software. I am quite satisfied with the software that I decided to introduce it here in my blog, may all future releases remain free to use!

With TrueCrypt you can maintain an on-the-fly-encrypted volume (data storage device). On their website they explain ‘On-the-fly encryption’ as an automatic continuing encryption process to data right before it is saved and decrypted right after it is loaded. In simple words, you will end up having an encrypted volume to secure all your sensitive data inside. This volume can be mounted and accesses like any regular folder in your system each time you provide the right password and then dismounted to prevent access.

What I personally think makes this software special is the ease of using encrypted files right from the secured volume to the computer’s RAM. As such, if you have a video file, you will not wait until it is fully decrypted to play it, instead the stream will be decrypted right into the RAM while playing, the performance and speed is quite similar to playing any regular video file you have on your system. Brilliant, isn’t it?

Similarly, files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (drag-and-drop). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume.

TrueCrypt ‘never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory)’. In addition, it supports ‘hidden volumes’, which means that you may easily hide an encrypted volume inside an another encrypted volume without showing any evidence of its existence to other users of the system. This is a very important feature in case someone forces you to decrypt your sensitive data. (check TrueCrypt documentation for more information about hidden volumes).

To install and use in Linux, download the appropriate package from their website: www.truecrypt.org.

Since windows installation is wizard-based, I will leave that and cover the Linux installation procedure. First, download the Console-only version, in my case the file is called: truecrypt-7.1-linux-console-x86.tar.gz and was downloaded from the internet to: /home/haider/Downloads. Lets move it to the /usr/local/bin directory

mv /home/haider/Downloads/truecrypt-7.1-linux-console-x86.tar.gz /usr/local/bin

Then navigate to where it was moved and extract the file

cd /usr/local/bin
tar xfzv truecrypt-7.1-linux-console-x86.tar.gz

This should produce the bin file to be excuted: truecrypt-7.1-setup-console-x86. Good! lets now delete the archive file since we do not need it any more.

rm truecrypt-7.1-linux-console-x86.tar.gz

Now, change the file’s permissions to 755

chmod 755 truecrypt-7.1-setup-console-x86

Install using the following command and accept the terms of use (select option 1 to install)

./truecrypt-7.1-setup-console-x86

After a successful installation, you may display all the software’s arguments and options with

truecrypt -help

Further, lets create an encrypted volume. To do that use truecrypt -c.

truecrypt -c

Check out the following example from my Linux box:

Volume type:
 1) Normal
 2) Hidden
Select [1]: 1
 
Enter volume path: /root/my-crypt
 
Enter volume size (sizeK/size[M]/sizeG): 500m
 
Encryption algorithm:
 1) AES
 2) Serpent
 3) Twofish
 4) AES-Twofish
 5) AES-Twofish-Serpent
 6) Serpent-AES
 7) Serpent-Twofish-AES
 8) Twofish-Serpent
Select [1]: 1
 
Hash algorithm:
 1) RIPEMD-160
 2) SHA-512
 3) Whirlpool
Select [1]: 2
 
Filesystem:
 1) None
 2) FAT
 3) Linux Ext2
 4) Linux Ext3
 5) Linux Ext4
Select [2]: 5
 
Enter password: 
WARNING: Short passwords are easy to crack using brute force techniques!
 
We recommend choosing a password consisting of more than 20 characters. Are you sure you want to use a short password? (y=Yes/n=No) [No]: y
 
Re-enter password: 
 
Enter keyfile path [none]: 
 
Please type at least 320 randomly chosen characters and then press Enter:
Characters remaining: 259
Characters remaining: 190
 
 
Done: 100.000%  Speed:  7.0 MB/s  Left: 0 s          
 
The TrueCrypt volume has been successfully created.

From above, the volume’s path is: /root/my-crypt
Let mount it to a directory called encrypted-volume to start encrypting files.

mkdir /home/haider/encrypted-volume

Now lets mount them.

truecrypt /root/my-crypt /home/haider/encrypted-volume/

This will open a gate to the encrypted volume, as such we must provide the correct password:

Enter password for /root/my-crypt: 
Enter keyfile [none]: 
Protect hidden volume (if any)? (y=Yes/n=No) [No]: n

From this point, to encrypt files just move them to the encrypted-volume directory. Once finished, demount the two to protect your files:

truecrypt -d

In the future, if you require access to your encrypted files, or if you want to encrypt more files in that volume. Mount it again. That’s all!