truecrypt.mdwn 3.58 KB
Newer Older
1
2
[[!meta title="TrueCrypt"]]

Tails developers's avatar
Add TOC    
Tails developers committed
3
4
[[!toc]]

5
6
Security considerations
=======================
Tails developers's avatar
Tails developers committed
7

8
9
10
11
12
Although *TrueCrypt* looks like free software, [concerns](http://www.happyassassin.net/2008/08/06/open-letter-to-the-developers-of-truecrypt/) over
[its licence](http://www.truecrypt.org/legal/license) prevent its inclusion in Debian.
Truecrypt is also *developed* in a closed
fashion, so while the source code is freely available,
it may receive less review than might a comparable openly developed project.
13

14
Lastly, on 28 May 2014, the [*TrueCrypt* website](http://truecrypt.sourceforge.net/) announced that the
15
16
17
18
project was no longer maintained and recommended users to find
alternate solutions. That website now reads:

> WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.
19

20
21
22
For the above reasons, we recommend that you use [[LUKS encrypted
volumes|/doc/encryption_and_privacy/encrypted_volumes]] instead of *TrueCrypt*
volumes.
23

24
25
Still, you can open *TrueCrypt* volumes in Tails
[[using `cryptsetup`|truecrypt#cryptsetup]].
26

Tails developers's avatar
Tails developers committed
27
*TrueCrypt* was removed in Tails 1.2.1.
28

29
30
<a id="cryptsetup"></a>

Tails developers's avatar
Tails developers committed
31
32
Opening *TrueCrypt* volumes using `cryptsetup`
==============================================
33

Tails developers's avatar
Tails developers committed
34
You can open standard and hidden *TrueCrypt* volumes using the `cryptsetup`
Tails developers's avatar
Tails developers committed
35
command line tool.
36

Tails developers's avatar
Tails developers committed
37
38
39
40
41
42
43
<div class="note">

<p>This technique might not work on volumes created with <em>TrueCrypt</em>
version 4.1 to 4.3 (November 2005 to March 2007).</p>

</div>

44
1. [[Set up an administration
Tails developers's avatar
Tails developers committed
45
   password|first_steps/startup_options/administration_password]].
46
47
48
49
50
51
52
53
54
55

1. Choose
   <span class="menuchoice">
     <span class="guimenu">Applications</span>&nbsp;▸
     <span class="guisubmenu">Accessories</span>&nbsp;▸
     <span class="guimenuitem">Root Terminal</span>
   </span>
   to open a terminal with administration rights.

1. **If you want to open a standard *TrueCrypt* volume**, execute the
56
57
   following command. Replace `[volume]` with the path to your volume
   (partition or file container) and `[name]` with a name of your choice.
58

59
       cryptsetup open --type tcrypt [volume] [name]
60
   
61
   Here is an example of the command to execute to open a standard volume in a file container, yours is probably
62
63
   different:

64
       cryptsetup open --type tcrypt /media/mydisk/mycontainer myvolume
65
66

   **Else, if you want to open a hidden *TrueCrypt* volume**, execute
67
68
   the following command. Replace `[volume]` with the path to your volume
   (partition or file container) and `[name]` with a name of your choice.
69

70
       cryptsetup --tcrypt-hidden open --type tcrypt [volume] [name]
71
   
72
   Here is an example of the command to execute to open a hidden volume on a partition, yours is probably
73
74
   different:

75
       cryptsetup --tcrypt-hidden open --type tcrypt /dev/sdc1 myhidden
76

Tails developers's avatar
Tails developers committed
77
1. After typing your password and once the command prompt reappears, execute the following commands to mount
78
   the volume. Replace `[name]` with the name chosen in step&nbsp;3.
79

80
       mkdir /media/[name]
81

Tails developers's avatar
Tails developers committed
82
   a. And, if your volume contains a **NTFS or FAT file system** (default):
83
84
85
86
87
88

          mount -o uid=1000 /dev/mapper/[name] /media/[name]

   a. Else, if your volume contains an **Ext2, Ext3, or Ext4 file system**:

          mount /dev/mapper/[name] /media/[name]
89

90
91
1. If you don't see any error message, the volume is now available from the
   <span class="guimenu">Places</span> menu.
92

Tails developers's avatar
Shorten    
Tails developers committed
93
94
1. When you want to close your *TrueCrypt* volume, execute
   the following commands to safely remove it.
Tails developers's avatar
Tails developers committed
95
   Otherwise some of your files could be lost or damaged.
96
   Replace `[name]`with the mapping name chosen in step&nbsp;3.
97

Tails developers's avatar
Tails developers committed
98
       umount /media/[name]
99
       cryptsetup close [name]