So far, I used TrueCrypt into graphical mode, but over time, I realize that it is more comfortable to handle the command line version (aside from I tend to rule out any kind of graphical tool whenever possible).
TrueCrypt is a powerful program which may cypher partitions, logical volumes, whole hard drives or even installed operating systems. The encryption is transparently and automatically carried out, and on top of all that, on real time (that is to say, on the fly). Another plus is the option to hide volumes and its performance, which is excellent.
One practical detail of TrueCrypt is that is not necessary to install it on the system. To that end, you have to download the Console-only-32-bit file (in my case, the 32-bit version), decompress the included binary and run it. Then, you will have to choose the second option: Extract package file truecrypt_7.1_console_i386.tar.gz and place it to /tmp. Within this tgz file is located the executable file of TrueCrypt.
I get used to drop off this binary file into the public partition of the external hard drive. Thereby, when I have to use it, I just have to get it from there.
javi@javi-ubuntu:/tmp$ cp /media/public/truecrypt/truecrypt . ; chmod +x truecrypt javi@javi-ubuntu:/tmp$ ./truecrypt --version TrueCrypt 7.1
First of all, I had to encrypt the partition. This is a long process and depends on the size of your partition. Below you may appreciate that the average speed was 26 MB/s.
In the next output, you can see that in order to create the cyphered partition (sdb2), I followed the text wizard provided by TrueCrypt. Other choice would have been to pass the parameters through the command line (--encryption, --size, etc.).
javi@javi-ubuntu:/tmp$ sudo ./truecrypt -c Volume type: 1) Normal 2) Hidden Select : 1 Enter volume path: /dev/sdb2 Encryption algorithm: 1) AES 2) Serpent 3) Twofish 4) AES-Twofish 5) AES-Twofish-Serpent 6) Serpent-AES 7) Serpent-Twofish-AES 8) Twofish-Serpent Select : 1 Hash algorithm: 1) RIPEMD-160 2) SHA-512 3) Whirlpool Select : 1 Filesystem: 1) None 2) FAT 3) Linux Ext2 4) Linux Ext3 5) Linux Ext4 Select : 5 Enter password: Re-enter password: Enter keyfile path [none]: Please type at least 320 randomly chosen characters and then press Enter: Done: 100.000% Speed: 26 MB/s Left: 0 s The TrueCrypt volume has been successfully created.
Once you have created the encrypted partition (remember that my example is based on a partition, but you can also cypher a file or logical volume), the procedure is pretty easy. When you want to work with that safe area, you only have to mount it by means of TrueCrypt.
javi@javi-ubuntu:/tmp$ mkdir /mnt/truecrypt javi@javi-ubuntu:/tmp$ sudo ./truecrypt /dev/sdb2 /mnt/truecrypt Enter password for /dev/sdb2: Enter keyfile [none]: Protect hidden volume (if any)? (y=Yes/n=No) [No]: javi@javi-ubuntu:/tmp$ ./truecrypt --list 1: /dev/sdb2 /dev/mapper/truecrypt1 /mnt/truecrypt
By running the following command, you may collect more details about a mounted volume.
javi@javi-ubuntu:/tmp$ ./truecrypt --volume-properties /dev/sdb2 Slot: 1 Volume: /dev/sdb2 Virtual Device: /dev/mapper/truecrypt1 Mount Directory: /mnt/truecrypt Size: 50.0 GB Type: Normal Read-Only: No Hidden Volume Protected: No Encryption Algorithm: AES Primary Key Size: 256 bits Secondary Key Size (XTS Mode): 256 bits Block Size: 128 bits Mode of Operation: XTS PKCS-5 PRF: HMAC-RIPEMD-160 Volume Format Version: 2 Embedded Backup Header: Yes
You can dismount it by executing the next order.
javi@javi-ubuntu:/tmp$ sudo ./truecrypt --dismount /mnt/truecrypt
TrueCrypt has got many more options through the command line. I invite you to take a look at them by checking its help.
And finally, I would like to conclude this article by writing down the order (based on rsync) that I usually run to back up my data into the private partiton.
javi@javi-ubuntu:~$ rsync -altgvb --delete /data /mnt/truecrypt/