Truecrypt on CentOS 4.x
How to install and use the Truecrypt volume encryption open-source software on CentOS 4.x
Download and Install Kernel Source
Truecrypt’s documentation isn’t very helpful with assisting you in compiling its source code on any Linux flavor, so this should be a short guide to fill in that gap. The first thing you have to do is install the kernel development package for CentOS and rpmbuild.
[root@laptop ~]# yum install kernel-devel rpmbuild
Next, you’ll need to download the kernel source RPM package used to build the module needed. Instead of pointing to a single mirror instance in case it isn’t available, find a mirror on the CentOS list here: CentOS Mirrors.
Navigate to the version of CentOS you’re running, and then the updates section. For example I’m running CentOS 4.4 with 2.6.9 kernel. Download the package appropriate for your system.
http://url_mirror_list/4.4/updates/SRPMS/kernel-2.6.9-42.0.10.EL.src.rpm
Then just install the source package with RPM.
[root@laptop ~]# mkdir -p /usr/src/redhat/BUILD [root@laptop ~]# rpm -ivh kernel-2.6.9-42.0.10.EL.src.rpm
Prep the Build Environment
Next, a few commands to prepare to build the module. I don’t know if this the most proper method or not, but it works on my systems, so please leave some comments if this section can be fixed or made better. I believe you can download the linux source and accomplish it, but this is what I know.
[root@laptop ~]# cd /usr/src/redhat/SPECS [root@laptop ~]# rpmbuild -bp –target=i686 kernel-2.6.spec [root@laptop ~]# cd /usr/src/redhat/BUILD/kernel-2.6.9/linux-2.6.9/drivers/md/ [root@laptop ~]# cp -r –reply=yes * /usr/src/kernels/2.6.9-22.0.1.EL-i686/drivers/md/
If I try to build without copying this stuff over, Truecrypt complains about missing some things. This gets rid of those errors and allows the module to build fine. If you already have a build environment somewhere else, because yes I know you’re not supposed to build things as root but I think you have to for Truecrypt, then go ahead and use your own paths.
Download and Build Truecrypt
Next, download the source code on their download page:
http://www.truecrypt.org/downloads.php
Unpack it:
[root@laptop ~]# tar -xzvf /path/to/truecrypt-source-code.tar.gz [root@laptop ~]# cd truecrypt-4.3-source-code/Linux/
Build it:
[root@laptop ~]# ./build.sh Checking build requirements… Building kernel module… Done. Building truecrypt… Done.
Install it:
[root@laptop ~]# ./install.sh Checking installation requirements… Testing truecrypt… Done. Install binaries to [/usr/bin]: Install man page to [/usr/share/man]: Install user guide and kernel module to [/usr/share/truecrypt]: Allow non-admin users to run TrueCrypt [y/N]: y Installing kernel module… Done. Installing truecrypt to /usr/bin… Done. Installing man page to /usr/share/man/man1… Done. Installing user guide to /usr/share/truecrypt/doc… Done. Installing backup kernel module to /usr/share/truecrypt/kernel… Done.
That’s it for building and installing, now move along to using it.
Using Truecrypt for Volume Encryption
Now that you’re ready to use it, it’ll only take a few commands to get a volume created and mounted which will allow you to start safely storing data. The Windows version has a nice GUI for using the tool, but the Linux version is only command line. It’s actually easier to use the command line version, anyways.
If you’re going to create a mount point in /mnt, then you’ll need to issue this command as root. All other commands following, I’ll assume you’re doing as your normal user.
Create Mount Point and Volume
Create the mount point:
[root@laptop ~]# mkdir /mnt/truecrypt
Create a volume to play with:
[me@laptop ~]# cd /home/me [me@laptop ~]# truecrypt –create testvolume.tc
This will kick off some questions which will look what’s posted here. I’ve taken all of the defaults, but if you want to play around with types of encryption and other options, then go ahead and select what you like.
Volume type: 1) Normal 2) Hidden Select [1]: Filesystem: 1) FAT 2) None Select [1]: Enter volume size (bytes - size/sizeK/sizeM/sizeG): 128M Hash algorithm: 1) RIPEMD-160 2) SHA-1 3) Whirlpool Select [1]: Encryption algorithm: 1) AES 2) Blowfish 3) CAST5 4) Serpent 5) Triple DES 6) Twofish 7) AES-Twofish 8) AES-Twofish-Serpent 9) Serpent-AES 10) Serpent-Twofish-AES 11) Twofish-Serpent Select [1]: Enter password for new volume ‘testvolume.tc’: Re-enter password: Enter keyfile path [none]: TrueCrypt will now collect random data. Is your mouse connected directly to computer where TrueCrypt is running? [Y/n]: Y Please move the mouse randomly until the required amount of data is captured… Mouse data captured: 100% Done: 127.44 MB Speed: 6.20 MB/s Left: 0:00:00 Volume created.
You can check the volume out that you just created. It’ll look like a normal file full of random data. No one will actually be able to tell how much data is in it, because it’ll always look like the size you specified during creation. The one I created is 128M.
[me@laptop ~]# ll testvolume.tc -rw-rw-r– 1 me me 134217728 Apr 18 11:31 testvolume.tc
Mounting Volumes
Now that you have a volume, you can mount the volume on the mount point that you created a few steps ago. This will allow you start using the volume to store data. The -u option is important because it ensures user permissions are mapped to the mounted volume, so make sure you specify it. If you don’t, you might have problems copying and removing data, and then problems with unmounting the volume when you’re finished.
[me@laptop ~]# truecrypt -u testvolume.tc /mnt/truecrypt Enter password for ‘/home/me/testvolume.tc’:
Now your volume is mounted:
[me@laptop ~]# mount /dev/mapper/truecrypt0 on /mnt/truecrypt type vfat (rw,nosuid,uid=500,gid=500,umask=077)
Using the Volume
Go ahead and copy or create some data on the volume.
[me@laptop ~]# cp /home/me/docs/somedata.pdf /mnt/truecrypt
Check the disk usage on the mounted volume and you can see that the data is there:
[me@laptop ~]# df -h /mnt/truecrypt
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/truecrypt0
128M 3.4M 125M 3% /mnt/truecrypt
Unmounting Volumes
After you’re done using the volume, unmount it. The -d option is also important, this dismounts and unmaps the permissions on the mounted volume. If you don’t specify the path to the volume, then truecrypt will unmount all mounted encrypted volumes it finds, so careful if you have more than one volume.
[me@laptop ~]# truecrypt -d /mnt/truecrypt [me@laptop ~]# mount # You should see that it’s gone
Other Uses
That’s about it for a simple guide to using Truecrypt. If you need or want more information, then please visit their docs: Truecrypt Docs.
Keep in mind that this tool doesn’t do full disk encryption, but you can encrypt entire partitions with it. Just be careful you don’t set it up on a partition that has data on it, because during creation, the volume will be reformatted. You’ve been warned.
Other uses include encrypting USB drives and external drives. This makes it perfect to secure information floating around on a thumb drive, or backups you might be keeping on external drives. It’s quite useful, so again, check out the documentation.
