Wednesday, February 21, 2007

Gentoo Truecrypt

I would like to encrypt my usb pen drive, not because I'm paranoid enough but usb pen drive is small and it is very easy that you might forget to bring it along somewhere and lost it. I decided to use truecrypt so that it is accessible on both Windows/Unix platform. In fact getting truecrypt to work on Gentoo is pretty straight forward.

Installing truecrypt -

shell>emerge -v truecrypt


Load it as kernel module at boot -

shell>sudo echo "truecrypt" /etc/modules.autoload.d/kernel-2.6

shell>sudo modprobe truecrypt

When I plugged in my usb pen drive, I checked the dmesg output -
usb 1-3: new high speed USB device using ehci_hcd and address 5
usb 1-3: configuration #1 chosen from 1 choice
scsi2 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 5
usb-storage: waiting for device to settle before scanning
scsi 2:0:0:0: Direct-Access USB DISK Pro PMAP PQ: 0 ANSI: 0 CCS
SCSI device sdb: 4012032 512-byte hdwr sectors (2054 MB)
sdb: Write Protect is off
sdb: Mode Sense: 23 00 00 00
sdb: assuming drive cache: write through
SCSI device sdb: 4012032 512-byte hdwr sectors (2054 MB)
sdb: Write Protect is off
sdb: Mode Sense: 23 00 00 00
sdb: assuming drive cache: write through
sdb: sdb1
sd 2:0:0:0: Attached scsi removable disk sdb
sd 2:0:0:0: Attached scsi generic sg1 type 0
usb-storage: device scan complete

Creating truecrypt volume for the whole usb pen drive -

shell>sudo truecrypt --type normal -c /dev/sdb1
Filesystem:
1) FAT
2) None
Select [1]:

Hash algorithm:
1) RIPEMD-160
2) SHA-1
3) Whirlpool
Select [1]:

Encryption algorithm:
1) AES
2) Blowfish
3) CAST5
4) Serpent
5) Triple DES
6) Twofish
7) AES-Twofish
8) AES-Twofish-Serpent
9) Serpent-AES
10) Serpent-Twofish-AES
11) Twofish-Serpent
Select [1]: Blowfish

Enter password for new volume '/dev/sdb1':
Re-enter password:
Passwords do not match.

Enter password for new volume '/dev/sdb1':
Re-enter password:
Enter keyfile path [none]:

TrueCrypt will now collect random data.

Is your mouse connected directly to computer where TrueCrypt is running? [Y/n]: Y

Please move the mouse randomly until the required amount of data is captured...
Mouse data captured: 100%

Done: 1957.09 MB Speed: 3.27 MB/s Left: 0:00:00
Volume created.

Or you can just run this command to create the volume without interaction, choose the encryption method you want to use -

shell>sudo truecrypt --type normal --encryption Blowfish --hash RIPEMD-160 --filesystem FAT -c /dev/sdb1

After you have created the truecrypt volumne. Then umount all mapped truecrypt volume and mounting it to directory you want -

shell>sudo truecrypt -d

shell>sudo mkdir /mnt/tc-usbmini

shell>sudo truecrypt -u /dev/sdb1 /mnt/tc-usbmini


Done. Now your data in the usb drive won't be revealed by average people who have taken or stolen it.

Enjoy (;])

2 comments:

Tedi Heriyanto said...

Can this encrypted volume used in Windows system ?

C.S.Lee said...

tedi,

Yes, you just need to install truecrypt on windows.