True, that |

Oh boy. So, it’s been um.. yeah, a very long time since I posted. I guess I didn’t have anything “interesting” to write about. Until today again. Sysadmining is like that sometimes.

Today’s topic: Truecrypt. Specifically, in RedHat.

For those not familiar with truecrypt, it’s a rather cool “volume encryption” too, available in the open source community. If you’re on a windows box, installing and using truecrypt is simple.

In the linux world, it requires a bit more effort– but not too much.

In my case, we’re receiving large truecrypt volumes containing genetic data. The “source” of the truecrypt volume is a Windows machine somewhere. Our internal destination? A redhat server.

Step 1: Install truecrypt.

This is nothing more than running the install and following the prompts.

./truecrypt-7.0a-setup-x64
===============
TrueCrypt 7.0a Setup
____________________

Installation options:

1) Install truecrypt_7.0a_amd64.tar.gz
2) Extract package file truecrypt_7.0a_amd64.tar.gz and place it to /tmp

To select, enter 1 or 2:
===============

So, I’m done! (you’ve heard this before, right?)

Truecrypt access is done via the “truecrypt” command. You can specify all the parameters, or do it interactively. An interactive example looks like this:

I hop over to where my truecrypt “volume” (file) is, and try to mount it. I can safely ignore the warning, since I only intend to READ this particular data. You can think of a truecrypt volume as sort of like an ISO image file. With the exception of the password, I use the defaults:

truecrypt test2.tc
Warning: Your system uses an old version of the Linux kernel.

Due to a bug in the Linux kernel, your system may stop responding when writing data to a TrueCrypt volume. This problem can be solved by upgrading the kernel to version 2.6.24 or later.
Enter mount directory [default]:
Enter password for /root/test2.tc:
Enter keyfile [none]:
Protect hidden volume (if any)? (y=Yes/n=No) [No]:
Error: mount: unknown filesystem type ‘ntfs’

Uh-oh. Seems I have to include ntfs support for redhat! This is done also relatively simply– download “ntfs-3g” – and do the “configure”, “make”, and “make install dance”. Voila.

Let’s mount that again:

truecrypt test2.tc
Warning: Your system uses an old version of the Linux kernel.

Um…. ok. The kicker here is that “behind the scenes” truecrypt is attempting to mount the file system as ntfs. (it actually does this, by default, using type “auto”). And automatically, it determines that it’s an ntfs volume. But, “ntfs-3g” is actually the “mount type” that’s installed by the ntfs-3g tool. I don’t have “type ntfs” support. I do have “type ntfs-3g” support. How do I tell truecrypt this??

Here’s the magic sauce: Truecrypt DOES let us override the file system mounting options, and the tweaked command looks like this:

truecrypt –filesystem=ntfs-3g test2.tc
Warning: Your system uses an old version of the Linux kernel.

Success!

mount

fuse on /tmp/.truecrypt_aux_mnt1 type fuse (rw,nosuid,nodev,allow_other)
/dev/loop0 on /media/truecrypt1 type fuseblk (rw,allow_other,blksize=1024,default_permissions)

Final notes:

By default, truecrypt will create dynamic mountpoints, “/media/truecrypt1” etc. These can be overridden at the command line if you need.

Also, ‘normal’ users will need a passwordless sudo entry in /etc/sudoers allowing the use of /usr/bin/truecrypt, or else the privileges to mount the volume will not allow it to work.

Aleksey_Tsalolikhin	spp
Kacoroski, Ski	Damon, Lee
Boris, John	tep
borwick	caseybea
jessetrucks	LOPSA Blogs Admin
McCullough, Mark	hcoyote
stpierre	trey
Matt_Simmons	fatherlinux
nhruby	lois
Constantine, Craig	wnl
jdetke	drich
mhalligan	doug
jlothian	jennine
Philip Kizer	jeremyc
lufthans	English, Paul
moose	warner
Evan_Pettrey	villyard
asachs228	nicolefv
wbilancio	nickanderson
unicityd	mharlow
allberyb	d_white
apthorpe	mdisney
mjulian	solarce
nnmiller	TheDreamer
morgajel	jgsmith