Realcrypt: Mandriva’s Truecrypt – Howto Summary

20 01 2008

Hopefully Part 1 and Part 2 of the Howto have given you a fairly good base and you have a comfortable understanding of how to utilize Realcrypt aka Truecrypt in Linux. Now you can modfiy the examples outlined and tailor them to your needs.

If you’ve decided to implement a Realcrypt volume utilizing both a normal and hidden volume for extra security there’s a caveat. Once you create the hidden volume you will _not_ be able to write to the normal volume without the possibility of damaging the hidden volume. Yes there is the -P [Protect Hidden] flag but it can’t be utilized with the method we set the volumes up. It really isn’t an issue though, as the purpose of using a hidden volume is that the outer volume acts as a believable decoy – It’s all about plausible deniability. If you’re ever forced to decrypt a volume you’ll simply open the outer volume; which to have any chance of believability you’ll need to have data stored in the that volume that looks sensitive, but is NOT data you actually want to hide. After you create the normal volume as outlined in Part 1 you’ll copy some sensitive looking data into the volume to serve as the decoy data. Once that’s completed, move onto Part 2 and create your hidden volume. You’ll access the hidden volume as shown in Part 2; Realcrypt differentiates between the normal and hidden volumes with the keyfile(s) [if used] and the password(s) assigned to each volume. If for example you did use a keyfile for your hidden volume you can shorten process of accessing the volume by providing the arguments instead of using sudo realcrypt -i and answering the prompts.

Example: sudo realcrypt -k mykey volume.tc safe

In the example you are providing the path to your keyfile [this is assume the key is in the base of the directory we’re working from, otherwise you need to specify the complete path], the Realcrypt volume you wish to map [same as the keyfile specify the complete path if necessary] and the mount point. You’ll then only be prompted for the hidden volumes password.

If for example you chose not to us a keyfile, you’d use:

sudo realcrypt volume safe

and then enter the the hidden volumes password. There a multiple possibilities, I can’t cover them all but you should have the general idea.

Just remember the volumes are differentiated by their passwords and/or keyfiles. Use the hidden volume’s password(s) and/or keyfile(s) to access that volume. The only scenario where you will use the normal volume’s password(s) and/or keyfile(s) is if you are ever forced to hand over that information.

To speak further about protecting your Realcrypt volumes from others, I have these suggestions for your real world usage.

  • Name your volumes so that they aren’t identifiable – use a file extension that can account for the large file size that won’t draw attention to the file ie. .iso .bin .nrg .img or no extension at all.
  • Don’t use file extensions that’ll be a dead giveaway like .tc [the default extension in Windows] or have some .txt file that’s 100 MBs or greater.
  • The same type of advice as in the first point applies to any keyfiles you use; don’t name it something obvious like mykey, safe.key etc..
  • Store the keyfile in a different directory or even better, on removeable media.
  • The volume itself could also be stored on removable media.

Realcrypt/Truecrypt also has a nice built in security feature that will help in concealing the volume, it does not update the time stamp of the file.

You should also take steps to protect your volumes and keys from loss or damage by backing them up. It is also highly recommended to backup the volume headers which contain the master key. If the volume header becomes damaged it will be impossible to mount. To backup the volume header ( realcrypt -backup-headers | -restore-header FILE [VOLUME] ). As an example the line below backs up the headers of volume.tc to the file volume_head_backup. :

sudo realcrypt -backup-headers volume_head_backup volume.tc

You would restore the headers with:

sudo realcrypt -restore-headers volume_head_backup volume.tc

Realcrypt will then ask which header to restore [normal or hidden].

If you require any more information Truecrypt is very well documented – see http://www.truecrypt.org/docs/

As this blog is geared toward newer linux users; if you want to see the full list of user commands and flags for realcrypt type realcrypt -help or realcrypt -h in konsole, you can also view the man (manual) page typing man realcrypt. If you haven’t utilized a man page yet you will be unfamiliar with navigating around the page with Less; the keys are as follows:

  • Page Down = Spacebar or the ‘Page Down’ Key
  • Page Up = b or the ‘Page Up’ Key
  • Line Down = j or the ‘Down Arrow’ Key
  • Line Up = k or the ‘Up Arrow’ Key
  • Top of Document = g
  • Bottom of Document = G
  • Quit = q
  • Search = / to search forward [example /keyfile ] |or| ? to search backward [ ?keyfile ]
  • Repeat Search = n to repeat the search forward and N to repeat the search in the opposite direction
  • Help = h | Will give you the full summary of Less commands. ;-)

That concludes the Howto I hope you found it of help.

This work is licensed under a
Creative Commons Licence.

Blogged with Flock

Tags: , , , ,

Advertisements

Actions

Information

2 responses

20 01 2008
Realcrypt: Mandriva’s Truecrypt - Howto Part 2 « alt options

[…] Continue to the Summary This work is licensed under a Creative Commons Licence. […]

21 01 2008
Man Pages | Navigating with Less « alt options

[…] Pages | Navigating with Less 21 01 2008 I ended the Realcrypt Howto with instructions about navigating a man page. It really deserves its own post, so I’m […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: