How to encrypt your disk with TrueCrypt?
Recently I had to encrypt an entire partition to protected some sensitive data. I found out that TrueCrypt is quite easy to use and provide pretty good protection against attackers with physical access to your machine.
You can encrypt your data in two ways:
1) By creating an encrypted file which you then mount as a regular disk
2) By creating an encrypted partition in a similar fashion.
I am running on ArchLinux but you should have any problems installing truecrypt with any distro’s software installer. In case you’d like to do it manually, just follow this link.
When you are done with the installation make sure that you load the kernel module with ‘modprobe truecrypt’. Remember that all commands are executed as ‘root’. You can use a regular user if you give him access to the truecrypt utility through sudo.
Creating an encrypted file:
TrueCrypt works interactively so you simply run:
# truecrypt -c
and follow the instructions:
---------------
Volume type: 1) Normal 2) Hidden Select [1]: 1
---------------
Enter file or device path for new volume: /enc/encrypted_file.tc
---------------
Filesystem: 1) FAT 2) None
Select [1]: 1
---------------
Enter volume size (bytes - size/sizeK/sizeM/sizeG): 128M
---------------
Hash algorithm: 1) RIPEMD-160 2) SHA-1 3) Whirlpool
Select [1]: 1
---------------
Encryption algorithm: 1) AES 2) Blowfish 3) CAST5 4) Serpent 5) Triple DES 6) Twofish 7) AES-Twofish 8 ) AES-Twofish-Serpent 9) Serpent-AES 10) Serpent-Twofish-AES 11) Twofish-Serpent
Select [1]: 1
-----------------
Enter password for new volume '/enc/encrypted_file.tc':
Re-enter password:
————————
Enter keyfile path [none]:
-----------------
The above will create a file named 'encrypted_file.tc' which you can then mount with the following:
truecrypt /enc/encrypted_file.tc /home/encrypted_folder
Simply copy/paste the files you want to protect in 'encrypted_folder' and when you are done, unmount
with:
#truecrypt -d
