Truecrypt on Linux, the verdict

As I’m sure you would have read in the last two weeks, I

have been looking at the security issues caused by the recent explosion in USB

storage; not only are the old issues of virus infection / migration brought up,

but due to the small size of USB flash keys—data loss and theft are brought to

the front line.  The only way to ensure

that our data can’t be read by other people is to encrypt it.

Encrypting these devices isn’t as straight forward as it

seems—yes for Windows users some of these devices come with proprietary

software which will allow the device to be locked.  Linux users can simply create an encrypted

filesystem on the device much like any other disk.  The big issue comes when a user wants to

switch between operating systems.  Many

Linux users will also use Windows be that at work or home—Mac OS X is another

operating system to consider as it is becoming rapidly more popular, especially

in the home for the less technically savvy (or those who appreciate its stability

and media related software).  What we

need is a strong encryption application which can encrypt/decrypt independent

of platform—this requirement cries out Open Source; the solution is indeed

provided as an Open Source project—enter TrueCrypt.

Last week we went over creating an encrypted USB key with

TrueCrypt in Windows, now let’s look at installing TrueCrypt on a Linux system

and mounting our previously created volume.


I have decided to install TrueCrypt under Ubuntu, this is

simply because Ubuntu has become my most frequently used Linux distribution; I

like the stability and repository system of Debian with the user friendliness

of Fedora.  The TrueCrypt download page

offers some precompiled packages; I did try to install one of these, however

because my Kernel had been updated from the original provided on the Ubuntu

5.10 DVD (via apt-get upgrade) the package would not install—therefore it’s

necessary to compile from source.

First the Kernel source needs to be installed if it’s not

already.  Let’s check which Kernel

version we’re running and also which compiler was used to build it:

#  cat /proc/version

Linux Version 2.6.12-10-686 (buildd@terranova) (gcc version

3.4.5 20050809 (pre-release) (Ubuntu 3.4.4-6ubuntu8.1)) #1 Sat Mar 11 16:22:51

UTC 2006

The Kernel version is 2.6.12-10-686, the actually source

version is therefore 2.6.12, the gcc version used to compile was 3.4.5. Now we

need to download the source with apt-get:

# apt-get install liunx-source-2.6.12

Unpack the source and create a link from /usr/src/linux to the current Kernel source:

# cd /usr/src

# tar –xvjf linux-source-2.6.12.tar.bz2

# ln –s linux-source-2.6.12 linux

Remember that if you aren’t logged in as root you will need to either switch to root (‘su –‘) or prepend ‘sudo’ to the above commands.

If you don’t have gcc installed already, install with the following:

# apt-get install build-essential gcc-3.4


Now let’s make sure we are using gcc 3.4:

# export CC=gcc-3.4

And build the Kernel modules:

# make –C /usr/src/linux-source-2.6.12 config modules

You will be presented with a myriad of questions and options

which can be set—assuming you are using the standard build of Kernel you can

just accept the default answer for these.

Once that’s taken car of we can compile TrueCrypt which is

much more straightforward.  Unpack the

source and enter the Linux source directory:

# tar -xvfz truecrypt-4.1-source-code.tar.gz –C ~/build/

# cd ~/build/truecrypt-4.1-source-code/Linux/

Building and installing is very simple, runt the appropriate scripts and follow any on-screen prompts:

# ./

# ./

Mounting the device is now completely painless, I have

created a directory in ‘/mnt’ called ‘tc’, this will be my mount point for the

filesystem.  The USB key is automatically

mounted by Ubuntu under ‘/media/USB-KEY’. 

You will remember that last week we created a file called ‘123.iso’

which contains our encrypted filesystem, mounting it happens with one command:

# truecrypt /media/USB-KEY/123.iso /mnt/tc

Easy huh, let’s just check:

# ls /mnt/tc



All things considered I would highly recommend looking in to

the use of TrueCrypt—I have been using this package since I discovered it just

over three weeks ago and I have no regrets; for the most part I’m working in

Windows and the traveller program allows me to mount my volume even if I’m

roaming on another machine.  When I’m

using Linux I can still access my files, therefore I have no excuse to leave my

portable storage unsecured.  I notice

that several readers commented on previous posts mentioning TrueCrypt, I would

be interested to hear how you got on (if you have had time to try it yet)?