Truecrypt howto - quick'n dirty

[viking60]

Truecrypt is discontinued and considered unsafe as of may 2014 You may replace it with encfs
So I decided to make a superduper secret directory where i can put stuff that nobody can see unless they are authorized to. The best software out there for these kind of things is truecrypt
You may pay a shitload of money and get inferior solutions but truecrypt is top of the pops!
Now I have always been afraid to even start playing with stuff like that, because I would look really stupid if I managed to encrypt all my data and not get them "back". So I took a couple of Cognac and waited until I felt really confident.
Then I decided to make a directory that even Hillary Clinton cannot spy upon (My knowledge will hereby be shared with the UN too).
Install truecrypt, it will be in your repos.
Make sure that you have sudo working.
Create a directory called secret stuff or whatever
And then let the fun begin: in a terminal type:

Code: Select all

sudo truecrypt

That will give you a load of promts where you just press enter or next when unsure -the defaults are the best!
I have called my virtual encryption file kryptert - this is just a file:

Here I specify where my encrypted virtual volum should be mounted I have called it secret_stuff here:

Just leave the default

Pick the size of your volume - if you want to watch movies it must be big, if you have text files it can be small.

Password - you know the drill:

Don't ask - just leave the FAT here

Start the process and move your mouse around; the more the better the encryption will be:

Here we leave the GUI and do some CLI work. add this to your ~/.bashrc or to the external .alias file that you have a reference to in that file.

Code: Select all

truecrypt /home/<USER>/kryptert /home/<USER>/secret_stuff <<EOF
password
EOF


This will mount the "drive" on login and prompt you for the password.
Now you can drag your files to secret_stuff and they will get encrypted in the very same moment!
I will get back to you on how to combine this with dropbox....
And remember if you loose the password the data are gone - not even Hillary can help you - the encryption is unbreakable.

[viking60]

So now that I have encrypted data I am all fore extra space in the clouds.
Dropbox is a smart little thing that I have mostly stayed away from so far, but I do have an account. I even managed to create some folders and it is syncing nicely with nautilus in my ARCH.
I generated another small virtual truecrypt disk of 5 mb and called the file dboxk. Then I copied the file dboxk to the Dropbox root:
/home/viking/Dropbox/ dboxk
The smaller Disk is due to the sync speed - it will not be possible to sync only changes on encrypted files.

I mounted it to my synced /home/viking60/Dropbox/Viking directory :

Code: Select all

truecrypt /home/thomas/Dropbox/dboxk /home/thomas/Dropbox/Viking <<EOF
password
EOF


And put that in my .alias file; as discussed above you can put it directly in your ~/.bashrc.

OKydoky then; we log out and log in and get prompted for the superduper password (twice - because I mount two disks).

And I drag two Pictures into that folder - they are nicely synced and easy to open - so I am suspicious if the encryption is working.
I went to another box without truecrypt and entered the very same directory and found....nothing So this stuff is really working!

PC with working Dropbox and no truecrypt:

Same directory at the same time on another PC with Dropbox and truecrypt:

It works!
Now you can drag any file to that directory including those romantic nude photos from Hawai - and Hillary will never find out.
The UN is hereby offered my assistance for free - Ban Ki-moon you only have to PM me!

[rolf]

That looks like a good job, there.

I'll remember to come back if I ever get something worth hiding.

[viking60]

Well I am on this mission where everybody should actively show what is worth showing. All the other stuff is nobody else's business so it should stay private -as a matter of principle.
That is kind of turning the table around, but I think it is necessary in today's society.
The good thing about this is that i works seem less without delay.Once it is in place you will not even notice that your data are encrypted,

[viking60]

Antway to make it work on other boxes you only have to install truecrypt and mount like described above.
I got a loop device error so I had to do a modprobe loop to make it work, (and add loop to the modules).
But basically you only have to add

Code: Select all

truecrypt /home/thomas/Dropbox/dboxk /home/thomas/Dropbox/Viking <<EOF
password
EOF

to ~/.bashrc and you can read the content after providing the password.
This is basically what has happened here:

[viking60]

Wow! I just realized truecrypt is not in the Mandriva 2010.2 repos???
But activating MiB repos did the trick!

[viking60]

Mandriva (and maybe other distros) defaults to install the Dropbox directory in /root/Dropbox
Now that is not a good place for it, so do pick the manual installation button and place it in ~/Dropbox
Then you can mount it like described above.
And oh yes! If you need Dropbox use this link to sign up:
http://db.tt/mPlJ7hSO
It will apparently give me more space and is therefor a noble cause

[rolf]

Good luck on that free space deal! I think I've roped in, at least, one, maybe 2.

I have never seen the Dropbox folder go into /root. There is a distribution component to the program:

Code: Select all

[rolf@localhost music]$ urpmq -y dropbox
dropbox-servicemenu
dropbox-servicemenu
nautilus-dropbox
[rolf@localhost music]$ urpmq -l nautilus-dropbox
/usr/bin/dropbox
/usr/lib64/nautilus/extensions-2.0/libnautilus-dropbox.so
/usr/share/applications/dropbox.desktop
/usr/share/icons/hicolor/16x16/apps/dropbox.png
/usr/share/icons/hicolor/22x22/apps/dropbox.png
/usr/share/icons/hicolor/24x24/apps/dropbox.png
/usr/share/icons/hicolor/32x32/apps/dropbox.png
/usr/share/icons/hicolor/48x48/apps/dropbox.png
/usr/share/icons/hicolor/64x64/apps/dropbox.png
/usr/share/icons/hicolor/64x64/emblems/emblem-dropbox-syncing.png
/usr/share/icons/hicolor/64x64/emblems/emblem-dropbox-unsyncable.png
/usr/share/icons/hicolor/64x64/emblems/emblem-dropbox-uptodate.png
/usr/share/man/man1
/usr/share/man/man1/dropbox.1.xz


and, iirc, once dropbox is started the first time, you are prompted to download the proprietary daemon from dropbox.com. This is when the folders get set up in the users ~ directory. I think you must have been running as root when you did this.

[viking60]

Yup that sounds right - so I might have started out wrong there.

[viking60]

But you will be needing root privileges to mount truecrypt directories without a password so do this in addition to the tips above:
Add the truecrypt group as root:

Code: Select all

groupadd truecrypt

Then edit the sudoers file and add this at the botom:

Code: Select all

# Users in the truecrypt group are allowed to run TrueCrypt as root.
%truecrypt ALL=(root) NOPASSWD:/usr/bin/truecrypt

Then add yourself to the truecrypt group.

[rolf]

I used to use sudoers to create desktop icons for one-click control of root-priveledge actions. This is part of the old /etc/sudoers file that shows how I did this for one user, and it looks to me the syntax might be a little different from what you've got

Code: Select all

# User privilege specification
root    ALL=(ALL) ALL
rolf    ALL=NOPASSWD: /usr/sbin/adsl-start, /usr/sbin/adsl-stop, /usr/bin/rdate, /usr/bin/fax, /usr/bin/efax, /home/rolf/pmfax/PrimaFax, /usr/bin/wvdial, /usr/bin/soundwrapper, /usr/bin/artsdsp

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now


[viking60]

You do it on the user level and I do it on the group level in this case.
I guess both methods work.
Interesting solution there I will fiddle arround with it - for sure