Cryptsetup and tcplay as Truecrypt alternatives
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 2 of 2
  1. #1
    Join Date
    Apr 2012
    Location
    North America
    Posts
    46
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cryptsetup and tcplay as Truecrypt alternatives

    Hello everyone,

    According to https://fedoraproject.org/wiki/Forbi...tems#TrueCrypt :

    "The TrueCrypt software is under a poor license, which is not only non-free, but has the potential to be actively dangerous to end users or distributors who agree to it, opening them to possible legal action even if they abide by all of the licensing terms, depending on the intent of the upstream copyright holder. Fedora continues to make efforts to try to work with the TrueCrypt upstream to fix all of the issues in their license so that it can be considered Free, but have not yet been successful.

    Fedora Suggests: cryptsetup allows to map existing Truecrypt device since version 1.6 (Fedora 18). For full functionality tcplay is an independently developed TrueCrypt-compatible program under the BSD license. It is available in the official Fedora repository. It is recommended if you need TrueCrypt compatibility."

    This article will explain the use of tcplay to create truecrypt containers and cryptsetup to mount and unmount said containers.

    The following script utilizes tcplay to create truecrypt containers:

    Code:
    #!/bin/bash
    # Make truecrypt containers with tcplay
    
    #User is your username
    #Cryptsize is your container size (e.g. 20M)
    #Cryptname is your container name
    #Cryptpath is your container location (e.g. /home/user/file)
    
    #Cryptpath should be in the following format: /FillInPathHere/"$cryptname"
    
    user=
    cryptsize=
    cryptname=
    cryptpath=
    loopdev=$(losetup -f)
    
    # must be run as root
    if [[ $EUID != 0 ]]; then
      printf "%s\n" "You must be root to run this."
      exit 1
    fi
    
    # create a new container
    dd if=/dev/zero of="$cryptpath" bs=1 count=0 seek="$cryptsize"
    losetup "$loopdev" "$cryptpath" 
    tcplay -c -d "$loopdev" -a whirlpool -b AES-256-XTS	#Enter password twice
    
    # map the volume, create a filesystem on it and unmap the volume
    tcplay -m "$cryptname" -d "$loopdev"	#Enter password once
    mkfs.vfat /dev/mapper/"$cryptname"
    dmsetup remove "$cryptname"
    losetup -d "$loopdev"
    
    # make the volume user-writable
    chown "$user" "$cryptpath"
    chmod 755 "$cryptpath"
    The following script uses cryptsetup to mount and unmount truecrypt containers:

    Code:
    #!/bin/bash
    # Mount and unmount truecrypt containers using cryptsetup
    
    #User is your username
    #Cryptname is your container name
    #Cryptpath is your container location (e.g. /home/user/file)
    
    #Cryptpath should be in the following format: /FillInPathHere/"$cryptname"
    
    user=
    cryptname=
    cryptpath=
    
    # must be run as root
    if [[ $EUID != 0 ]]; then
      printf "%s\n" "You must be root to run this."
      exit 1
    fi
    
    # open and mount container
    if [[ "$1" == "1" ]]; then
      cryptsetup --type tcrypt open "$cryptpath" "$cryptname"     #Enter password
      mkdir /media/"$cryptname"
    
      # mount options for a user-writable volume
      userid=$(id -u "$user")
      groupid=$(id -g "$user")
      mount -o nosuid,uid="$userid",gid="$groupid" /dev/mapper/"$cryptname" /media/"$cryptname"
    
    # unmount, close container and clean up
    elif [[ "$1" == "2" ]]; then
      umount /media/"$cryptname"
      cryptsetup --type tcrypt close "$cryptname"
      rmdir /media/"$cryptname"
    
    else
      printf "%s\n" "To open container, type: sh foo.sh 1"
      printf "%s\n" "Or, to close container, type: sh foo.sh 2"
    fi
    To activate the scripts, just copy each of the two scripts into two separate text files and save them. You might need to make the bash scripts executable by typing something like: chmod +x ______.sh

    For the first script, to create a truecrypt container, type something like: sh ______.sh.

    For the second script, which uses cryptsetup:

    To open a truecrypt container, type something like: sh ______.sh 1

    To close a truecrypt container, type something like: sh ______.sh 2

    EDIT: Here's an added section on keyfiles:

    If your truecrypt container requires at least 1 keyfile:

    Add the variable(s):
    keyfile1=
    keyfile2=

    (Eliminate or add variables such as keyfile3, keyfile4, etc. as needed, depending on how many keyfiles you have for the container. For example, if my container requires only 1 keyfile, I just need keyfile1, and I don't need keyfile2.)

    To the following section:
    user=
    cryptname=
    cryptpath=

    Be sure to list the location for all of your keyfiles, though (e.g. keyfile1=/home/user/fookeyfile1, keyfile2=/home/user/fookeyfile2)

    And change the following line:
    cryptsetup --type tcrypt open "$cryptpath" "$cryptname"

    To the following code:
    cryptsetup --type tcrypt open "$cryptpath" "$cryptname" --key-file="$keyfile1"

    (If your container needs more than 1 keyfile, you can add: --key-file="$keyfile2", --key-file="$keyfile3", --key-file="$keyfile4", etc.)

    For example:
    cryptsetup --type tcrypt open "$cryptpath" "$cryptname" --key-file="$keyfile1" --key-file="$keyfile2"

    Sincerely,

    Cylinder57

    Sources:
    http://jasonwryan.com/blog/2013/01/10/truecrypt/
    https://wiki.archlinux.org/index.php/Tcplay
    https://wiki.archlinux.org/index.php...ing_cryptsetup
    Last edited by Cylinder57; 17th May 2014 at 10:32 PM. Reason: Correcting errors, adding a section on keyfiles

  2. #2
    Join Date
    May 2014
    Location
    uruguay
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Cryptsetup and tcplay as Truecrypt alternatives

    Hello,
    many thanks for your script, that is really what I need.

    However I'm getting an error:
    sudo sh cryptsetup-script.sh 1
    cryptsetup-script.sh: line 39: syntax error: unexpected end of file

    Well, it may be better to explain what I did.

    first
    vi cryptsetup-script.sh
    copied your script into the file

    then edited your script as follows:

    user=user
    cryptname=example.jpg
    cryptpath=/home/user/Pictures/"$example.jpg"

    I am confused regarding user. Truecrypt always asked me only a password to mount the volume contained in my file example.jpg. Truecrypt never asked for a username.

    So I wonder if it is possible to use your script to mount a volume contained in a file.

    Best

Similar Threads

  1. Need cryptsetup syntax help
    By ToddAndMargo in forum Using Fedora
    Replies: 0
    Last Post: 30th July 2012, 12:15 AM
  2. [SOLVED]
    clean unmounting USB, while using tcplay
    By mohancloudworld in forum Using Fedora
    Replies: 1
    Last Post: 25th November 2011, 11:31 PM
  3. Replies: 7
    Last Post: 12th February 2008, 12:56 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •