Command Line TrueCrypt Volume Creation Using ext3 filesystem
The current Linux version of TrueCrypt (version 6.2a) seems to have a bug that does not allow the creation of an ext3 TrueCrypt volume directly from the TrueCrypt command line. The following script provides a workaround, as well as providing a nice user interface (as text-based interfaces go!)
#!/bin/sh # # this script creates a truecrypt file container. the script requires # five parameters: # # - size in GBytes. A 4 GByte container is specified by '4'. # - entropy source. This will usually be /dev/random or /dev/urandom # - filename. Path and filename of container (ex: /data/secure1.tc) # - mount point. Where the container will be mounted (ex: /mnt/tc) # - keyfile. Path and filename of the keyfile to be used (ex: /root/key) # # note that /dev/random is a blocking device - i.e. it will wait to # generate random numbers until there is sufficient entropy in the # system to ensure security. if a blocking device is used, the user # will probably need to generate entropy by typing random characters # in a file until /dev/random receives sufficient data. # # initially developed and tested on Fedora 10 # if [ $(id -u) -ne 0 ]; then echo echo "This script must be run as root. Exiting..." echo exit 1 fi if [ $# -ne 5 ]; then echo echo "usage: $0 size(GB) entropy-src filename mnt-point keyfile" echo echo "For example, to create a 4GB truecrypt file container using" echo "the /dev/random RNG at /data/secure.tc and mount it on" echo "/mnt/tc with the keyfile /root/thekey, do the following:" echo echo "$0 4 /dev/random /data/secure.tc /mnt/tc /root/thekey" echo exit 1 fi GBSIZE=${1} ENTROPY=${2} VOL=${3} MNT=${4} KEY=${5} # generate the size of the container in bytes SIZE=$(echo "${GBSIZE}*(2^30)" | bc) # unmount anything that is on the designated mount point truecrypt -t -d $MNT 2> /dev/null # create a truecrypt file container using the designated key, size, # and volume location. Create a FAT volume but we'll overwrite it # later with an ext3 fileysystem (have to do this because truecrypt # won't allow the direct creation of an ext3 container from the # command line). if [ "$ENTROPY" == "/dev/random" ]; then echo echo "You have selected a blocking entropy source. This means that" echo "the creation of the truecrypt file container will wait until" echo "there is enough randomness in the system to secure the" echo "encryption keys. If the file container creation process does" echo "not start immediately, open up a file (e.g. /tmp/barney) and" echo "begin to type random characters until the progress indicator" echo "appears." echo read -p "Hit thekey to continue..." echo fi truecrypt -t \ --create \ --keyfiles=$KEY \ --password="" \ --volume-type=normal \ --size=${SIZE} \ --encryption=AES \ --hash=SHA-512 \ --filesystem=FAT \ --random-source=${ENTROPY} \ $VOL if [ "$?" != "0" ]; then echo echo "Truecrypt container creation failed." echo exit 1 fi # mount the newly created truecrypt container truecrypt -t -k $KEY -p "" --protect-hidden=no $VOL $MNT if [ "$?" != "0" ]; then echo echo "Initial mount of newly created truecrypt container failed. Exiting..." echo exit 1 fi # create a ext3 filesystem on the /dev/mapper device mapper=$(truecrypt -t -l | cut -d" " --fields=3) umount $MNT mkfs.ext3 $mapper # unmount and then remount to use the new filesystem truecrypt -t -d $VOL truecrypt -t -k $KEY -p "" --protect-hidden=no $VOL $MNT if [ "$?" != "0" ]; then echo echo "Cannot mount ext3 truecrypt container. Exiting..." echo exit 1 fi echo echo "The truecrypt container was successfully created and mounted." echo exit 0