Command Line TrueCrypt Volume Creation Using ext3 filesystem

The current Linux version of TrueCrypt (version 6.2a) seems to have a bug that does not allow the creation of an ext3 TrueCrypt volume directly from the TrueCrypt command line. The following script provides a workaround, as well as providing a nice user interface (as text-based interfaces go!)

#!/bin/sh

#
# this script creates a truecrypt file container. the script requires
# five parameters:
#
#   - size in GBytes. A 4 GByte container is specified by '4'.
#   - entropy source. This will usually be /dev/random or /dev/urandom
#   - filename. Path and filename of container (ex: /data/secure1.tc)
#   - mount point. Where the container will be mounted (ex: /mnt/tc)
#   - keyfile. Path and filename of the keyfile to be used (ex: /root/key)
#
# note that /dev/random is a blocking device - i.e. it will wait to
# generate random numbers until there is sufficient entropy in the
# system to ensure security. if a blocking device is used, the user
# will probably need to generate entropy by typing random characters
# in a file until /dev/random receives sufficient data.
#
# initially developed and tested on Fedora 10
#

if [ $(id -u) -ne 0 ]; then
echo
echo "This script must be run as root. Exiting..."
echo
exit 1
fi

if [ $# -ne 5 ]; then
echo
echo "usage: $0 size(GB) entropy-src filename mnt-point keyfile"
echo
echo "For example, to create a 4GB truecrypt file container using"
echo "the /dev/random RNG at /data/secure.tc and mount it on"
echo "/mnt/tc with the keyfile /root/thekey, do the following:"
echo
echo "$0 4 /dev/random /data/secure.tc /mnt/tc /root/thekey"
echo
exit 1
fi

GBSIZE=${1}
ENTROPY=${2}
VOL=${3}
MNT=${4}
KEY=${5}

# generate the size of the container in bytes

SIZE=$(echo "${GBSIZE}*(2^30)" | bc)

# unmount anything that is on the designated mount point

truecrypt -t -d $MNT 2> /dev/null

# create a truecrypt file container using the designated key, size,
# and volume location. Create a FAT volume but we'll overwrite it
# later with an ext3 fileysystem (have to do this because truecrypt
# won't allow the direct creation of an ext3 container from the
# command line).

if [ "$ENTROPY" == "/dev/random" ]; then
echo
echo "You have selected a blocking entropy source. This means that"
echo "the creation of the truecrypt file container will wait until"
echo "there is enough randomness in the system to secure the"
echo "encryption keys. If the file container creation process does"
echo "not start immediately, open up a file (e.g. /tmp/barney) and"
echo "begin to type random characters until the progress indicator"
echo "appears."
echo
read -p "Hit the  key to continue..."
echo
fi

truecrypt -t \
--create \
--keyfiles=$KEY \
--password="" \
--volume-type=normal \
--size=${SIZE} \
--encryption=AES \
--hash=SHA-512 \
--filesystem=FAT \
--random-source=${ENTROPY} \
$VOL

if [ "$?" != "0" ]; then
echo
echo "Truecrypt container creation failed."
echo
exit 1
fi

# mount the newly created truecrypt container

truecrypt -t -k $KEY -p "" --protect-hidden=no $VOL $MNT
if [ "$?" != "0" ]; then
echo
echo "Initial mount of newly created truecrypt container failed. Exiting..."
echo
exit 1
fi

# create a ext3 filesystem on the /dev/mapper device

mapper=$(truecrypt -t -l | cut -d" " --fields=3)
umount $MNT
mkfs.ext3 $mapper

# unmount and then remount to use the new filesystem

truecrypt -t -d $VOL
truecrypt -t -k $KEY -p "" --protect-hidden=no $VOL $MNT
if [ "$?" != "0" ]; then
echo
echo "Cannot mount ext3 truecrypt container. Exiting..."
echo
exit 1
fi

echo
echo "The truecrypt container was successfully created and mounted."
echo
exit 0