Encryption with TrueCrypt

Encrypt Your Home Directory

  • create a volume with truecrypt
  • check if any processes access files from your home directory using lsof | grep /home/user
  • mount it and move your stuff from /home/user to /mounted/truecryptVolume with cp -vax /home/user/ /mounted/truecryptVolume
  • create a new home in your root directory using {{mkdir /home_sec}}
  • change /etc/passwd so that /home/user will become /home_sec/user

To automount the volume: create the script /etc/init.d/tcstart with the following lines:

#!/bin/sh
truecrypt -t --protect-hidden=no --keyfiles=/path/to/keyfiles /dev/sdx9 /home_sec

where /dev/sdx9 is the truecrypt volume. If your keyfiles are stored on a usb stick, then use those lines instead:

#!/bin/sh
mount /dev/sdy9 /mount/sdy9
truecrypt -t --protect-hidden=no --keyfiles=/media/sdy9/Keyfile /dev/sdx9 /home_sec/

And if you do not use a password (just the keyfiles) then add --password= to the truecrypt line to tell it to use an empty password.

Now add the script to your runlevels:

chmod /etc/init.d/tcstart
sudo update-rc.d tcstart defaults

encrypt USB-Sticks using truecrypt

Also create a hidden partition if your files are extremely sensitive

Alternatives: dm_crypt with LUKS

resources

Comments