Protect Your Files With TrueCrypt 5.1a On Debian Etch (GNOME)

Want to support HowtoForge? Become a subscriber!
 
Submitted by o.meyer (Contact Author) (Forums) on Sun, 2008-05-11 18:12. :: Debian | Desktop | Security

Protect Your Files With TrueCrypt 5.1a On Debian Etch (GNOME)

Version 1.0
Author: Oliver Meyer <o [dot] meyer [at] projektfarm [dot] de>
Last edited 04/18/2008

This document describes how to set up TrueCrypt 5.1a on Debian Etch (GNOME). Taken from the TrueCrypt page: "TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc)."

One important change in version 5 is that it is not longer affected by changes to the Linux kernel.

This howto is a practical guide without any warranty - it doesn't cover the theoretical backgrounds. There are many ways to set up such a system - this is the way I chose.

 

1 Preliminary Note

I used a standard Debian Etch r3 system for this howto - there were no extra repositories added.

 

2 Needed Packages

Let's install some needed packages (root privileges are needed).

apt-get install build-essential libfuse-dev fuse-utils pkg-config libgtk2.0-dev

 

3 FUSE Kernel Module

Now we have to load the FUSE kernel module (root privileges needed):

modprobe fuse

To make sure that the FUSE kernel module will be loaded automatically on boot you have to add it to the modules list (root privileges needed).

vi /etc/modules

Add the following two lines to the file.

#FUSE for TrueCrypt
fuse

 

4 WxWidgets

The wxWidgets source code is needed to build the TrueCrypt executable - so let's download it (do this as user, not as root!).

cd ~/Desktop/
wget http://kent.dl.sourceforge.net/sourceforge/wxwindows/wxGTK-2.8.7.tar.gz
tar xvfz wxGTK-2.8.7.tar.gz

 

5 TrueCrypt

5.1 Get It

Open http://www.truecrypt.org/downloads.php within your preferred browser and click on the corresponding link to get to the download page for the source code.

Select "Mac OS X / Linux (.tar.gz)" from the drop-down menu, read the license agreement and accept it if you agree with it. Now click on "Download" ...

... and save the file.

Next unpack the file. You can do this on the desktop ...

... or from the command line (do this as user, not as root!).

cd ~/Desktop/
tar xvfz TrueCrypt\ 5.1a\ Source.tar.gz

 

5.2 Compile It

Now we compile the TrueCrypt executable (do this as user, not as root!).

cd ~/Desktop/truecrypt-5.1a-source/
make WX_ROOT=~/Desktop/wxGTK-2.8.7 wxbuild
make

Ignore the warning "gsockgtk.cpp:134: warning: ´wxDummyGsockVar´ defined but not used" - that's nothing important.

At this point switch to the root account and copy the TrueCrypt executeable to the right place.

su -
%root_password%
cp /home/%your_username%/Desktop/truecrypt-5.1a-source/Main/truecrypt /usr/local/bin/

After that switch back to your user account, copy the user manual to the desktop and delete the remaninig .tar.gz files and the unpacked source files.

exit
cd ~/Desktop/
cp truecrypt-5.1a-source/Release/Setup\ Files/TrueCrypt\ User\ Guide.pdf ~/Desktop/
rm -Rf truecrypt-5.1a-source TrueCrypt\ 5.1a\ Source.tar.gz wxGTK-2.8.7 wxGTK-2.8.7.tar.gz


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Tue, 2008-11-25 20:39.

The TrueCrypt project seems to have deleted the 5.1a source referenced in this article.  The 6.1 source that is now the "stable" source does not compile using the instructions here. 

I suggest ignoring the advice in this and any howto to delete source zip archives ever, if you want to be able to recover at a future time, and carefully backup the materials to rebuild whatever platform you are using.

Since this encrypts your data beyond any recovery, this becomes even more important as you will never decipher this w/o TrueCrypt.  You can of course build up some platform to recover if TrueCrypt is around, but 10 years down the line that may not be the case, so keep a copy around with your encrypted data archive. 

Submitted by Anonymous (not registered) on Tue, 2008-11-25 22:35.

To follow up, the 6.1 source does not build without some help.

 There is an additional dependency from the addition of PKCS11 to the code somewhere.  The header files supposed to be compatable with the following site, however you will have to try several versions to get them to work.

ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11

A single comment was located indicating that this problem was introduced in 6.1, but no official fix was found.

The resulting code seems to work and produced some properly encrypted volumes with testing so far.

This is a problem with the truecrypt package, so will not be resolved by going to a later debian release (lenny?) when it arrives, unless someone picks this up and maintains a debian version and resolves the problem properly 

Submitted by xychix (not registered) on Wed, 2008-11-26 15:11.
dont forget to add fuse to /etc/modules #Truecrypts needs fuse fuse
Submitted by xychix (not registered) on Wed, 2008-11-26 14:10.
dont forget to add fuse to /etc/modules #Truecrypts needs fuse fuse
Submitted by xychix (not registered) on Wed, 2008-11-26 14:06.

Running this ugly script (or using it as a manual) might leave you with a compiled version of truecrypt!! #!/bin/sh BASE_DIR=`pwd` #make a dir for PKCS mkdir PKCS cd $BASE_DIR/PKCS wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/cryptoki.h wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/ct-kip.h wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/opt-pkcs11.h wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20a3.h wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20a3d3.h wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs11.h wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs11f.h wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs11t-consolidated-d1.h wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs11t.h wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs11t.h.org cd $BASE_DIR #download wxKGT-2.8.7 and untar it wget http://kent.dl.sourceforge.net/sourceforge/wxwindows/wxGTK-2.8.7.tar.gz tar xvzf wxGTK-2.8.7.tar.gz #download latest truecrypt 6.1 tgz and place it in the folder you are in. tar xvzf TrueCrypt\ 6.1\ Source.tar.gz # Go to truecrypt source cd $BASE_DIR/truecrypt-6.1-source # let's compile the bugger make NOGUI=1 PKCS11_INC=$BASE_DIR/PKCS WX_ROOT=$BASE_DIR/wxGTK-2.8.7 wxbuild make NOGUI=1 PKCS11_INC=$BASE_DIR/PKCS WX_ROOT=$BASE_DIR/wxGTK-2.8.7 WXSTATIC=1 $BASE_DIR/truecrypt-6.1-source/Main/truecrypt --version echo "If the line above displays the correct truecrypt version you'll find the executable in" echo "If you got an error xychix whishes you al the best, don't call me!" echo $BASE_DIR/truecrypt-6.1-source/Main/ #now you'll find a truecrypt binairy in the Main folder, you can copy this whereever you want. I'd copy it to /usr/bin/

Submitted by Anonymous (not registered) on Thu, 2008-12-25 23:16.

Hi,

Thanks for the script :)

After formatting to usefull form and installing:

apt-get install libfuse-dev 

I finally compiled correctly TrueCrypt ;)