LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Truecrypt on USB key drive, step by step help? (http://www.linuxquestions.org/questions/linux-general-1/truecrypt-on-usb-key-drive-step-by-step-help-564193/)

Z038 06-24-2007 03:24 PM

Truecrypt on USB key drive, step by step help?
 
Can someone walk through the steps for creating a truecrypt volume with a hidden volume inside on a USB key drive? The volume must be mountable and usable by a non-root user.

I've been able to create one, but only root can use it.

Example: 32M key drive on /dev/sdc1

First run cfdisk.

Code:

cfdisk /dev/sdc1 
  • select entire partition

  • bootable

  • type 06 = FAT16 (what else would work here?)

  • write partition table


Next create the truecrypt outer (normal) volume. Note that I didn't run mkfs to format a file system on the USB key drive because the truecrypt step apparently creates one, or at least it prompts you to ask.

Code:

truecrypt --type normal --size 32M  /dev/sdc1
  • select FAT format

  • select hash and encryption keys

  • enter password / passphrase twice

  • wiggle mouse until done


Next create the truecrypt hidden volume (following examples from truecrypt web site).

Code:

truecrypt --type hidden --size 1M  /dev/sdc1
  • select FAT format

  • select hash and encryption keys

  • enter password / passphrase twice

  • wiggle mouse until done


Next mount the outer volume with protection for the inner hidden volume.

Code:

truecrypt -P /dev/sdc1 /mnt/tc
  • enter password / passphrase

  • enter password / passphrase for hidden volume


I had to do all of this as root. I wasn't able to get any of it, not even the first truecrypt volume creation, to work unless I was root, else I got permission denied. The file system owner is root from the top directory down, and not even root can change it. So I can't mount it or write to it except as root.

The way I created the hidden volume was according to the sample instructions on the truecrypt web site, but it doesn't seem to make a lot of sense to do it that way since its existence is very obvious when it prompts you for a hidden volume password when you mount the nonhidden volume. I thought the idea was for the hidden volume to be undetectable unless you knew it was there, but if anyone can issue a truecrypt mount command and enter the outer volume password (let's say after they broke your fingers to get it), they'll know immediately about the existence of the hidden volume... there go your toes.

But I'll save that bit to work out later. For now, I'd be happy to learn how to create a truecrypt volume on a USB key drive (the entire volume encrypted) that a non-root user can mount and use.

stress_junkie 07-04-2007 11:05 PM

Why don't you just use sudo when you are logged in as the normal user?


All times are GMT -5. The time now is 10:22 AM.