LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-29-2012, 10:30 AM   #1
czezz
Member
 
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 584

Rep: Reputation: 30
mount truecrypt partition under Linux


I have encrypted system partition of a WinXP.
Then I attached that disk (with WinXP) to my Linux Box.

Under linux I can find /dev/sda1 in /proc/partitions which is my encrypted disk with WinXP.
I am tring to mount this partition but every time I try, I got this error/msg
NOTE: Im 100% sure that I enter the right passwd.

Code:
truecrypt --mount /dev/sda1 /mnt/backup --filesystem=ntfs-3g
Enter password for /dev/sda1:
Enter keyfile [none]:
Protect hidden volume (if any)? (y=Yes/n=No) [No]:
Wrong mount mode, incorrect keyfile(s) and/or password, or not a TrueCrypt volume.

Note: If you are attempting to mount a partition located on an encrypted system drive without pre-boot authentication or to mount the encrypted system partition of an operating system that is not running, you can do so by selecting 'Options >' > 'Mount partition using system encryption'.
Enter password for /dev/sda1:
Does anyone know what Im doing wrong ?
Please note: I have only cli. No GUI.

Last edited by czezz; 02-29-2012 at 01:26 PM.
 
Old 02-29-2012, 03:42 PM   #2
purevw
Member
 
Registered: Jan 2007
Location: Texas
Distribution: OpenSuSE 13, Kernel 3.13.3
Posts: 90

Rep: Reputation: 45
Assuming that your /dev/sda1 is a Windows system partition, try this: truecrypt --mount-options=system /dev/sda1 /mnt/backup
You should be prompted for the drive password followed by your su password.
That is assuming that "/mnt/backup is a valid directory that is already created. I have my Windows drives set up as /windows/System and so on.
To dismount all volumes that are mounted, simply: truecrypt --dismount or you can specify which individual volume to dismount.
The file-system option should not be needed as default is "automatic"
If all else fails, run truecrypt --help for a complete list of commands and options.
 
1 members found this post helpful.
Old 02-29-2012, 09:18 PM   #3
Roken
Member
 
Registered: Oct 2011
Location: Bolton, UK
Distribution: Arch local, Debian on VPS
Posts: 252

Rep: Reputation: 40
You can embed the truecrypt drives password in the mount command with -p:

Code:
truecrypt --auto-mount=favorites -p=password
You will still need to enter your sudo password when requested.
 
Old 02-29-2012, 09:46 PM   #4
purevw
Member
 
Registered: Jan 2007
Location: Texas
Distribution: OpenSuSE 13, Kernel 3.13.3
Posts: 90

Rep: Reputation: 45
Quote:
Originally Posted by Roken View Post
You can embed the truecrypt drives password in the mount command with -p:

Code:
truecrypt --auto-mount=favorites -p=password
You will still need to enter your sudo password when requested.
Just a note. If you choose to set up your Windows system drive as a favorite, you will need to make sure and give it the "system" designation when you set it up. If you have multiple drives to mount, using favorites is by far the simplest way to go, once it is set up correctly.
 
Old 03-01-2012, 02:13 AM   #5
czezz
Member
 
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 584

Original Poster
Rep: Reputation: 30
@purevw: thanks, it works. I have added "--filesystem=ntfs-3g", so with this I am able to mount it with "rw" access.
@Roken: can you please explain me more what "favorites" is ? I dont quite understand syntax of your command. There is no indication which device should be mounted.
 
Old 03-01-2012, 06:14 AM   #6
Roken
Member
 
Registered: Oct 2011
Location: Bolton, UK
Distribution: Arch local, Debian on VPS
Posts: 252

Rep: Reputation: 40
You can add mounted volumes to favorites in truecrypt, which means that you can mount them in future just by specifying favorites rather than the separate volumes. For example, I have two truecrypt volumes, one being my work partition containing sensitive client data, and the other being a virtual truecrypt volume containing sensitive personal data. Now, I couldn't find a way to add favorite volumes via the command line, but creating ~/.Truecrypt/Favorite\ Volumes.xml should work:

Code:
<?xml version="1.0" encoding="utf-8"?>
<TrueCrypt>
	<favorites>
		<volume mountpoint="/mnt/Work" readonly="0" slotnumber="1" system="0">/dev/sdb4</volume>
		<volume mountpoint="/mnt/Personal" readonly="0" slotnumber="2" system="0">/home/user/personal</volume>
	</favorites>
</TrueCrypt>
You would, of course, substitute the mount points and the encrypted volume identifiers to suit your own system, and make sure that the mount points exist. This does mean that you can mount all the defined truecrypt volumes with a single command.
 
Old 03-01-2012, 09:05 AM   #7
purevw
Member
 
Registered: Jan 2007
Location: Texas
Distribution: OpenSuSE 13, Kernel 3.13.3
Posts: 90

Rep: Reputation: 45
Quote:
Originally Posted by czezz View Post
@purevw: thanks, it works. I have added "--filesystem=ntfs-3g", so with this I am able to mount it with "rw" access.
@Roken: can you please explain me more what "favorites" is ? I dont quite understand syntax of your command. There is no indication which device should be mounted.
I have full rw access on all my Windows volumes without adding the ntfs spec. Perhaps it is required with command line only? I use the GUI.
 
Old 03-01-2012, 09:31 AM   #8
purevw
Member
 
Registered: Jan 2007
Location: Texas
Distribution: OpenSuSE 13, Kernel 3.13.3
Posts: 90

Rep: Reputation: 45
Quote:
Originally Posted by Roken View Post
You can add mounted volumes to favorites in truecrypt, which means that you can mount them in future just by specifying favorites rather than the separate volumes. For example, I have two truecrypt volumes, one being my work partition containing sensitive client data, and the other being a virtual truecrypt volume containing sensitive personal data. Now, I couldn't find a way to add favorite volumes via the command line, but creating ~/.Truecrypt/Favorite\ Volumes.xml should work:

Code:
<?xml version="1.0" encoding="utf-8"?>
<TrueCrypt>
	<favorites>
		<volume mountpoint="/mnt/Work" readonly="0" slotnumber="1" system="0">/dev/sdb4</volume>
		<volume mountpoint="/mnt/Personal" readonly="0" slotnumber="2" system="0">/home/user/personal</volume>
	</favorites>
</TrueCrypt>
You would, of course, substitute the mount points and the encrypted volume identifiers to suit your own system, and make sure that the mount points exist. This does mean that you can mount all the defined truecrypt volumes with a single command.
That is correct if the favorites are non-system volumes. Let me make explain the context so that czezz may understand better. I'll add my own "Favorite Volumes.xml" as a comparison:

Code:
<?xml version="1.0" encoding="utf-8"?>
<TrueCrypt>
	<favorites>
		<volume mountpoint="/windows/System" readonly="0" slotnumber="1" system="1">/dev/sdc1</volume>
		<volume mountpoint="/windows/AJC-Music" readonly="0" slotnumber="2" system="0">/dev/sdd1</volume>
		<volume mountpoint="/windows/Movies" readonly="0" slotnumber="3" system="0">/dev/sdb1</volume>
		<volume mountpoint="/windows/Video" readonly="0" slotnumber="4" system="0">/dev/sda1</volume>
	</favorites>
</TrueCrypt>
The mountpoint parameter is fairly clear. Understand that the mountpoint must already exist in your file-system. For "readonly" zero is "no" and one is "yes". slotnumber is the numbered order of the favorite, not really important unless you only want to mount only favorites number 1 and 3, or something similar. For "system" one is "yes" and zero is "no". in your case, you would choose 1.
If you only have the one volume to mount, then the only advantage of using favorites would be to shorten the command, as the mountpoint, readonly status, system status, and device name would already be recorded. the command would simply be "truecrypt --mount=favorites" You will be prompted for the drive password and then the su "sudo" password.
I see no command line commands for creating favorites. I assume that you would only create the file "/home/"your user name"/.TrueCrypt/Favorite Volumes.xml" and edit to your needs.
I would discourage you from using the -p switch in the command line for security reasons. Here is a quote from the trucrypt help file:

Quote:
-p, --password=PASSWORD
Use specified password to mount/open a volume. An empty password can also be
specified (-p ""). Note that passing a password on the command line is
potentially insecure as the password may be visible in the process list
(see ps(1)) and/or stored in a command history file or system logs.
 
Old 11-27-2012, 03:10 AM   #9
risingstar1
LQ Newbie
 
Registered: Nov 2012
Posts: 5

Rep: Reputation: Disabled
Hey,

i followed your discussion here since i face similar problems... mine are, however, a bit more complicated.

1. Win 7 with pre-boot auth installed on drive
2. wanted to check out opensuse - so I freed some space on the drive and installed it - with special focus on HOW to install... that is, not overwriting the Truecrypt MBR. I did this with fedora once and it worked... so i didnt really back up the Truecrypt rescue disk, since i expected it to work just fine.
3. When done installing, i was astonished that opensuse seemingly put grub into MBR.
4. The end of it? cant boot windows anymore!

OK i thought - theres gotto be a way to MOUNT the drive in linux... the passwored i still know.
5. So i installed all necessary packets in order for me to use realcrypt to mount the drive, copy the truecrypt rescue disk, boot from it, restore MBR and be fine again.
6. Tried mounting from both terminal AND Gui... didnt work.. why?
7. im from germany - and my password contained a letter, which as i found out, is NON-ASCII, in this case . I didnt suppose this would be of any problem, since i can use the virtual keyboard to type it.. HOWEVER
8. Even though im sure it is the right password, and i mean 100 percent sure! the drive wont mount with realcrypt giving me the -your password is wrong-

Honestly... i dont know what to do anymore.

serisouly... why doesnt the password work?
And = i explicitly told opensuse to start mbr from ITS OWN PARTITION - not overwriting anything..

hopefully, i am overseeing something...


id really appreciate if anyone could help me out here..



thanks!
 
Old 11-27-2012, 04:18 AM   #10
Roken
Member
 
Registered: Oct 2011
Location: Bolton, UK
Distribution: Arch local, Debian on VPS
Posts: 252

Rep: Reputation: 40
I can't be certain of this since I've never used truecrypt with anything other than the standard ascii characters, and truecrypt itself is known not to support any other characters, but if you have successfully mounted the volume before, check whether or not you also used a keyfile and are you using the same keyfile now (or trying to use one that you shouldn't).
 
Old 11-27-2012, 04:25 AM   #11
risingstar1
LQ Newbie
 
Registered: Nov 2012
Posts: 5

Rep: Reputation: Disabled
Like i said - its a system partition which is fully encrypted. Theres no keyfile here - only one single password.


cheers
 
Old 11-28-2012, 09:56 AM   #12
purevw
Member
 
Registered: Jan 2007
Location: Texas
Distribution: OpenSuSE 13, Kernel 3.13.3
Posts: 90

Rep: Reputation: 45
I am not familiar with realcrypt. You may have to specify that you are using pre-boot authentication when trying to mount. Is there a reason that you are not using Truecrypt for Linux?

I use Truecrypt in Linux and have no problems booting in to Win 8 with system encryption, using a cascading encryption setup. I run OpenSuSE 12.2. If I remember correctly, I was given a warning about Truecrypt requiring a US keyboard layout while I was setting up my encryption. If you are able to use your current password to boot into Windows at boot, then your problem is more likely keyboard mapping while in Linux. I'm not sure if a virtual keyboard would work. It might be possible to set up some kind of a "hot key" for your beta character, rather than use the virtual board. That is only a guess.

I typically install Linux while the Win drive is unencrypted, then encrypt it afterward. That way, if there's a problem, things are easier to control. Just to be clear, are you saying that you don't have your Truecrypt rescue disc, and the iso used for making it is on your encrypted drive? No backups on a different disc or computer?

When you encrypted with Truecrypt, did you encrypt the entire boot drive, or just encrypt the windows partition as a system partition? It may make a difference.

In opensuse, did you use grub2 or grub during the install? Using original grub in the "system>bootloader" section in yast, you would go to "bootloader installation" and choose "boot from root partition". Then click on "bootloader options" and make sure that "write generic code to mbr" in not checked. It is checked by default, if I remember correctly. Actually, nothing in that window should be checked. The same options may also be true for grub2, but I have not had much luck with grub2 and always stick to the original grub. I have 3 different computers set up that way. If you want to boot into Linux, you can hit the escape key and Truecrypt will search for other bootable partitions on that drive and give you a list. With Win 8, their rescue partition also shows up as a boot option. It only gives a list as partition 1 and partition 2. You are not given any description of what each partition is.

In the Truecrypt gui in Linux, there is an option for "mount disc with pre-boot authentication". If it is not checked, I don't think the drive can be successfully mounted. I have 4 ntfs hard drives in my Truecrypt favorites on my main computer, and mount all 4 with just the one single password entry. At the bottom of the "options" part of the true crypt mounting window (for first time mounting of a drive), there is an entry for the mount path of the drive. My Windows partition is set up as /windows/system. I believe the mount folder has to exist before any attempt to mount, so I create it before setting up a mount point for the first time.

Last edited by purevw; 11-28-2012 at 09:58 AM. Reason: typo
 
Old 12-07-2012, 07:06 AM   #13
risingstar1
LQ Newbie
 
Registered: Nov 2012
Posts: 5

Rep: Reputation: Disabled
Realcrypt=Truecrypt - its the same thing!
I specified pre-boot auth, nevertheless password didnt work.
I run openSuse 12.2, too.
I'm a 100% sure the password i typed is CORRECT - the problem has to lie somewhere else..
I'm not really sure about the extend to which i encrypted... but as far as i remember, its the whole drive, including boot.

Awkward thing is: When i boot into opensuse, i still can choose to boot from Windows (that is sda1 (its 100MB System reserved, as i guess, it has to be where to bootloader is located) - but when i choose, it doesnt boot due to damages bootloader (which is feasible, since the truecrypt bootloader isnt known to windows).
Thats also the reason why i try to mount sda2 (the encrypted partition with 87GB).


Sorry for the logical break... but as it seems, it really is the keyboard problem...
i used the german keyboard to type the password. didnt work.

Realcrypt tells me
Quote:
Note that pre-boot authentication passwords need to be typed in the pre-boot environment where non-US keyboard layouts are not available. Therefore, pre-boot authentication passwords must always be typed using the standard US keyboard layout (otherwise, the password will be typed incorrectly in most cases). However, note that you do NOT need a real US keyboard; you just need to change the keyboard layout in your operating system

What can i infere here?
When i DO change the keyboard to US layout, i wont be able to type beta...

how to procede?


Edit
Quote:
Warning: Password contains non-ASCII characters. This may cause the volume to be impossible to mount when your system configuration changes.

You should replace all non-ASCII characters in the password with ASCII characters. To do so, click 'Volumes' -> 'Change Volume Password'.
Does this mean, there is no beta character on us keyboard and i wont be able to mount that drive ever again?
When i encrypted, i could type the key / why isnt it possible now?

Is there maybe another way to mount it? Using windows eg?



thanks for your help until here!

Quote:
Originally Posted by purevw View Post
I am not familiar with realcrypt. You may have to specify that you are using pre-boot authentication when trying to mount. Is there a reason that you are not using Truecrypt for Linux?

I use Truecrypt in Linux and have no problems booting in to Win 8 with system encryption, using a cascading encryption setup. I run OpenSuSE 12.2. If I remember correctly, I was given a warning about Truecrypt requiring a US keyboard layout while I was setting up my encryption. If you are able to use your current password to boot into Windows at boot, then your problem is more likely keyboard mapping while in Linux. I'm not sure if a virtual keyboard would work. It might be possible to set up some kind of a "hot key" for your beta character, rather than use the virtual board. That is only a guess.

I typically install Linux while the Win drive is unencrypted, then encrypt it afterward. That way, if there's a problem, things are easier to control. Just to be clear, are you saying that you don't have your Truecrypt rescue disc, and the iso used for making it is on your encrypted drive? No backups on a different disc or computer?

When you encrypted with Truecrypt, did you encrypt the entire boot drive, or just encrypt the windows partition as a system partition? It may make a difference.

In opensuse, did you use grub2 or grub during the install? Using original grub in the "system>bootloader" section in yast, you would go to "bootloader installation" and choose "boot from root partition". Then click on "bootloader options" and make sure that "write generic code to mbr" in not checked. It is checked by default, if I remember correctly. Actually, nothing in that window should be checked. The same options may also be true for grub2, but I have not had much luck with grub2 and always stick to the original grub. I have 3 different computers set up that way. If you want to boot into Linux, you can hit the escape key and Truecrypt will search for other bootable partitions on that drive and give you a list. With Win 8, their rescue partition also shows up as a boot option. It only gives a list as partition 1 and partition 2. You are not given any description of what each partition is.

In the Truecrypt gui in Linux, there is an option for "mount disc with pre-boot authentication". If it is not checked, I don't think the drive can be successfully mounted. I have 4 ntfs hard drives in my Truecrypt favorites on my main computer, and mount all 4 with just the one single password entry. At the bottom of the "options" part of the true crypt mounting window (for first time mounting of a drive), there is an entry for the mount path of the drive. My Windows partition is set up as /windows/system. I believe the mount folder has to exist before any attempt to mount, so I create it before setting up a mount point for the first time.

Last edited by risingstar1; 12-07-2012 at 07:19 AM.
 
Old 12-07-2012, 11:23 AM   #14
purevw
Member
 
Registered: Jan 2007
Location: Texas
Distribution: OpenSuSE 13, Kernel 3.13.3
Posts: 90

Rep: Reputation: 45
It can't hurt to try mounting it with a Windows computer with Truecrypt installed, if there is one available. But since grub or grub2 was apparently allowed to write generic info to the mbr (assumption), I imagine that the damage is done, and the only way to recover would be to use the recovery disc to restore the truecrypt bootloader and / or the volume headers. Your Truecrypt password info may have been destroyed or corrupted when the mbr was modified, which may explain why you were able to use the beta character before, but not now. Truecrypt forces you to burn a recovery CD when you encrypt a system partition or system disc before the encryption is started. That disc would have saved all these headaches. The Truecrypt recovery disc is used often, since even a few Windows programs (such as DRM enabled programs) can cause similar boot-sector / mbr damage and require a rescue. It should always be kept in a safe place because you will without any doubt, need it again.

The only other advice I might give is that if you are unable to mount the drive with a Windows computer running Truecrypt, I would install real Truecrypt for Linux so that you can try to get assistance from the Truecrypt forums. Truecrypt won't provide support for realcrypt, even though most of the code comes from them. They may have more helpful ideas. I looked at the realcrypt info site and it seems that help is limited, other than filing bugs.

Wish I could have been more help.
 
Old 12-09-2012, 04:18 AM   #15
risingstar1
LQ Newbie
 
Registered: Nov 2012
Posts: 5

Rep: Reputation: Disabled
Just to get it right: I need the intact truecrypt MBR to mount the drive, even though i mount it from linux/windows?
Need to clarify here: When i mount, i try mounting ONLY the encrypted drive, that is sda2. The MBR, however, should be on sda1 with its 100mb system reserved, shouldnt it?!

cheers


Quote:
Originally Posted by purevw View Post
It can't hurt to try mounting it with a Windows computer with Truecrypt installed, if there is one available. But since grub or grub2 was apparently allowed to write generic info to the mbr (assumption), I imagine that the damage is done, and the only way to recover would be to use the recovery disc to restore the truecrypt bootloader and / or the volume headers. Your Truecrypt password info may have been destroyed or corrupted when the mbr was modified, which may explain why you were able to use the beta character before, but not now. Truecrypt forces you to burn a recovery CD when you encrypt a system partition or system disc before the encryption is started. That disc would have saved all these headaches. The Truecrypt recovery disc is used often, since even a few Windows programs (such as DRM enabled programs) can cause similar boot-sector / mbr damage and require a rescue. It should always be kept in a safe place because you will without any doubt, need it again.

The only other advice I might give is that if you are unable to mount the drive with a Windows computer running Truecrypt, I would install real Truecrypt for Linux so that you can try to get assistance from the Truecrypt forums. Truecrypt won't provide support for realcrypt, even though most of the code comes from them. They may have more helpful ideas. I looked at the realcrypt info site and it seems that help is limited, other than filing bugs.

Wish I could have been more help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
truecrypt --mount-options linuxeatsbabies Linux - Software 1 04-25-2011 05:25 PM
[SOLVED] Automount Truecrypt, Truecrypt command lline OS Arch Linux yanfaun Linux - Software 5 09-26-2010 07:37 PM
Truecrypt has lost mount type - unable to mount elusive_night Linux - Software 3 08-18-2010 09:42 PM
Unable to mount truecrypt michalng Debian 1 10-29-2009 08:35 AM
[SOLVED] Can I configure TrueCrypt to mount certain volumes automatically whenever Linux start ler0nldb2 Linux - Newbie 1 09-13-2009 07:31 PM


All times are GMT -5. The time now is 09:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration