mount truecrypt partition under Linux
 

I have encrypted system partition of a WinXP.
Then I attached that disk (with WinXP) to my Linux Box.

Under linux I can find /dev/sda1 in /proc/partitions which is my encrypted disk with WinXP.
I am tring to mount this partition but every time I try, I got this error/msg
NOTE: Im 100% sure that I enter the right passwd.

Does anyone know what Im doing wrong ?
Please note: I have only cli. No GUI.

Assuming that your /dev/sda1 is a Windows system partition, try this: truecrypt --mount-options=system /dev/sda1 /mnt/backup
You should be prompted for the drive password followed by your su password.
That is assuming that "/mnt/backup is a valid directory that is already created. I have my Windows drives set up as /windows/System and so on.
To dismount all volumes that are mounted, simply: truecrypt --dismount or you can specify which individual volume to dismount.
The file-system option should not be needed as default is "automatic"
If all else fails, run truecrypt --help for a complete list of commands and options.

You can embed the truecrypt drives password in the mount command with -p:

You will still need to enter your sudo password when requested.

Just a note. If you choose to set up your Windows system drive as a favorite, you will need to make sure and give it the "system" designation when you set it up. If you have multiple drives to mount, using favorites is by far the simplest way to go, once it is set up correctly.

@purevw: thanks, it works. I have added "--filesystem=ntfs-3g", so with this I am able to mount it with "rw" access.
@Roken: can you please explain me more what "favorites" is ? I dont quite understand syntax of your command. There is no indication which device should be mounted.

You can add mounted volumes to favorites in truecrypt, which means that you can mount them in future just by specifying favorites rather than the separate volumes. For example, I have two truecrypt volumes, one being my work partition containing sensitive client data, and the other being a virtual truecrypt volume containing sensitive personal data. Now, I couldn't find a way to add favorite volumes via the command line, but creating ~/.Truecrypt/Favorite\ Volumes.xml should work:

You would, of course, substitute the mount points and the encrypted volume identifiers to suit your own system, and make sure that the mount points exist. This does mean that you can mount all the defined truecrypt volumes with a single command.

I have full rw access on all my Windows volumes without adding the ntfs spec. Perhaps it is required with command line only? I use the GUI.

That is correct if the favorites are non-system volumes. Let me make explain the context so that czezz may understand better. I'll add my own "Favorite Volumes.xml" as a comparison:

The mountpoint parameter is fairly clear. Understand that the mountpoint must already exist in your file-system. For "readonly" zero is "no" and one is "yes". slotnumber is the numbered order of the favorite, not really important unless you only want to mount only favorites number 1 and 3, or something similar. For "system" one is "yes" and zero is "no". in your case, you would choose 1.
If you only have the one volume to mount, then the only advantage of using favorites would be to shorten the command, as the mountpoint, readonly status, system status, and device name would already be recorded. the command would simply be "truecrypt --mount=favorites" You will be prompted for the drive password and then the su "sudo" password.
I see no command line commands for creating favorites. I assume that you would only create the file "/home/"your user name"/.TrueCrypt/Favorite Volumes.xml" and edit to your needs.
I would discourage you from using the -p switch in the command line for security reasons. Here is a quote from the trucrypt help file:

Hey,

i followed your discussion here since i face similar problems... mine are, however, a bit more complicated.

1. Win 7 with pre-boot auth installed on drive
2. wanted to check out opensuse - so I freed some space on the drive and installed it - with special focus on HOW to install... that is, not overwriting the Truecrypt MBR. I did this with fedora once and it worked... so i didnt really back up the Truecrypt rescue disk, since i expected it to work just fine.
3. When done installing, i was astonished that opensuse seemingly put grub into MBR.
4. The end of it? cant boot windows anymore!

OK i thought - theres gotto be a way to MOUNT the drive in linux... the passwored i still know.
5. So i installed all necessary packets in order for me to use realcrypt to mount the drive, copy the truecrypt rescue disk, boot from it, restore MBR and be fine again.
6. Tried mounting from both terminal AND Gui... didnt work.. why?
7. im from germany - and my password contained a letter, which as i found out, is NON-ASCII, in this case ß. I didnt suppose this would be of any problem, since i can use the virtual keyboard to type it.. HOWEVER
8. Even though im sure it is the right password, and i mean 100 percent sure! the drive wont mount with realcrypt giving me the -your password is wrong-

Honestly... i dont know what to do anymore.

serisouly... why doesnt the password work?
And = i explicitly told opensuse to start mbr from ITS OWN PARTITION - not overwriting anything..

hopefully, i am overseeing something...


id really appreciate if anyone could help me out here..



thanks!

I can't be certain of this since I've never used truecrypt with anything other than the standard ascii characters, and truecrypt itself is known not to support any other characters, but if you have successfully mounted the volume before, check whether or not you also used a keyfile and are you using the same keyfile now (or trying to use one that you shouldn't).

Like i said - its a system partition which is fully encrypted. Theres no keyfile here - only one single password.


cheers

I am not familiar with realcrypt. You may have to specify that you are using pre-boot authentication when trying to mount. Is there a reason that you are not using Truecrypt for Linux?

I use Truecrypt in Linux and have no problems booting in to Win 8 with system encryption, using a cascading encryption setup. I run OpenSuSE 12.2. If I remember correctly, I was given a warning about Truecrypt requiring a US keyboard layout while I was setting up my encryption. If you are able to use your current password to boot into Windows at boot, then your problem is more likely keyboard mapping while in Linux. I'm not sure if a virtual keyboard would work. It might be possible to set up some kind of a "hot key" for your beta character, rather than use the virtual board. That is only a guess.

I typically install Linux while the Win drive is unencrypted, then encrypt it afterward. That way, if there's a problem, things are easier to control. Just to be clear, are you saying that you don't have your Truecrypt rescue disc, and the iso used for making it is on your encrypted drive? No backups on a different disc or computer?

When you encrypted with Truecrypt, did you encrypt the entire boot drive, or just encrypt the windows partition as a system partition? It may make a difference.

In opensuse, did you use grub2 or grub during the install? Using original grub in the "system>bootloader" section in yast, you would go to "bootloader installation" and choose "boot from root partition". Then click on "bootloader options" and make sure that "write generic code to mbr" in not checked. It is checked by default, if I remember correctly. Actually, nothing in that window should be checked. The same options may also be true for grub2, but I have not had much luck with grub2 and always stick to the original grub. I have 3 different computers set up that way. If you want to boot into Linux, you can hit the escape key and Truecrypt will search for other bootable partitions on that drive and give you a list. With Win 8, their rescue partition also shows up as a boot option. It only gives a list as partition 1 and partition 2. You are not given any description of what each partition is.

In the Truecrypt gui in Linux, there is an option for "mount disc with pre-boot authentication". If it is not checked, I don't think the drive can be successfully mounted. I have 4 ntfs hard drives in my Truecrypt favorites on my main computer, and mount all 4 with just the one single password entry. At the bottom of the "options" part of the true crypt mounting window (for first time mounting of a drive), there is an entry for the mount path of the drive. My Windows partition is set up as /windows/system. I believe the mount folder has to exist before any attempt to mount, so I create it before setting up a mount point for the first time.

Realcrypt=Truecrypt - its the same thing!
I specified pre-boot auth, nevertheless password didnt work.
I run openSuse 12.2, too.
I'm a 100% sure the password i typed is CORRECT - the problem has to lie somewhere else..
I'm not really sure about the extend to which i encrypted... but as far as i remember, its the whole drive, including boot.

Awkward thing is: When i boot into opensuse, i still can choose to boot from Windows (that is sda1 (its 100MB System reserved, as i guess, it has to be where to bootloader is located) - but when i choose, it doesnt boot due to damages bootloader (which is feasible, since the truecrypt bootloader isnt known to windows).
Thats also the reason why i try to mount sda2 (the encrypted partition with 87GB).


Sorry for the logical break... but as it seems, it really is the keyboard problem...
i used the german keyboard to type the password. didnt work.

Realcrypt tells me

What can i infere here?
When i DO change the keyboard to US layout, i wont be able to type beta...

how to procede?


Edit
Does this mean, there is no beta character on us keyboard and i wont be able to mount that drive ever again?
When i encrypted, i could type the key / why isnt it possible now?

Is there maybe another way to mount it? Using windows eg?



thanks for your help until here!

It can't hurt to try mounting it with a Windows computer with Truecrypt installed, if there is one available. But since grub or grub2 was apparently allowed to write generic info to the mbr (assumption), I imagine that the damage is done, and the only way to recover would be to use the recovery disc to restore the truecrypt bootloader and / or the volume headers. Your Truecrypt password info may have been destroyed or corrupted when the mbr was modified, which may explain why you were able to use the beta character before, but not now. Truecrypt forces you to burn a recovery CD when you encrypt a system partition or system disc before the encryption is started. That disc would have saved all these headaches. The Truecrypt recovery disc is used often, since even a few Windows programs (such as DRM enabled programs) can cause similar boot-sector / mbr damage and require a rescue. It should always be kept in a safe place because you will without any doubt, need it again.

The only other advice I might give is that if you are unable to mount the drive with a Windows computer running Truecrypt, I would install real Truecrypt for Linux so that you can try to get assistance from the Truecrypt forums. Truecrypt won't provide support for realcrypt, even though most of the code comes from them. They may have more helpful ideas. I looked at the realcrypt info site and it seems that help is limited, other than filing bugs.

Wish I could have been more help.

Just to get it right: I need the intact truecrypt MBR to mount the drive, even though i mount it from linux/windows?
Need to clarify here: When i mount, i try mounting ONLY the encrypted drive, that is sda2. The MBR, however, should be on sda1 with its 100mb system reserved, shouldnt it?!

cheers