Create an encrypted filestore accessible from any operating system

Tip 250, on page 289, explains how to encrypt individual files under Ubuntu but if you spend time on many different computers and operating systems, it might be worth creating an encrypted file store that you can copy to, say, a USB stick and carry around with you. An encrypted file store is a single file that is then mounted by the system and accessed as a virtual disk drive. When you've finished, you unmount it, thus "locking" the store so that nobody can access it without typing the password. 23

TrueCrypt is open source software and runs on Ubuntu, Windows and Mac OS X. It's extremely easy to use, and it's very simple to create as many encrypted filestores as you need.

Installing TrueCrypt

Start by downloading TrueCrypt from http://www.truecrypt.com. Select the Ubuntu x86 .deb release. You might also choose to download the versions for any other operating systems you'd like to use your new filestore under.

At the time of writing, the Ubuntu release is supplied in a tar archive, which must be first uncompressed. Additionally a dependency package must be installed from the Ubuntu repositories. The following commands, to be typed into a terminal window, first install the dependency, then extract the TrueCrypt .deb file and, lastly, install it (these instructions assume the file was downloaded to the desktop):

$ sudo apt-get install dmsetup

$ tar zxf ~/Desktop/truecrypt-6.0a-ubuntu-x86.tar.gz $ sudo dpkg -i truecrypt-6.0a/truecrypt_6.0a-0_i386.deb

23. It's possible to create a so-called 'traveller' version of a TrueCrypt filestore, that means the computer you attach the USB memory stick to doesn't need to have TrueCrypt installed. For more information, see http://www.truecrypt.org/docs/?s=traveler-mode. Of course, another method of doing this is to simply carry around the installation file for TrueCrypt on the same USB memory stick, so you can install it where you need to.

Report erratum

Obviously, you should replace the filename with that which you downloaded. It's likely the folder into the which the .deb file is extracted will also be different.

Creating an encrypted filestore

Once TrueCrypt is installed, you can start it by typing hitting Alt+F2 and typing truecrypt. The following instructions explain how to create an initial encrypted filestore:

1. The first step is to create your initial encrypted file, known as a volume. So click the Create Volume button. A wizard will appear. Ensure Create a file container is selected, and click Next. (Note that the second option, Create a volume within a partition/device, might seem to suit our needs better, but creating a container file allows the encrypted file store to be transferred easily from one USB key stick to another, if need be; thus it's the best choice here.)

2. Next, select the type of volume you wish to create. The default choice of Standard TrueCrypt volume is fine. You might want to investigate the Hidden TrueCrypt volume option at some point, but it has a specific purpose and adds some complications. When done, click Next.

3. In the Volume Location text field, enter where you want to create the encrypted filestore. If you plan to create it on your USB keystick, you should click Select File, click the Browse for other folders link, and then click its entry in the Places list on the left. Don't forget to type a filename in the Name text field in the file browsing dialog box one you've navigated to the mount point. Give the filename the extension .tc. This isn't essential but will enable you to doubleclick the filestore to open it in Windows and Mac OS X. Once done, click the Save button to close the file browsing dialog box, and click Next in the wizard to move to the next step.

4. You'll be invited to choose the encryption algorithm you want to use. As you select from the dropdown list, the description will change to show the pros and cons of each choice. AES is a good choice for most uses. You can also change the hash algorithm if you wish, but there shouldn't be any need to do this. Once done, click Next.

5. Now you'll be prompted to enter the size the archive. If you've selected a USB stick, you'll be told how much free space is avail-

Figure 3.27: Generating random data for TrueCrypt (see Tip 145, on page 188)

able. You can't enter fractions of a GB/MB, so to enter 1.9GB, for example, you would need to select MB from the dropdown list and type 1945 into the Volume Size text box (bearing in mind that there are 1024Mb in 1GB). Once done, click Next.

6. After clicking Next, you'll be invited to choose a password for the archive. As always, a good password involves both lower and upper case characters, and should be as long as you can make it while making it possible to remember. Avoid cliched phrases, or anything else that might be easily guessed. Click Next when done.

7. You'll now be asked to choose the filesystem for the filestore. FAT is the best choice because it's understood by Windows, Mac OS X and Ubuntu. Click Next when you've made your choice.

8. When you click Next, you'll move to the filestore creation screen. However, first you must create some random data for the encryption process. Strange as it might seem, this is done by waving the mouse pointer around within the TrueCrypt program window! So do this for a few seconds (see Figure 3.27 for an example taken from my test PC) and then click the Format button. Following this, the filestore will be created. This might take some time! once it's done, click Exit.

Create an encrypted filestore accessible from any operating system M 191

Accessing the filestore

Following creation of the filestore, you must mount it so it's accessible. Follow these steps to do so, and to configure your computer to do so in future:

1. Start TrueCrypt if it isn't already running, as described above, and, in the main TrueCrypt dialog box, select 1 , under the Slot heading.

2. Click the Select File button. Navigate to your new filestore using the file browsing dialog box and click the Open button. Back in the TrueCrypt window, click the Mount button. You'll immediately be prompted for its password, so type it. Then a dialog box will appear asking you to type your Ubuntu login password, because the mount procedure needs superuser powers. Following this a new icon should appear on your desktop offering access to the encrypted filestore, as if a new drive had been connected to the system. Double-clicking the icon will open a Nautilus window showing its contents and you can drag and drop files to it, just like any removable storage device. You can close the TrueCrypt program window.

3. Once you've finished using the filestore, open the TrueCrypt dialog box by clicking its notification area icon, select the mount in the list, and click the Dismount button. This will "lock" the filestore. Then, if the filestore is on a USB keystick, right-click it's desktop icon and select Unmount Volume. Note that the filestore will be automatically dismounted when you logout or shutdown, provided TrueCrypt is running (you'll know if this is the case because the notification area icon will be present).

4. One useful tip is that, when the filestore is mounted, click Favorites ^ Add Selected Volume in the TrueCrypt window. From then on, you can quickly mount the filestore by right-clicking the True-Crypt notification area icon and selecting Mount All Favorite Volumes.

5. To unlock a filestore when it's double-clicked, so that TrueCrypt hasn't got to be started manually each time, right-click a filestore file and click Properties. Then, in the dialog box that appears, select the Open With tab, and click the Add button. In the new dialog box that appears, click the Use a custom command fold-down, and in the text field type truecrypt %. Then click the Add button, and the Close button in the parent window. Note that this will only work if, as described above, you ensure all filestore files you create have the file extension .tc. To subsequently lock the filestore, you'll need to start TrueCrypt and use the Dismount button, as described above. Rebooting or shutting down the computer will also lock the filestore.

Was this article helpful?

0 0

Post a comment