Raspberry Pi: Truecrypt on Raspbian

Quick howto on how to install truecrypt on the rapberry pi.

Get the source for Mac OS X/Linux from http://www.truecrypt.org/downloads2 (Update: https://www.grc.com/misc/truecrypt/truecrypt.htm) and copy the file to the pi:

pat@earth Downloads]$ scp TrueCrypt 7.1a Source.tar.gz pi@pi:/home/pi/

Connect to the pi and extract the archive:

pi@raspberrypi ~ $ tar xfv TrueCrypt 7.1a Source.tar.gz

Even without a GUI, you’ll need WxWidget. Download and extract:

pi@raspberrypi ~ $ wget http://prdownloads.sourceforge.net/wxwindows/wxWidgets-2.8.12.tar.gz
pi@raspberrypi ~ $ tar xfv wxWidgets-2.8.12.tar.gz

Install the fuse library:

pi@raspberrypi ~ $ sudo aptitude install libfuse-dev

Create a folder and download some needed header files:

pi@raspberrypi ~ $ mkdir ~/truecrypt-7.1a-source/pkcs
pi@raspberrypi ~ $ wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/*.h -P truecrypt-7.1a-source/pkcs/

Change to the truecrypt directory and compile WxWidgets (takes about 20 minutes):

pi@raspberrypi ~ $ cd truecrypt-7.1a-source/
pi@raspberrypi ~/truecrypt-7.1a-source $ export PKCS11_INC=/home/pi/truecrypt-7.1a-source/pkcs/
pi@raspberrypi ~/truecrypt-7.1a-source $ make NOGUI=1 WX_ROOT=/home/pi/wxWidgets-2.8.12 wxbuild

Now compile truecrypt (~ 40 minutes):

pi@raspberrypi ~/truecrypt-7.1a-source $ make NOGUI=1 WXSTATIC=1

Copy the binary into the bin directory:

pi@raspberrypi ~/truecrypt-7.1a-source $ sudo cp Main/truecrypt /usr/local/bin/

Mount your container:

pi@raspberrypi ~/truecrypt-7.1a-source $ truecrypt -t -k „“ –protect-hidden=no –mount /mnt/usb/crypt /mnt/truecrypt/ -m=nokernelcrypto

Cleanup:

pi@raspberrypi ~/truecrypt-7.1a-source $ cd ~
pi@raspberrypi ~ $ rm -r truecrypt-7.1a-source TrueCrypt 7.1a Source.tar.gz wxWidgets-2.8.12*

Edit: I uploaded the binary. If you don’t want to compile truecrypt yourself, feel free to use this one.

Edit 2: If you want to automatically mount the truecrypt container on startup and unmount on shutdown, take a look at this howto.

16 Gedanken zu „Raspberry Pi: Truecrypt on Raspbian

  1. Erik

    Great guide!
    I tried to compile truecrypt with the latest WxWidgets (2.9.4) at first but got compile errors later in the truecrypt build process.

    Is there to your knowledge any security risk of using the WxWidgets 2.8.12 version compared to 2.9.4?

    Antworten
  2. Anonymous

    You can’t create a truecrypt container in raspbian, though, unless you recompile and reinstall the kernel. There are too many kernel modules missing.

    If you create it elsewhere you can mount it and use it as normal on a RPi.

    Antworten
    1. Wocky

      I’m afraid I’m going to have to disagreee with you, Anonymous. You can create a truecrypt container, but it’s a bit convoluted:

      $ truecrypt -m nokernelcrypto -c container

      will build and encrypt the container, either from the command line or (if DISPLAY is set correctly) from the GUI. The option „-m nokernelcrypto“ tells truecrypt not to try to use the device mapper (which is absent from the RPi version of the debian kernel, as you point out) – it uses the loop device instead. Then the usual

      $ truecrypt -m nokernelcrypto –mount container /mnt

      mounts it.

      Antworten
  3. Pingback: Raspberry pi truecrypt CZ

  4. Iam

    Hello,

    I used your guide to cmpile and install truecrypt on my pi.

    After, i try to mount my external drive which is encrypted.

    I do truecrypt /dev/sda1 /media/usb

    It mounts and i can see all my files.
    But i cannot write anything. It is mounted read only.

    How can i mount it with write permissions?

    Thanks

    Iam

    Antworten
  5. Iam

    Thanks for responding.

    I think it was a problem with the fact that it was an ntfs partition. I can see it now and it works perfectly.

    Is there some way that i could automatically mount it on startup, and more importantly dismount it on reboot or shutdown? Especially dismounting is very important as truecrypt doesnt like to just be unplugged, but wants to be dismounted first…

    Thanks once again for your time!!

    Iam

    Antworten
  6. Alan John Irvine

    entering this command

    make NOGUI=1 WX_ROOT=/home/john-doe/wxWidgets-2.8.12 wxbuild

    and getting ***No Ruleto make Target ‚wxbuild‘

    any ideas pleas help

    Antworten
  7. Alexander Fortin

    Hi Pat,
    I’ve just finished setting up an open APT repository, right now it’s only serving the truecrypt package I created using your public binary. If anyone wants to try it out, these commands should work out of the box (at least it’s working on my raspbmc installation):

    [ open an ssh session on raspbmc ]
    sudo su –
    curl http://apt.devsum.it/F67ED3A9.pub | apt-key add –
    echo ‚deb http://apt.devsum.it/ wheezy main‘ > /etc/apt/sources.list.d/devsum.list
    apt-get update && apt-get install truecrypt

    Antworten
    1. pat Artikelautor

      Thanks for setting up the repository and letting me know.
      I just have a small problem with it.
      The md5 hashs from my binary and the one you are serving are not the same. Did you alter the file?

      Antworten
      1. Alexander Fortin

        Hi Pat,
        I think I’ve just changed the executable bit, but it should not change the md5 as far as I know. If you prefer you can send me the correct package (or a link to the right file so I can recreate the package, no prob). Should I add a link to the md5 on the package itself?

        Just another note: I’ve added what I think are 2 required packages as dependencies too, without them the binary was complaining because of missing libraries

        Antworten
        1. pat Artikelautor

          Hi,

          thanks for your reply.
          No, I think changing the executable bit should not change the md5. But I never setup a repo before, so I don’t know the standard way to do things. I just find it curious that the hash is different. here is a link to my compiled binary. About the missing libraries: I tried and wrote this how to on a fairly fresh installation AFAIK. Didn’t install anything else beside the listed packages.

          Antworten
  8. Alexander Fortin

    I did the whole process one more time and… you’re totally right! I wasn’t aware of the fact, but seems that reprepro, the software I use to create the apt repo structure, is somehow changing the content of the package. At the beginning I thought it was related with the package signing, but I created it with no signing and the same happens, size of the executable is more than doubled. So far I have no clue, I don’t know the internals. It could be something due to the fact that I’m using a amd64 architecture to build the package, but it’s just guessing so far…

    PS I don’t get any email notification when there’s an update here, maybe some wordpress configuration missing? Couldn’t find anything in my spam folder

    Antworten
  9. Nigel

    You CAN make a truecrypt container on Rasbian Pi Wheezy. Issue is just creating the filesystem in the final step.

    So here is an example which WORKS
    dd if=/dev/random of=random bs=512 count=1
    truecrypt -m=nokernelcrypto -c MYFILE –filesystem=ext3 \
    –size=4928307200 –encryption=Twofish -p MYPASSWORD –random-source=random \
    –hash=RIPEMD-160 –volume-type=normal

    change MYFILE to the fully qualified file of the container to create. I chosen a ext3 container but at this point it is irrelevant as you have to make it later anyway. This is a 5GB-ish file, change to the size you want. Benchmarks indicate Twofish and RIPEMD-160 are fastest. I make a random file to begin then create.

    This appear to work no errors but you’ll find it has failed in making the filesystem so then you have to do this command

    truecrypt -t –protect-hidden=no –filesystem=none -m=nokernelcrypto MYFILE

    again changing MYFILE to match the earlier command. This will create a /dev/loop0 which isn’t actually formatted. Then

    sudo mkfs.ext3 /dev/loop0

    This actually formats the container.

    Then (might not be needed but I did it anyway) to be sure all truecrypts are closed

    truecrypt -d

    Then finally the command you can use repeatedly thereafter and it works to mount correctly

    truecrypt -t –protect-hidden=no -m=nokernelcrypto /home/nigel/usb/nigel-new

    (again changing MYFILE)

    This last command works, mounts fine, on my system:

    df -TH

    produces

    /dev/loop0 ext3 4.8G 9.8M 4.5G 1% /media/truecrypt1

    Note the use of „-m=nokernelcrypto “ option.

    Antworten

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *