Quick howto on how to install truecrypt on the rapberry pi.
Get the source for Mac OS X/Linux from http://www.truecrypt.org/downloads2 (Update: https://www.grc.com/misc/truecrypt/truecrypt.htm) and copy the file to the pi:
pat@earth Downloads]$ scp TrueCrypt 7.1a Source.tar.gz pi@pi:/home/pi/
Connect to the pi and extract the archive:
pi@raspberrypi ~ $ tar xfv TrueCrypt 7.1a Source.tar.gz
Even without a GUI, you’ll need WxWidget. Download and extract:
pi@raspberrypi ~ $ wget http://prdownloads.sourceforge.net/wxwindows/wxWidgets-2.8.12.tar.gz
pi@raspberrypi ~ $ tar xfv wxWidgets-2.8.12.tar.gz
Install the fuse library:
pi@raspberrypi ~ $ sudo aptitude install libfuse-dev
Create a folder and download some needed header files:
pi@raspberrypi ~ $ mkdir ~/truecrypt-7.1a-source/pkcs
pi@raspberrypi ~ $ wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/*.h -P truecrypt-7.1a-source/pkcs/
Change to the truecrypt directory and compile WxWidgets (takes about 20 minutes):
pi@raspberrypi ~ $ cd truecrypt-7.1a-source/
pi@raspberrypi ~/truecrypt-7.1a-source $ export PKCS11_INC=/home/pi/truecrypt-7.1a-source/pkcs/
pi@raspberrypi ~/truecrypt-7.1a-source $ make NOGUI=1 WX_ROOT=/home/pi/wxWidgets-2.8.12 wxbuild
Now compile truecrypt (~ 40 minutes):
pi@raspberrypi ~/truecrypt-7.1a-source $ make NOGUI=1 WXSTATIC=1
Copy the binary into the bin directory:
pi@raspberrypi ~/truecrypt-7.1a-source $ sudo cp Main/truecrypt /usr/local/bin/
Mount your container:
pi@raspberrypi ~/truecrypt-7.1a-source $ truecrypt -t -k „“ –protect-hidden=no –mount /mnt/usb/crypt /mnt/truecrypt/ -m=nokernelcrypto
Cleanup:
pi@raspberrypi ~/truecrypt-7.1a-source $ cd ~
pi@raspberrypi ~ $ rm -r truecrypt-7.1a-source TrueCrypt 7.1a Source.tar.gz wxWidgets-2.8.12*
Edit: I uploaded the binary. If you don’t want to compile truecrypt yourself, feel free to use this one.
Edit 2: If you want to automatically mount the truecrypt container on startup and unmount on shutdown, take a look at this howto.
Great guide!
I tried to compile truecrypt with the latest WxWidgets (2.9.4) at first but got compile errors later in the truecrypt build process.
Is there to your knowledge any security risk of using the WxWidgets 2.8.12 version compared to 2.9.4?
You can’t create a truecrypt container in raspbian, though, unless you recompile and reinstall the kernel. There are too many kernel modules missing.
If you create it elsewhere you can mount it and use it as normal on a RPi.
I’m afraid I’m going to have to disagreee with you, Anonymous. You can create a truecrypt container, but it’s a bit convoluted:
$ truecrypt -m nokernelcrypto -c container
will build and encrypt the container, either from the command line or (if DISPLAY is set correctly) from the GUI. The option „-m nokernelcrypto“ tells truecrypt not to try to use the device mapper (which is absent from the RPi version of the debian kernel, as you point out) – it uses the loop device instead. Then the usual
$ truecrypt -m nokernelcrypto –mount container /mnt
mounts it.
Pingback: Raspberry pi truecrypt CZ
Hello,
I used your guide to cmpile and install truecrypt on my pi.
After, i try to mount my external drive which is encrypted.
I do truecrypt /dev/sda1 /media/usb
It mounts and i can see all my files.
But i cannot write anything. It is mounted read only.
How can i mount it with write permissions?
Thanks
Iam
Looks like you don’t have the needed rights to write then.
What does ls -la /media/usb tell you?
Thanks for responding.
I think it was a problem with the fact that it was an ntfs partition. I can see it now and it works perfectly.
Is there some way that i could automatically mount it on startup, and more importantly dismount it on reboot or shutdown? Especially dismounting is very important as truecrypt doesnt like to just be unplugged, but wants to be dismounted first…
Thanks once again for your time!!
Iam
Hey and sorry for the delay.
There is a post coming up about mounting and unmounting the truecrypt container on startup/shutdown.
I hope to finish it in the next days.
Update: Here it is: http://www.carrier-lost.org/blog/raspberry-pi-mount-and-unmount-truecrypt-on-startup-and-shutdown
entering this command
make NOGUI=1 WX_ROOT=/home/john-doe/wxWidgets-2.8.12 wxbuild
and getting ***No Ruleto make Target ‚wxbuild‘
any ideas pleas help
Hi Pat,
I’ve just finished setting up an open APT repository, right now it’s only serving the truecrypt package I created using your public binary. If anyone wants to try it out, these commands should work out of the box (at least it’s working on my raspbmc installation):
[ open an ssh session on raspbmc ]
sudo su –
curl http://apt.devsum.it/F67ED3A9.pub | apt-key add –
echo ‚deb http://apt.devsum.it/ wheezy main‘ > /etc/apt/sources.list.d/devsum.list
apt-get update && apt-get install truecrypt
Thanks for setting up the repository and letting me know.
I just have a small problem with it.
The md5 hashs from my binary and the one you are serving are not the same. Did you alter the file?
Hi Pat,
I think I’ve just changed the executable bit, but it should not change the md5 as far as I know. If you prefer you can send me the correct package (or a link to the right file so I can recreate the package, no prob). Should I add a link to the md5 on the package itself?
Just another note: I’ve added what I think are 2 required packages as dependencies too, without them the binary was complaining because of missing libraries
Hi,
thanks for your reply.
No, I think changing the executable bit should not change the md5. But I never setup a repo before, so I don’t know the standard way to do things. I just find it curious that the hash is different. here is a link to my compiled binary. About the missing libraries: I tried and wrote this how to on a fairly fresh installation AFAIK. Didn’t install anything else beside the listed packages.
I did the whole process one more time and… you’re totally right! I wasn’t aware of the fact, but seems that reprepro, the software I use to create the apt repo structure, is somehow changing the content of the package. At the beginning I thought it was related with the package signing, but I created it with no signing and the same happens, size of the executable is more than doubled. So far I have no clue, I don’t know the internals. It could be something due to the fact that I’m using a amd64 architecture to build the package, but it’s just guessing so far…
PS I don’t get any email notification when there’s an update here, maybe some wordpress configuration missing? Couldn’t find anything in my spam folder
You CAN make a truecrypt container on Rasbian Pi Wheezy. Issue is just creating the filesystem in the final step.
So here is an example which WORKS
dd if=/dev/random of=random bs=512 count=1
truecrypt -m=nokernelcrypto -c MYFILE –filesystem=ext3 \
–size=4928307200 –encryption=Twofish -p MYPASSWORD –random-source=random \
–hash=RIPEMD-160 –volume-type=normal
change MYFILE to the fully qualified file of the container to create. I chosen a ext3 container but at this point it is irrelevant as you have to make it later anyway. This is a 5GB-ish file, change to the size you want. Benchmarks indicate Twofish and RIPEMD-160 are fastest. I make a random file to begin then create.
This appear to work no errors but you’ll find it has failed in making the filesystem so then you have to do this command
truecrypt -t –protect-hidden=no –filesystem=none -m=nokernelcrypto MYFILE
again changing MYFILE to match the earlier command. This will create a /dev/loop0 which isn’t actually formatted. Then
sudo mkfs.ext3 /dev/loop0
This actually formats the container.
Then (might not be needed but I did it anyway) to be sure all truecrypts are closed
truecrypt -d
Then finally the command you can use repeatedly thereafter and it works to mount correctly
truecrypt -t –protect-hidden=no -m=nokernelcrypto /home/nigel/usb/nigel-new
(again changing MYFILE)
This last command works, mounts fine, on my system:
df -TH
produces
/dev/loop0 ext3 4.8G 9.8M 4.5G 1% /media/truecrypt1
Note the use of „-m=nokernelcrypto “ option.
Please update the link for the source to this:
https://www.grc.com/misc/truecrypt/truecrypt.htm