Difference between revisions of "Tcplay"

From ArchWiki
Jump to: navigation, search
(Installation: remove unmigrated package)
 
(26 intermediate revisions by 15 users not shown)
Line 1: Line 1:
[[Category:Security]]
 
[[Category:File systems]]
 
[[de:tcplay]]
 
{{Article summary start}}
 
{{Article summary text|Setup and usage of tcplay.}}
 
{{Article summary heading|Related}}
 
{{Article summary wiki|Disk Encryption}}
 
{{Article summary wiki|TrueCrypt}}
 
{{Article summary end}}
 
 
{{DISPLAYTITLE:tcplay}}
 
{{DISPLAYTITLE:tcplay}}
'''tcplay''' is a free (BSD-licensed), pretty much fully featured (including
+
[[Category:Encryption]]
multiple keyfiles, cipher cascades, etc.) and stable TrueCrypt implementation.
+
[[Category:File systems]]
 +
[[ja:Tcplay]]
 +
{{Related articles start}}
 +
{{Related|Disk encryption}}
 +
{{Related|TrueCrypt}}
 +
{{Related|Tomb}}
 +
{{Related articles end}}
 +
''tcplay'' is a free, fully featured and stable TrueCrypt implementation including multiple keyfiles and cipher cascades.
  
 
Source: [https://github.com/bwalex/tc-play github project home]
 
Source: [https://github.com/bwalex/tc-play github project home]
  
 
== Installation ==
 
== Installation ==
Install {{Ic|tcplay-git}} from the AUR.
+
[[Install]] the {{Pkg|tcplay}} package.
  
 
== Encrypting a file as a virtual volume ==
 
== Encrypting a file as a virtual volume ==
Line 30: Line 28:
 
directory:
 
directory:
  
   # dd if=/dev/zero of=foo.tc bs=1 count=0 seek=20M
+
   # fallocate -l 20M foo.tc
 
   # losetup /dev/loop0 foo.tc
 
   # losetup /dev/loop0 foo.tc
 
   # tcplay -c -d /dev/loop0 -a whirlpool -b AES-256-XTS
 
   # tcplay -c -d /dev/loop0 -a whirlpool -b AES-256-XTS
Line 59: Line 57:
 
# Mount the container in the filesystem
 
# Mount the container in the filesystem
  
The following commands perform the given actions and reverse them.
+
The following commands perform the above actions.
  
 
   # losetup /dev/loop0 foo.tc
 
   # losetup /dev/loop0 foo.tc
 
   # tcplay -m foo.tc -d /dev/loop0
 
   # tcplay -m foo.tc -d /dev/loop0
   # mount -o nosuid,uid=1000,gid=100 /dev/mapper/foo.tc /home/you/truecrypt/
+
   # mount -o nodev,nosuid,uid=1000,gid=100 /dev/mapper/foo.tc /home/you/truecrypt/
 +
 
 +
Note, if the container uses ext4 or another filesystem that supports file ownership, the {{Ic|uid}} and {{Ic|gid}} parameters aren't needed and will not work. Therefore the third command would be simply:
 +
 
 +
  # mount -o nodev,nosuid /dev/mapper/foo.tc /home/you/truecrypt/
 +
 
 +
To reverse them:
  
 
   # umount /home/you/truecrypt/
 
   # umount /home/you/truecrypt/
Line 69: Line 73:
 
   # losetup -d /dev/loop0
 
   # losetup -d /dev/loop0
  
==Related links==
+
==Using tcplay-helper==
 +
 
 +
The {{AUR|tcplay-helper-git}} tool simplifies the process of creating, mounting and unmounting tc-play containers. The tool is still a work-in-progress, but should work fine for most users wanting to work with simple secure tc-play containers.
 +
 
 +
The following command creates a 3Mb container called foo.tc.
 +
 
 +
  # tcplay-helper create foo.tc 3M
 +
 
 +
To mount the container file we can either mount it as root with the following command. The container will be mounted under /mnt/truecrypt/
 +
 
 +
  # tcplay-helper open foo.tc
 +
 
 +
Alternatively, we can supply a username to mount the container as.
 +
 
 +
  # tcplay-helper open foo.tc archie
 +
 
 +
Finally, to close the container this command does the trick.
 +
 
 +
  # tcplay-helper close foo.tc
 +
 
 +
== See also ==
 +
 
 
* [http://leaf.dragonflybsd.org/cgi/web-man?command=tcplay&section=8 Manual page for tcplay]
 
* [http://leaf.dragonflybsd.org/cgi/web-man?command=tcplay&section=8 Manual page for tcplay]
 
* [http://jasonwryan.com/blog/2013/01/10/truecrypt/ Jason Ryan: Replacing TrueCrypt]
 
* [http://jasonwryan.com/blog/2013/01/10/truecrypt/ Jason Ryan: Replacing TrueCrypt]
 
* [http://www.truecrypt.org/ TrueCrypt Homepage]
 
* [http://www.truecrypt.org/ TrueCrypt Homepage]
* [http://en.gentoo-wiki.com/wiki/TrueCrypt HOWTO: Truecrypt Gentoo wiki]
+
* [http://www.gentoo-wiki.info/HOWTO_Truecrypt HOWTO: Truecrypt Gentoo wiki]
 
* [http://www.howtoforge.com/truecrypt_data_encryption Truecrypt Tutorial on HowToForge]
 
* [http://www.howtoforge.com/truecrypt_data_encryption Truecrypt Tutorial on HowToForge]
 
* [http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/ There is a good chance the CIA has a backdoor?] (via [https://secure.wikimedia.org/wikipedia/en/wiki/Truecrypt wp])
 
* [http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/ There is a good chance the CIA has a backdoor?] (via [https://secure.wikimedia.org/wikipedia/en/wiki/Truecrypt wp])
 +
* [https://github.com/Zyg0te/tcplay-helper tcplay-helper documentation]

Latest revision as of 06:17, 30 August 2016

Related articles

tcplay is a free, fully featured and stable TrueCrypt implementation including multiple keyfiles and cipher cascades.

Source: github project home

Installation

Install the tcplay package.

Encrypting a file as a virtual volume

Invoke

 $ losetup -f

to find the first unused loopback device; in this example, /dev/loop0.

Note: As of udev 181-5, the loop device module is no longer auto-loaded.

Create a new container foo.tc, 20M in size for instance, in the working directory:

 # fallocate -l 20M foo.tc
 # losetup /dev/loop0 foo.tc
 # tcplay -c -d /dev/loop0 -a whirlpool -b AES-256-XTS

Enter a secure password for the volume, and confirm the query to overwrite foo.tc with the new volume. tcplay will then write random data into the volume. Map the volume and create a filesystem on it in order to mount

 # tcplay -m foo.tc -d /dev/loop0
 # mkfs.ext4 /dev/mapper/foo.tc
 # mount /dev/mapper/foo.tc /mnt/truecrypt/

To unset the container,

 # umount /mnt/truecrypt
 # dmsetup remove foo.tc
 # losetup -d /dev/loop0

Mounting an existing container for a user

Consider /dev/loop0 the first unused loop device, foo.tc the TrueCrypt container, /home/you/truecrypt/ the desired mount point. The user you in this example has uid=1000 and gid=100. The steps for mounting the container as a virtual volume are:

  1. Associate loop device with the container
  2. Map the container to the loop device
  3. Mount the container in the filesystem

The following commands perform the above actions.

 # losetup /dev/loop0 foo.tc
 # tcplay -m foo.tc -d /dev/loop0
 # mount -o nodev,nosuid,uid=1000,gid=100 /dev/mapper/foo.tc /home/you/truecrypt/

Note, if the container uses ext4 or another filesystem that supports file ownership, the uid and gid parameters aren't needed and will not work. Therefore the third command would be simply:

 # mount -o nodev,nosuid /dev/mapper/foo.tc /home/you/truecrypt/

To reverse them:

 # umount /home/you/truecrypt/
 # dmsetup remove foo.tc
 # losetup -d /dev/loop0

Using tcplay-helper

The tcplay-helper-gitAUR tool simplifies the process of creating, mounting and unmounting tc-play containers. The tool is still a work-in-progress, but should work fine for most users wanting to work with simple secure tc-play containers.

The following command creates a 3Mb container called foo.tc.

 # tcplay-helper create foo.tc 3M

To mount the container file we can either mount it as root with the following command. The container will be mounted under /mnt/truecrypt/

 # tcplay-helper open foo.tc

Alternatively, we can supply a username to mount the container as.

 # tcplay-helper open foo.tc archie

Finally, to close the container this command does the trick.

 # tcplay-helper close foo.tc

See also