From ArchWiki
Revision as of 21:51, 9 April 2013 by Holomorph (Talk | contribs) (Mounting an existing container for a user)

Jump to: navigation, search
Summary help replacing me
Setup and usage of tcplay.
Disk Encryption

tcplay is a free (BSD-licensed), pretty much fully featured (including multiple keyfiles, cipher cascades, etc.) and stable TrueCrypt implementation.

Source: github project home


Install tcplay-git from the AUR.

Encrypting a file as a virtual volume


 $ losetup -f

to find the first unused loopback device; in this example, /dev/loop0.

Note: As of udev 181-5, the loop device module is no longer auto-loaded.

Create a new container, 20M in size for instance, in the working directory:

 # dd if=/dev/zero bs=1 count=0 seek=20M
 # losetup /dev/loop0
 # tcplay -c -d /dev/loop0 -a whirlpool -b AES-256-XTS

Enter a secure password for the volume, and confirm the query to overwrite with the new volume. tcplay will then write random data into the volume. Map the volume and create a filesystem on it in order to mount

 # tcplay -m -d /dev/loop0
 # mkfs.ext4 /dev/mapper/
 # mount /dev/mapper/ /mnt/truecrypt/

To unset the container,

 # umount /mnt/truecrypt
 # dmsetup remove
 # losetup -d /dev/loop0

Mounting an existing container for a user

Consider /dev/loop0 the first unused loop device, the TrueCrypt container, /home/you/truecrypt/ the desired mount point. The user you in this example has uid=1000 and gid=100. The steps for mounting the container as a virtual volume are:

  1. Associate loop device with the container
  2. Map the container to the loop device
  3. Mount the container in the filesystem

The following commands perform the above actions.

 # losetup /dev/loop0
 # tcplay -m -d /dev/loop0
 # mount -o nosuid,uid=1000,gid=100 /dev/mapper/ /home/you/truecrypt/

To reverse them:

 # umount /home/you/truecrypt/
 # dmsetup remove
 # losetup -d /dev/loop0

Related links