Truecrypt currently is no longer maintained. Therefore, I'm suggesting a solution: Tcplay.
The following script uses tcplay to create a container (with Windows-based filesystems such as ntfs or fat32: )
Code: Select all
#!/bin/bash
# Make truecrypt containers with tcplay
#User is your username
#Cryptsize is your container size
#Cryptname is your container name
#Cryptpath is your container location (e.g. /home/user/foo)
#Cryptlabel is your container filesystem label. Comment this out if it is unnecessary.
#Cryptpath should be in the following format: /FillInPathHere/"$cryptname"
user=
cryptsize=
cryptname=
cryptpath=
cryptlabel=
loopdev=$(losetup -f)
# must be run as root
if [[ $EUID != 0 ]]; then
printf "%s\n" "You must be root to run this."
exit 1
fi
# create a new container
fallocate -l "$cryptsize" "$cryptpath" #fallocate is much faster than dd if=/dev/zero
losetup "$loopdev" "$cryptpath"
tcplay -c -d "$loopdev" -a whirlpool -b AES-256-XTS #Enter password twice
# map the volume
tcplay -m "$cryptname" -d "$loopdev" #Enter password once
# Create a filesystem (whatever one, e.g. fat) on it.
# If a label is not needed, remove the: -n "$cryptlabel"
mkfs.vfat /dev/mapper/"$cryptname" -n "$cryptlabel"
# unmap the volume
dmsetup remove "$cryptname"
losetup -d "$loopdev"
# make the volume user-writable
chown "$user" "$cryptpath"
chmod 644 "$cryptpath"
Code: Select all
#!/bin/bash
# Make truecrypt containers with tcplay
#User is your username
#Cryptsize is your container size
#Cryptname is your container name
#Cryptpath is your container location (e.g. /home/user/foo)
#Cryptlabel is your container filesystem label. Comment this out if it is unnecessary.
#Cryptpath should be in the following format: /FillInPathHere/"$cryptname"
user=
cryptsize=
cryptname=
cryptpath=
cryptlabel=
loopdev=$(losetup -f)
mountpoint=/media/"$cryptname"
# must be run as root
if [[ $EUID != 0 ]]; then
printf "%s\n" "You must be root to run this."
exit 1
fi
# create a new container
fallocate -l "$cryptsize" "$cryptpath" #fallocate is much faster than dd if=/dev/zero
losetup "$loopdev" "$cryptpath"
tcplay -c -d "$loopdev" -a whirlpool -b AES-256-XTS #Enter password twice
# map the volume
tcplay -m "$cryptname" -d "$loopdev" #Enter password once
# create a filesystem on it
mkfs.ext4 /dev/mapper/"$cryptname" #Choose filesystem (e.g. mkfs.ext4 for ext4.)
# make filesystem user-writable. This is necessary in linux-based filesystems.
[ -d $mountpoint ] || mkdir "$mountpoint"
mount -t ext4 /dev/mapper/"$cryptname" "$mountpoint"
chown "$user" "$mountpoint"
chmod 755 "$mountpoint"
# optional: label volume. Comment this command if you don't want labels.
e2label /dev/mapper/"$cryptname" "$cryptlabel"
# unmap the volume
umount "$mountpoint"
dmsetup remove "$cryptname"
losetup -d "$loopdev"
rmdir "$mountpoint"
# make the volume user-writable
chown "$user" "$cryptpath"
chmod 644 "$cryptpath"
Code: Select all
#!/bin/bash
# Mount and unmount truecrypt containers using tcplay
#User is your username
#Cryptname is your container name
#Cryptpath is your container location (e.g. /home/user/file)
#Cryptpath should be in the following format: /FillInPathHere/"$cryptname"
user=
cryptname=
cryptpath=
loopdevice=$(losetup -f)
mountpoint=/media/"$cryptname"
# unecrypt and mount container
if [ $1 -eq 1 ]; then
# Checking if there are excessive loop devices
# This could also be indicative of an already mounted container
device=$(losetup -a | grep $cryptpath | awk -v dev=$cryptname -F":" '/dev/ {print $1}')
if [ -n "$device" ]; then
printf "%s\n" "Duplicate loop device. Exiting..."
losetup -d "$device"
exit 1
else
losetup "$loopdevice" "$cryptpath"
fi
tcplay --map="$cryptname" --device="$loopdevice"
# mount container
[ -d $mountpoint ] || mkdir "$mountpoint"
# mount options
userid=$(id -u "$user")
groupid=$(id -g "$user")
# The following command is for Windows-based filesystems (e.g. FAT32, NTFS)
# If the filesystem is something else (e.g. ext4,) change this command accordingly
mount -o nosuid,uid="$userid",gid="$groupid" /dev/mapper/"$cryptname" "$mountpoint"
# close and clean up…
elif [ $1 -eq 2 ]; then
device2=$(losetup -a | grep $cryptname | awk -v dev=$cryptname -F":" '/dev/ {print $1}')
umount "$mountpoint"
dmsetup remove "$cryptname" || printf "%s\n" "demapping failed"
losetup -d "$device2" || printf "%s\n" "deleting $loopdevice failed"
rmdir "$mountpoint"
else
printf "%s\n" "To open container, type: sh foo.sh 1"
printf "%s\n" "Or, to close container, type: sh foo.sh 2"
fi
Code: Select all
#!/bin/bash
# Mount and unmount truecrypt containers using tcplay
#User is your username
#Cryptname is your container name
#Cryptpath is your container location (e.g. /home/user/file)
#Cryptpath should be in the following format: /FillInPathHere/"$cryptname"
#This file currently assumes that there are two keyfiles. Add or remove keyfiles as needed.
#Also, list the location for every keyfile (e.g. keyfile1=/home/user/fookeyfile1)
user=
cryptname=
cryptpath=
keyfile1=
keyfile2=
loopdevice=$(losetup -f)
mountpoint=/media/"$cryptname"
# unecrypt and mount container
if [ $1 -eq 1 ]; then
# Checking if there are excessive loop devices
# This could also be indicative of an already mounted container
device=$(losetup -a | grep $cryptpath | awk -v dev=$cryptname -F":" '/dev/ {print $1}')
if [ -n "$device" ]; then
printf "%s\n" "Duplicate loop device. Exiting..."
losetup -d "$device"
exit 1
else
losetup "$loopdevice" "$cryptpath"
fi
# Add or remove keyfiles in the following line as needed.
# E.x. for one keyfile: tcplay --map="$cryptname" --keyfile="$keyfile1" --device="$loopdevice"
tcplay --map="$cryptname" --keyfile="$keyfile1" --keyfile="$keyfile2" --device="$loopdevice"
# mount container
[ -d $mountpoint ] || mkdir "$mountpoint"
# mount options
userid=$(id -u "$user")
groupid=$(id -g "$user")
mount -o nosuid,uid="$userid",gid="$groupid" /dev/mapper/"$cryptname" "$mountpoint"
# close and clean up…
elif [ $1 -eq 2 ]; then
device2=$(losetup -a | grep $cryptname | awk -v dev=$cryptname -F":" '/dev/ {print $1}')
umount "$mountpoint"
dmsetup remove "$cryptname" || printf "%s\n" "demapping failed"
losetup -d "$device2" || printf "%s\n" "deleting $loopdevice failed"
rmdir "$mountpoint"
else
printf "%s\n" "To open container, type: sh foo.sh 1"
printf "%s\n" "Or, to close container, type: sh foo.sh 2"
fi
For the first script, to create a container, type something like: sh ______.sh.
For the second script:
To open a container, type something like: sh ______.sh 1
To close a container, type something like: sh ______.sh 2
Note that I have only covered linux ext filesystems and Windows filesystems. I have not explained how to use this guide for filesystems such as BTRFS.
Sincerely,
Cylinder57
Sources:
http://jasonwryan.com/blog/2013/01/10/truecrypt/
https://wiki.archlinux.org/index.php/Tcplay
https://wiki.archlinux.org/index.php/TrueCrypt
I wrote an article like similar to this in Fedora (Don't use that one because the instructions there are not as good:)
http://forums.fedoraforum.org/showthread.php?t=298662