Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Tcplay for mounting Truecrypt volumes

Share your HowTo, Documentation, Tips and Tricks. Not for support questions!.
Post Reply
Message
Author
cylinder57
Posts: 7
Joined: 2014-12-09 07:03

Tcplay for mounting Truecrypt volumes

#1 Post by cylinder57 »

Hello everyone,

Truecrypt currently is no longer maintained. Therefore, I'm suggesting a solution: Tcplay.

The following script uses tcplay to create a container (with Windows-based filesystems such as ntfs or fat32: )

Code: Select all

#!/bin/bash
# Make truecrypt containers with tcplay

#User is your username
#Cryptsize is your container size
#Cryptname is your container name
#Cryptpath is your container location (e.g. /home/user/foo)
#Cryptlabel is your container filesystem label.  Comment this out if it is unnecessary.

#Cryptpath should be in the following format: /FillInPathHere/"$cryptname"

user=
cryptsize=
cryptname=
cryptpath=
cryptlabel=

loopdev=$(losetup -f)

# must be run as root
if [[ $EUID != 0 ]]; then
  printf "%s\n" "You must be root to run this."
  exit 1
fi

# create a new container
fallocate -l "$cryptsize" "$cryptpath"       #fallocate is much faster than dd if=/dev/zero
losetup "$loopdev" "$cryptpath"
tcplay -c -d "$loopdev" -a whirlpool -b AES-256-XTS	#Enter password twice

# map the volume
tcplay -m "$cryptname" -d "$loopdev"	#Enter password once

# Create a filesystem (whatever one, e.g. fat) on it.
# If a label is not needed, remove the: -n "$cryptlabel"
mkfs.vfat /dev/mapper/"$cryptname" -n "$cryptlabel"

# unmap the volume
dmsetup remove "$cryptname"
losetup -d "$loopdev"

# make the volume user-writable
chown "$user" "$cryptpath"
chmod 644 "$cryptpath"
The following script uses tcplay to create a container (with linux-based filesystems, particularly ext series such as ext4)

Code: Select all

#!/bin/bash
# Make truecrypt containers with tcplay

#User is your username
#Cryptsize is your container size
#Cryptname is your container name
#Cryptpath is your container location (e.g. /home/user/foo)
#Cryptlabel is your container filesystem label.  Comment this out if it is unnecessary.

#Cryptpath should be in the following format: /FillInPathHere/"$cryptname"

user=
cryptsize=
cryptname=
cryptpath=
cryptlabel=

loopdev=$(losetup -f)
mountpoint=/media/"$cryptname"

# must be run as root
if [[ $EUID != 0 ]]; then
  printf "%s\n" "You must be root to run this."
  exit 1
fi

# create a new container
fallocate -l "$cryptsize" "$cryptpath"       #fallocate is much faster than dd if=/dev/zero
losetup "$loopdev" "$cryptpath"
tcplay -c -d "$loopdev" -a whirlpool -b AES-256-XTS	#Enter password twice

# map the volume
tcplay -m "$cryptname" -d "$loopdev"	#Enter password once

# create a filesystem on it
mkfs.ext4 /dev/mapper/"$cryptname"	#Choose filesystem (e.g. mkfs.ext4 for ext4.)

# make filesystem user-writable.  This is necessary in linux-based filesystems.
[ -d $mountpoint ] || mkdir "$mountpoint"
mount -t ext4 /dev/mapper/"$cryptname" "$mountpoint"
chown "$user" "$mountpoint"
chmod 755 "$mountpoint"

# optional: label volume.  Comment this command if you don't want labels.
e2label /dev/mapper/"$cryptname" "$cryptlabel"

# unmap the volume
umount "$mountpoint"
dmsetup remove "$cryptname"
losetup -d "$loopdev"
rmdir "$mountpoint"

# make the volume user-writable
chown "$user" "$cryptpath"
chmod 644 "$cryptpath"
The following script uses tcplay to mount and unmount containers:

Code: Select all

#!/bin/bash
# Mount and unmount truecrypt containers using tcplay

#User is your username
#Cryptname is your container name
#Cryptpath is your container location (e.g. /home/user/file)

#Cryptpath should be in the following format: /FillInPathHere/"$cryptname"

user=
cryptname=
cryptpath=

loopdevice=$(losetup -f)
mountpoint=/media/"$cryptname"

# unecrypt and mount container
if [ $1 -eq 1 ]; then

  # Checking if there are excessive loop devices
  # This could also be indicative of an already mounted container
  device=$(losetup -a | grep $cryptpath | awk -v dev=$cryptname -F":" '/dev/ {print $1}')
  if [ -n "$device" ]; then  
	printf "%s\n" "Duplicate loop device.  Exiting..."
	losetup -d "$device"
	exit 1
  else
  	losetup "$loopdevice" "$cryptpath"
  fi

  tcplay --map="$cryptname" --device="$loopdevice"

  # mount container
  [ -d $mountpoint ] || mkdir "$mountpoint"

  # mount options
  userid=$(id -u "$user")
  groupid=$(id -g "$user")

  # The following command is for Windows-based filesystems (e.g. FAT32, NTFS)
  # If the filesystem is something else (e.g. ext4,) change this command accordingly
   mount -o nosuid,uid="$userid",gid="$groupid" /dev/mapper/"$cryptname" "$mountpoint"

# close and clean up…
elif [ $1 -eq 2 ]; then
  device2=$(losetup -a | grep $cryptname | awk -v dev=$cryptname -F":" '/dev/ {print $1}')

  umount "$mountpoint"
  dmsetup remove "$cryptname" || printf "%s\n" "demapping failed"
  losetup -d "$device2" || printf "%s\n" "deleting $loopdevice failed"
  rmdir "$mountpoint"

else
  printf "%s\n" "To open container, type: sh foo.sh 1"
  printf "%s\n" "Or, to close container, type: sh foo.sh 2"
fi
The following script is for mounting and unmounting containers with keyfiles:

Code: Select all

#!/bin/bash
# Mount and unmount truecrypt containers using tcplay

#User is your username
#Cryptname is your container name
#Cryptpath is your container location (e.g. /home/user/file)

#Cryptpath should be in the following format: /FillInPathHere/"$cryptname"

#This file currently assumes that there are two keyfiles.  Add or remove keyfiles as needed.
#Also, list the location for every keyfile (e.g. keyfile1=/home/user/fookeyfile1)

user=
cryptname=
cryptpath=

keyfile1=
keyfile2=

loopdevice=$(losetup -f)
mountpoint=/media/"$cryptname"

# unecrypt and mount container
if [ $1 -eq 1 ]; then

  # Checking if there are excessive loop devices
  # This could also be indicative of an already mounted container
  device=$(losetup -a | grep $cryptpath | awk -v dev=$cryptname -F":" '/dev/ {print $1}')
  if [ -n "$device" ]; then  
	printf "%s\n" "Duplicate loop device.  Exiting..."
	losetup -d "$device"
	exit 1
  else
  	losetup "$loopdevice" "$cryptpath"
  fi

  # Add or remove keyfiles in the following line as needed.
  # E.x. for one keyfile: tcplay --map="$cryptname" --keyfile="$keyfile1" --device="$loopdevice"
  tcplay --map="$cryptname" --keyfile="$keyfile1" --keyfile="$keyfile2" --device="$loopdevice"

  # mount container
  [ -d $mountpoint ] || mkdir "$mountpoint"

  # mount options
  userid=$(id -u "$user")
  groupid=$(id -g "$user")
  mount -o nosuid,uid="$userid",gid="$groupid" /dev/mapper/"$cryptname" "$mountpoint"

# close and clean up…
elif [ $1 -eq 2 ]; then
  device2=$(losetup -a | grep $cryptname | awk -v dev=$cryptname -F":" '/dev/ {print $1}')

  umount "$mountpoint"
  dmsetup remove "$cryptname" || printf "%s\n" "demapping failed"
  losetup -d "$device2" || printf "%s\n" "deleting $loopdevice failed"
  rmdir "$mountpoint"

else
  printf "%s\n" "To open container, type: sh foo.sh 1"
  printf "%s\n" "Or, to close container, type: sh foo.sh 2"
fi
To activate the scripts, just copy each of the two scripts into two separate text files and save them. You might need to make the bash scripts executable by typing something like: chmod +x ______.sh

For the first script, to create a container, type something like: sh ______.sh.

For the second script:

To open a container, type something like: sh ______.sh 1

To close a container, type something like: sh ______.sh 2

Note that I have only covered linux ext filesystems and Windows filesystems. I have not explained how to use this guide for filesystems such as BTRFS.

Sincerely,

Cylinder57

Sources:
http://jasonwryan.com/blog/2013/01/10/truecrypt/
https://wiki.archlinux.org/index.php/Tcplay
https://wiki.archlinux.org/index.php/TrueCrypt

I wrote an article like similar to this in Fedora (Don't use that one because the instructions there are not as good:)
http://forums.fedoraforum.org/showthread.php?t=298662

erakis
Posts: 1
Joined: 2015-09-14 08:29

Re: Tcplay for mounting Truecrypt volumes

#2 Post by erakis »

Hello,

Thank you for the script, I successfully created a container on my main disk.

I tried to create a container on an external disk with ntfs format, but fallocate failes, operation is not supported, and then the script can't work. ntfs-3g is installed, but I wonder if fallocate can support ntfs. If you have an idea...

Post Reply