Debian User Forums

[PsySc0rpi0n]

Hello.

I just started exploring this powerful tool to use virtual volumes to encrypt files within a TrueCrypt container but I'm having some issues using this tool.
Man pages might be clear for those with some knowledge already but not for me that is the very first time I'm using it and dealing with virtual volumes and mapping devices etc.

I followed an Arch Linux tutorial:
https://wiki.archlinux.org/index.php/Tc ... ual_volume

And for the first time I used the turotial, everthing went smooth but now I want to see the files I saved inside the virtual volume and I'm not being able to mount the device in the appropriate folder I created for this purpose.

These are the steps I followed the first time I tried the tool:

Code: Select all

# fallocate -l 20M encrypt.tc
# losetup /dev/loop0 encrypt.tc
# tcplay -c -d /dev/loop0 -a whirlpool -b AES-256-XTS


Then:

Code: Select all

# tcplay -m encrypt.tc -d /dev/loop0
# mkfs.ext4 /dev/mapper/encrypt.tc
# mount /dev/mapper/encript.tc /mnt/truecrypt/


and finally I copied a single test file into /mnt/truecrypt

Then I removed the virtual volume with:

Code: Select all

# umount /mnt/truecrypt
# dmsetup remove foo.tc
# losetup -d /dev/loop0


Ok so far.

Now I want to see the file inside the container so I did the following steps:

Code: Select all

# losetup /dev/loop0 encrypt.tc
# tcplay -c -d /dev/loop0 -a whirlpool -b AES-256-XTS


then:

Code: Select all

tcplay -m encrypt.tc -d /dev/loop0
# mount /dev/mapper/encript.tc /mnt/truecrypt/


and I get the following error:

mount: wrong fs type, bad option, bad superblock on /dev/mapper/encrypt.tc,
missing codepage or helper program, or other error

In some cases useful info is found in syslog - try
dmesg | tail or so.

I know this is because I haven't formatted the filesystem. But if I format it, I'll lose all container content, so where am I going wrong when I want to use again the previously created and encrypted virtual volume?

[p.H]

I think you must not re-create the encrypted volume (-c). Just map it (-m).

[PsySc0rpi0n]

I think you must not re-create the encrypted volume (-c). Just map it (-m).

Indeed. I just got the hang of it!

Now one more question remains.

To unset the container, 3 commands are suggested in that Arch Linux tutorial.
My question is if all those 3 commands MUST be issued for the encryption to take place or if any of the 3 commands is not issued, the encryption is somehow not completed or the volume content might be at risk of being accessed or hacked or destroyed.

[p.H]

What do you mean by "unset" ? Open, unlock, decrypt ?
I don't know what the three suggested commands are and I won't read the tutorial. My opinion is that any commands you want to discuss about here should be posted here. The command which opens the encrypted volume is tcplay -m. The one which closes the volume is dmsetup remove. The other commands are just to create/remove a block device out of a regular file and mount/unmount the filesystem. Note that the volume stays encrypted on disk anytime.

[GarryRicketson]

3 commands are suggested in that Arch Linux tutorial.

Please show us what the commands are, :
Ahh, ok I see this:

To unset the container,

Code: Select all

 # umount /mnt/truecrypt
 # dmsetup remove foo.tc
 # losetup -d /dev/loop0

Please show us exactly how you typed the commands, if you used those commands literally , like they are, it might not work.
I suppose if you actually used "foo.tc" for the filename , then it would remove it,
We need to see exactly how you wrote them.
Then , maybe some one will see what is wrong with what you typed in.
But yes, the way I read it, you need to run all 3 commands, and in the order shown.
If any 1 of the 2 commands would be all you need, I believe the author would say something like " Use 1 on these 3 commands" but they don't say that, they say clearly :

To unset the container,

[PsySc0rpi0n]

What do you mean by "unset" ? Open, unlock, decrypt ?
I don't know what the three suggested commands are and I won't read the tutorial. My opinion is that any commands you want to discuss about here should be posted here. The command which opens the encrypted volume is tcplay -m. The one which closes the volume is dmsetup remove. The other commands are just to create/remove a block device out of a regular file and mount/unmout the filesystem. Note that the volume stays encrypted on disk anytime.

Yes, I understand that. The question is rather if the volume content is still in plain text after I unmount the filesystem from the folder I set.
I mean, to issue the "dmsetup remove" command I need first to unmount the filesystem from the folder is was mounted on. What if I unmount the filesystem but for some reason I forget to issue the "dmsetup remove" command? Is the content of the volume somehow accessible or in plain text that can be viewed?

[p.H]

Yes. If you can read /dev/mapper/foo.tc (or whatever the device is named), you can read the cleartext contents.

[GarryRicketson]

I don't know much about this, but I agree, and was going to say basically the same,
p.H beat me to it.

--sinip--but for some reason I forget to issue the "dmsetup remove" command?

So if your "top secret" stuff is important to keep secret, be careful and don't forget, for any reason.
I don't remember the details, but I do remember reading about a bank employee, that forgot to exit, and disconnect from the accounts they were working on, they went for a coffee break, or something, and when they got back, some hacker had all ready also accessed, and had account information, that was supposed to not be available to the public. It is kind of like if you go into the "safe", and then when you come out, you forget to close the door, leaving it open, there are some things you just don't "forget for some reason", if you are that incompetent you shouldn't be doing things that are critical to security.
If it is just something like your "porn stash", and you are worried maybe your wife or some one will see it, well ... that is different, and would be another topic.
==== edited again === rainy day, and nothing better to do ====
A long time ago, we had some one with problems on their PC, Debian OS, it was in a office , network environment. The OP was very confused, because things had been changed in thier DE, etc,... It was easy enough to change them back to original setting, but a mystery, How did they get changed in the first place. Well it turned out it was a "prank", his co workers had pulled on him or her, (I don't remember), any way similar, they had left the work area for a little while, coffee break or something.
The "fatal error", when they left, they did not close the session, and were still logged in to their DE. Once they were out of the room, another co-worker, went over to the work station, and made some changes, other co-workers saw this, every body knew what the "hacker" did, so when the victim returned, they were all watching , and got a laugh at the look on his face, etc. In a panic he, logged in here, and told us about the problem,...
Not to long after, the OP got back to us, with a "never mind, it was one of my co-workers",.. lesson learned, Don't forget to do the routine things , needed to keep you system secure, don't leave your DE open, and "logged in", and un-attended. Don't forget to do things that are important, for any reason. The same applies here, Don't leave some file in your system that contains all the information needed to access other files that you have encrypted. Or I guess in this case, a file that contains all the "text, un-encrypted, What is the point in encrypting , or "locking" them, if you leave the "key" or leave a file with all the text, where it can easily be seen and used ?

[PsySc0rpi0n]

Yes, that's all very true. But as you told, things happens and some of them are not under your mind control. Sometimes you just forget or because you were not properly focused or because something got in the way and you had to stop "closing the session"... Well, I can remember a thousand reasons that makes things run out of our control. We are humans, therefore we make mistakes!
And to close this thread, and also a bit offtopic, at my job, I also have very short slack to errors but they always happened and will happen again in the future. I have already said to one of my bosses that I don't have control over my awareness or level of focus. I don't control how much attention I'm paying to some job. If I could control this, I would never make mistakes! And we all know that is not possible, otherwise we would be gods!

Anyway, I think I got the hang of it after p.H reply!

Thanks to all that replied!