Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

TrueCrypt in Debian

User discussion about Debian Development, Debian Project News and Announcements. Not for support questions.
Message
Author
User avatar
mority
Posts: 75
Joined: 2005-07-28 07:47

TrueCrypt in Debian

#1 Post by mority »

Since a few months there is a Linux port of the open source file and disk encryption tool TrueCrypt.
I was wondering why it didn't make it into the debian package repository so far. Is there anything I could do about this?
Unfortunately I am too busy, lame and dumb to become a package maintainer for it myself...

anon

#2 Post by anon »

Truecrypt has invented yet another licence which I read until.
c. Phrase "Based on TrueCrypt" must be displayed by your product (if
technically feasible) or by the modified version and contained in its
documentation. Alternatively, if this product or its portion you included
in your product comprise only a minor portion of your product, phrase
"Portions of this product are based in part on TrueCrypt" may be used
instead.
Seems like an ad-clause normally deemed non-free. And with other options available I don't think you'd have much of a chance someone would package this for non-free. Would you check the full licence with debian-legal and get uptream to change the troublesome parts, you'd probably stand a much greater chance. Other than that, you could ask on their forum if someone coud build it for debian (perhaps a rebuild of the ubunbtu packages would suffice). Or just try to install the ubuntu .deb

guest

#3 Post by guest »

Hi,

since this looks like there will be no debian port i tried to compile the sourcecode but ran into problems.
I apologize if this is the wrong place to ask such a question but google throw this on first place with the
keywords: debian truecrypt
so others may look here as well.

I have debian sarge installed with the 2.6.8-2-k7 custom kernel.
Here is a list of some installed packages which i think that may be needed:

kernel-headers-2.6.8-2
kernel-headers-2.6.8-2-k7
kernel-image-2.6.8-2-k7
kernel-kbuild-2.6-3
kernel-package
kernel-source-2.6.8
linux-kernel-headers

here is what i did:
cd /usr/src
tar xfjv kernel-source-2.6.8
ln -s kernel-source-2.6.8 linux
cd truecrypt-4.1-source-code/Linux
cp /boot/config-2.6.8-2-k7 /usr/src/linux/.config
./build.sh

build.sh then gave the following output:
Checking build requirements...
Building kernel module... In file included from /usr/src/truecrypt-4.1-source-code/Crypto/Aesopt.h:144,
from /usr/src/truecrypt-4.1-source-code/Crypto/Aescrypt.c:33:
/usr/src/truecrypt-4.1-source-code/Common/Endian.h:22:42: asm/byteorder.h: No such file or directory
make[2]: *** [/usr/src/truecrypt-4.1-source-code/Linux/Kernel/../../Crypto/Aescrypt.o] Error 1
make[1]: *** [_module_/usr/src/truecrypt-4.1-source-code/Linux/Kernel] Error 2
make: *** [truecrypt] Error 2
Error: Failed to build kernel module

Here i am stuck. Maybe i haven't linked the kernel-sources proper?
In particular this seems to be an invalid path, ending at .../truecrypt-4.1-source-code/Linux/Kernel/
make[2]: *** [/usr/src/truecrypt-4.1-source-code/Linux/Kernel/../../Crypto/Aescrypt.o] Error 1

I haven't compiled much sourcecode yet, maybe i miss something trivial?
I have tried to install both ubuntu packages (5.04, 5.10) but they fail with a wrong kernel version error.
Any help is truly appreciated.

guest
Posts: 1
Joined: 2006-06-05 09:53

#4 Post by guest »

The last post was for truecrypt 4.1.
As of truecrypt 4.2 the problem is solved.

jaalto
Posts: 2
Joined: 2008-09-27 11:47

#5 Post by jaalto »

See article "Using truecrypt-installer to help install Truecrypt for Debian"
at http://www.debian-administration.org/articles/506 which can help.

markharding557
Posts: 40
Joined: 2008-01-19 23:42
Location: england

#6 Post by markharding557 »

truecrypt ubuntu deb does work on lenny/sid.
you need to have sudo set up because it uses this to get root privledges.
Alot easier i think than installing from source

jaalto
Posts: 2
Joined: 2008-09-27 11:47

#7 Post by jaalto »

markharding557 wrote:truecrypt ubuntu deb does work on lenny/sid.
Not difficult from source either (4.3a). Unless you specifically need GUI from latest version.

1. Satisfy depends: apt-get install libncurses5-dev gcc-4.1 debhelper devscripts dpatch || apt-get -f install

2. Download installer deb: https://launchpad.net/truecrypt-installer/+download

3. Install: tc-dpkg --auto --install

Next release will contain additional utilities:

Make containers: tc-create --size 500M private.tc
Check container health and repair: tc-fsck private.tc

ludwigbaum
Posts: 3
Joined: 2009-01-22 17:35

Truecrypt with Debian Lenny Testing

#8 Post by ludwigbaum »

In my Lenny-testing-installation (December 2009) the Ubuntu-package works well. But at first; I had to install two libraries:

libfuse2
fuse-utils

Then I had to edit the sudoers file (see sudoers manual).

cb474
Posts: 150
Joined: 2007-11-15 09:48

#9 Post by cb474 »

Am I correct in concluding that TrueCrypt cannot encrypt an entire partition with already existing data on it and keep the data? It seems like it can do this in Windows, but the option is missing in the Linux version.

And if that is the case, is my only option (if I don't want to use a container file) to move all of my data off of the partition, encrypt the partition, and then move my data back?

mono
Posts: 145
Joined: 2009-05-10 14:39

Re: TrueCrypt in Debian

#10 Post by mono »

I want to complete ludwigbaum... I used *.deb file for Ubuntu but my installer notice me that except libfuse2 and fuse-utils I have to install dmsetup.

User avatar
bugsbunny
Posts: 5354
Joined: 2008-07-06 17:04
Been thanked: 1 time

Re: TrueCrypt in Debian

#11 Post by bugsbunny »

Can someone explain to me what true crypt gives you that I can't get from one of the native packages?

shadowking
Posts: 496
Joined: 2009-05-06 11:34

Re: TrueCrypt in Debian

#12 Post by shadowking »

Read the truecrypt compile manual. You needs special headers from some website. I compiled 6.0 and 6.1 months ago. They still work on my new PC

mdudumtoto
Posts: 7
Joined: 2009-08-04 19:50

Re: TrueCrypt in Debian

#13 Post by mdudumtoto »

http://esaucairn-almuric.blogspot.com/2 ... ebian.html

has a very thorough discussion on this.
I have messed up far too many new installs to try this.

my solution? install ubuntu on your debian OS by using virtual box or vmware.

Polaris96
Posts: 555
Joined: 2009-06-17 18:37

Re: TrueCrypt in Debian

#14 Post by Polaris96 »

I know this thread is pretty old, but since I've been re-examining encryption, lately, and I'm kind of on the fence about truecrypt, figured I'd add this to the pot:

@bugs: TrueCrypt seems to be targeted at generating deniable encryption. It creates an encrypted dummy fs with dummy data and stores the sensitive stuff in a second fs cached steganographically into the dummy data. If it works the way they claim, it should be imperceptible to an observer.

Which sounds great, except that it appears to be based on fuse. Fuse based encryption is NORMALLY problematic because permission and titles live in unencrypted space. They may have solved this problem in truecrypt I'm not sure and will post when I know more.

I don't know of a repo package that will provide that service. If one's available, please share because I'd love to try it.

EDIT: Just learned there's a package available called TCHunt that can detect the presence of TrueCrypt volumes. So much for deniability, eh?
for as long as the world remains. for as long as time remains. so, too, will I remain. To serve. To help. And to make my contribution. Also, never forget our family at debianuserforums.org If we can't solve your problem, they probably can.

User avatar
sickie
Posts: 498
Joined: 2009-06-08 07:10
Location: The pig farm
Has thanked: 27 times
Been thanked: 2 times

Re: TrueCrypt in Debian

#15 Post by sickie »

If TCHunt really works than TrueCrypt is not suitable for highly sensitive data, as TrueCrypt authors claims that hidden volumes are rally hidden but TCHunt proves them wrong - so other TC features could be just as weak as hidden volumes are.
:shock:

Polaris96
Posts: 555
Joined: 2009-06-17 18:37

Re: TrueCrypt in Debian

#16 Post by Polaris96 »

Without speculating TOO much on this one, sickie, I don't think the actual encryption is weak. They're using the blowfish algorithm by default which is pretty secure, and they've got rsa keys and lots of the usual gizmos for a secure filesystem thrown in the pot.

That's not to say there couldn't be a back door in the code (even an inadvertant one. Something similar was found in openssl not too long ago. It happens...)

What really makes an app like TCHunt so disturbing is not that it weakens the encryption, itself, but that it reveals a partition which ought to be invisible. The whole point of deniable encryption is for the observer NOT to be able to detect the encrypted layer. If that layer can be detected at all, it ISN'T deniable encryption.

I bet TCHunt's snooping around in fuse. Most of the fuse based encrypted FS's are less secure. Thats why ecryptfs got away from fuse.

I love the IDEA of this kind of thing - it's so james bond, y'know? ecryptfs and even openssl really work good, but the idea of a "secret compartment" inside some ordinary seeming encrypted filesystem is just so damned nifty!

BTW had zero problems compiling the source code, but it's crashing because it wants gtk+ and I'm running kde, which runs under qt. Im not really sure how to fix this, yet. Might try the ubuntu package. If you need encryption NOW just grab ecryptfs. TrueCrypt's more like a nifty toy than a necessity esp in light of the existence of TCHunt.

EDIT: just turned up two new candidates for this kind of encryption. I've come across two Fs's called SFS and StegFS (both meaning "steganographic FS" I haven't tried either, yet. My source says SFS is pretty rough around the edges and StegFS is more polished. Will post more when I've tried them.

EDIT2: There's also a main repo available package called steghide that will hide data steganographically. So far as I can tell, though, it's made for hiding indivdual files, not whole Fs's. I see this as a useful tool to, say, hide all your passwords in a jpeg, etc. Again, if it looks real good I'll add more.
for as long as the world remains. for as long as time remains. so, too, will I remain. To serve. To help. And to make my contribution. Also, never forget our family at debianuserforums.org If we can't solve your problem, they probably can.

User avatar
BioTube
Posts: 7520
Joined: 2007-06-01 04:34

Re: TrueCrypt in Debian

#17 Post by BioTube »

If you REALLY want to be secure, make your encrypted filesystem ReiserFS. It's the digital version of flash paper(especially if you keep raw images using the same FS).
Image
Ludwig von Mises wrote:The elite should be supreme by virtue of persuasion, not by the assistance of firing squads.

Polaris96
Posts: 555
Joined: 2009-06-17 18:37

Re: TrueCrypt in Debian

#18 Post by Polaris96 »

Not to mention that reiser is a very high performance FS. I like it much better than extn. I use reiser for "regular" files and XFS for "big" (media video) files

EDIT REGARDING STEGFS AND SFS: ok, StegFS seems to be dropped. last changes were implemented in 2004 and they say it's beta and might whack your data. ...Tennis anyone?

SFS seems windows focused and makes no mention of source code or Linux binaries.

I did, however, come across a a project called MagikFS, which isn't ready for release but sounds quite promising.

Steghide has proven extremely easy to use. I recommend it highly. With a little creativity and some bash scripting (ok maybe with a dash of perl or mysql) you can use steghide to create an invisible archive for data that will work just like a steganographic FS. I think I'm going to pursue this route and keep a weather eye on MagikFS for the future.
for as long as the world remains. for as long as time remains. so, too, will I remain. To serve. To help. And to make my contribution. Also, never forget our family at debianuserforums.org If we can't solve your problem, they probably can.

User avatar
sickie
Posts: 498
Joined: 2009-06-08 07:10
Location: The pig farm
Has thanked: 27 times
Been thanked: 2 times

Re: TrueCrypt in Debian

#19 Post by sickie »

Polaris96 wrote: I bet TCHunt's snooping around in fuse. Most of the fuse based encrypted FS's are less secure. Thats why ecryptfs got away from fuse.
When I checked TCHunt's webpage it's windows only and volumes shouldn't be mounted for it to find them so that rules out that it's a fuse issue but. It's truecrypt methodologie itself.
:shock:

Polaris96
Posts: 555
Joined: 2009-06-17 18:37

Re: TrueCrypt in Debian

#20 Post by Polaris96 »

Nicely done. It's too bad about TrueCrypt. I never felt the need for this kind of thing b4, but now I feel like I really want a steganographic file system. Funny how that works...
for as long as the world remains. for as long as time remains. so, too, will I remain. To serve. To help. And to make my contribution. Also, never forget our family at debianuserforums.org If we can't solve your problem, they probably can.

Post Reply