How-To Geek
Install TrueCrypt on Ubuntu Edgy
TrueCrypt is a phenomenal open-source disk encryption software that runs on Windows or Linux. Unfortunately, the installer doesn’t work so well on Ubuntu Edgy, so I’ve created this article to help walk you through the process.
Installing TrueCrypt
First, download the source code from the downloads page, because the Ubuntu debian package is compiled for 586 instead of 686 kernel, so we’ll have to build it ourself.
Copy the downloaded file into whatever location you’d like. The next step is to install some required software for the build process to execute. You may have some or all of these installed on your machine already.
sudo apt-get install build-essential dmsetup gawk linux-source linux-headers-`uname -r`
Note: Make sure that the ` character is the one below the tilde ~ key.
Now that we’ve installed the prerequisites, we’ll need to do a small amount of setup before it will work properly. Note that the exact version of the kernel may be different on your machine, but you are using tab completion anyway, right? =)
cd /usr/src/
sudo bunzip2 linux-source-2.6.17.tar.bz2
sudo tar xvf linux-source-2.6.17.tar
sudo ln -s linux-source-2.6.17 linux
sudo make -d -C linux modules_prepare
The last step will send a whole lot of stuff flying by…. eventually it may prompt you to select yes on a question or two. This step is necessary because you’ll probably get an error later on otherwise.
Change directory back to the download directory, and now we’ll extract the source code, which contains both windows and linux source…
tar xzvf truecrypt-4.2a-source-code.tar.gz
cd truecrypt-4.2a/Linux/
Since Truecrypt installs a kernel module, you will have to run the build script in superuser mode.
sudo ./build.sh
This should have run successfully without errors at this point. Now we can launch the installation script, now that we know everything has been built successfully.
geek@ubuntuServ:~/truecrypt-4.2a/Linux$ sudo ./install.sh
Password:
Checking installation requirements…
Testing truecrypt… Done.Install binaries to [/usr/bin]:
Install man page to [/usr/share/man]:
Install user guide and kernel module to [/usr/share/truecrypt]:
Allow non-admin users to run TrueCrypt [y/N]: Y
Installing kernel module… Done.
Installing truecrypt to /usr/bin… Done.
Installing man page to /usr/share/man/man1… Done.
Installing user guide to /usr/share/truecrypt/doc… Done.
Installing backup kernel module to /usr/share/truecrypt/kernel… Done.
At this point, Truecrypt is successfully installed. If you are already familiar, you can get back to work. If not, here’s a couple of common use scenarios.
Creating a Truecrypt volume
Creating a truecrypt volume can be as simple as running truecrypt -c <filename>, but there are some options you can use on the command line if you would prefer:
geek@ubuntuServ:~$ truecrypt –size 200MB –type normal –encryption AES –hash RIPEMD-160 –filesystem FAT -c myvolume.tc
Enter password for new volume ‘myvolume.tc’:
Re-enter password:
Enter keyfile path [none]:
TrueCrypt will now collect random data.
Is your mouse connected directly to computer where TrueCrypt is running? [Y/n]:
Please type at least 320 randomly chosen characters and then press Enter:
Mount a TrueCrypt volume
You should create a directory to mount the Truecrypt volume in. I named mine tcmount
mkdir tcmount
truecrypt -u myvolume.tc tcmount
Note: You must use the -u option in order to mount the volume in user mode so that you will have write access to it.
Dismount a TrueCrypt volume
truecrypt -d <mountpoint>
Check to see if the TrueCrypt volume is mounted
geek@ubuntuServ:~$ df -m
Filesystem 1M-blocks Used Available Use% Mounted on
/dev/sda1 7698 1835 5472 26% /
varrun 78 1 78 1% /var/run
varlock 78 0 78 0% /var/lock
procbususb 10 1 10 1% /proc/bus/usb
udev 10 1 10 1% /dev
devshm 78 0 78 0% /dev/shm
/dev/mapper/truecrypt0
20 1 20 1% /home/geek/tcmount
I mounted the volume in a directory called tcmount, and you can see it at the bottom of the list
Mounting a volume on a USB stick
You can mount a volume on a USB stick just as easily as mounting a regular volume. Just supply the full path to the truecrypt volume on the USB stick and a mount point directory of your choice.
truecrypt -u /media/usbdisk/myvol.tc tcmount
The back-tic character is *below* the tilde, not above. :-)
Great catch, Daniel… updated!
Edgy binaries for x86 are now available via the TrueCrypt website and can also be installed via apt-get (not sure which repos need to be enabled). These have worked without problem for me.
Mike,
Thanks, I’ll check that out, and update the article if it works for me.
I always test things out myself before writing an article. Quality is important =)
I wonder: how do you encrypt an entire empty drive with truecrypt and then do a fresh install of edgy ubuntu? I want the whole disk encrypted, not just a partition. Is this possible?
I should clarify this, I have a laptop, with one (blank) hard drive in it. I would like to encrypt the entire hard drive, then install Ubuntu Edgy Eft onto that drive. I know I need two partitions to install it, the swap partition and the root partition. Why isn’t this capability built into Linux distros yet? With security being so important these days it should be set up to take a blank drive, create the necessary partitions, encrypt them, then install onto them. Then we would have some good security. Also I don’t see why there is such a thing as unsecure web browsing even. The experts should be able to make everything automatically encrypted from the moment we connect. This is ridiculous that anybody with the right software can intercept everything we send or receive from our computers. Why isn’t the internet all SSL by now?? But alas, I digress. Thank you for your wonderful articles, Mr. Howtogeek, keep up the great work!
Hi,
I just followed the instructions on a very new Ubuntu Edgy installation and had one tiny obstacle to overcome.
Before I could make -d -C linux modules_prepare, I needed to cp /boot/config-2.6.17-11-generic linux/.config
After that everything worked for me just as explained.
Thanks for this great guide!
All the best,
Aron
QUOTE: humbll
“Why isn’t this capability built into Linux distros yet?”
Answer: because you pretty much need so many libs and such just to do the decryption that it’s (close to) impossible to install the whole OS inside an encrypted container. Now 2.6.20 has KVM (hyper visor like virtualization) so maybe a host OS to decrypt and then a guest inside an encrypted drive. Or, just this week, seagate announced the first fully encrypted consumer product, but they’re using hard/firmware to do their en/decryption so the OS on the drive doesn’t have to be aware of it.
Anyway, eventually, I’m sure a distro will come out with a BIG initrd (ramdisk used to start up before the kernel and modules are all up and running) where the encryption is done so that the drive could be encrypted, but the more complex, and secure, you want it, the harder it will be to do without a running OS to power it.
Maximander, the kernel and initrd still would have to be on the disk as cleartext, wouldn’t they?
Daniel Spiewak:
Or, better yet, this how-to could use $( ) instead of back-ticks for easier non-geek typing.
Thanks, the .deb for the new 4.3 version kept giving me kernel module errors. Compiling from source was simply a matter of following this guide only substituting the new version number (4.3 instead of 4.2a)
Hi all,
I’ve compiled Tcrypt 4.3 on Feisty, without any errors or warnings, I have mounted my existent tc volume, after inserting the password, I got this error:
Unable to make device node for ‘truecrypt0’
The Tc volume have been mounted correctly, but I would like to know the cause of this error. Any idea, guys?
Hi, I have exactly the same trouble just after the passwd, but i can mount he device and format to ext3
truecrypt /dev/sda3
Enter password for ‘/dev/sda3’:
Unable to make device node for ‘truecrypt0’
truecrypt -vl
/dev/mapper/truecrypt0:
Volume: /dev/sda3
Type: Normal
Size: 743836745728 bytes
Encryption algorithm: AES
Mode of operation: LRW
Read-only: No
Hidden volume protected: No