SEARCH

How-To Geek

Install TrueCrypt on Ubuntu Edgy

TrueCrypt is a phenomenal open-source disk encryption software that runs on Windows or Linux. Unfortunately, the installer doesn’t work so well on Ubuntu Edgy, so I’ve created this article to help walk you through the process.

 

Installing TrueCrypt

First, download the source code from the downloads page, because the Ubuntu debian package is compiled for 586 instead of 686 kernel, so we’ll have to build it ourself.

Copy the downloaded file into whatever location you’d like. The next step is to install some required software for the build process to execute. You may have some or all of these installed on your machine already.

sudo apt-get install build-essential dmsetup gawk linux-source linux-headers-`uname -r`

Note: Make sure that the ` character is the one below the tilde ~ key.

Now that we’ve installed the prerequisites, we’ll need to do a small amount of setup before it will work properly. Note that the exact version of the kernel may be different on your machine, but you are using tab completion anyway, right?  =)

cd /usr/src/

sudo bunzip2 linux-source-2.6.17.tar.bz2

sudo tar xvf linux-source-2.6.17.tar

sudo ln -s linux-source-2.6.17 linux

sudo make -d -C linux modules_prepare

The last step will send a whole lot of stuff flying by…. eventually it may prompt you to select yes on a question or two. This step is necessary because you’ll probably get an error later on otherwise.

Change directory back to the download directory, and now we’ll extract the source code, which contains both windows and linux source…

tar xzvf truecrypt-4.2a-source-code.tar.gz

cd truecrypt-4.2a/Linux/

Since Truecrypt installs a kernel module, you will have to run the build script in superuser mode.

sudo ./build.sh

This should have run successfully without errors at this point. Now we can launch the installation script, now that we know everything has been built successfully.

geek@ubuntuServ:~/truecrypt-4.2a/Linux$ sudo ./install.sh
Password:
Checking installation requirements…
Testing truecrypt… Done.

Install binaries to [/usr/bin]:
Install man page to [/usr/share/man]:
Install user guide and kernel module to [/usr/share/truecrypt]:
Allow non-admin users to run TrueCrypt [y/N]: Y
Installing kernel module… Done.
Installing truecrypt to /usr/bin… Done.
Installing man page to /usr/share/man/man1… Done.
Installing user guide to /usr/share/truecrypt/doc… Done.
Installing backup kernel module to /usr/share/truecrypt/kernel… Done.

At this point, Truecrypt is successfully installed. If  you are already familiar, you can get back to work. If not, here’s a couple of common use scenarios.

Creating a Truecrypt volume

Creating a truecrypt volume can be as simple as running truecrypt -c <filename>, but there are some options you can use on the command line if you would prefer:

geek@ubuntuServ:~$ truecrypt –size 200MB –type normal –encryption AES –hash RIPEMD-160 –filesystem FAT -c myvolume.tc

Enter password for new volume ‘myvolume.tc’:
Re-enter password:
Enter keyfile path [none]:
TrueCrypt will now collect random data.
Is your mouse connected directly to computer where TrueCrypt is running? [Y/n]:
Please type at least 320 randomly chosen characters and then press Enter:

Mount a TrueCrypt volume

You should create a directory to mount the Truecrypt volume in. I named mine tcmount

mkdir tcmount

truecrypt -u myvolume.tc  tcmount

Note: You must use the -u option in order to mount the volume in user mode so that you will have write access to it.

Dismount a TrueCrypt volume

truecrypt -d <mountpoint>

Check to see if the TrueCrypt volume is mounted

geek@ubuntuServ:~$ df -m
Filesystem           1M-blocks      Used Available Use% Mounted on
/dev/sda1                 7698      1835      5472  26% /
varrun                      78         1        78   1% /var/run
varlock                     78         0        78   0% /var/lock
procbususb                  10         1        10   1% /proc/bus/usb
udev                        10         1        10   1% /dev
devshm                      78         0        78   0% /dev/shm
/dev/mapper/truecrypt0
                            20         1        20   1% /home/geek/tcmount

I mounted the volume in a directory called tcmount, and you can see it at the bottom of the list

Mounting a volume on a USB stick

You can mount a volume on a USB stick just as easily as mounting a regular volume. Just supply the full path to the truecrypt volume on the USB stick and a mount point directory of your choice.

truecrypt -u /media/usbdisk/myvol.tc tcmount

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 12/22/06

Comments (13)

  1. Daniel Spiewak

    The back-tic character is *below* the tilde, not above. :-)

  2. The Geek

    Great catch, Daniel… updated!

  3. Mike

    Edgy binaries for x86 are now available via the TrueCrypt website and can also be installed via apt-get (not sure which repos need to be enabled). These have worked without problem for me.

  4. The Geek

    Mike,

    Thanks, I’ll check that out, and update the article if it works for me.

    I always test things out myself before writing an article. Quality is important =)

  5. humbll

    I wonder: how do you encrypt an entire empty drive with truecrypt and then do a fresh install of edgy ubuntu? I want the whole disk encrypted, not just a partition. Is this possible?

  6. humbll

    I should clarify this, I have a laptop, with one (blank) hard drive in it. I would like to encrypt the entire hard drive, then install Ubuntu Edgy Eft onto that drive. I know I need two partitions to install it, the swap partition and the root partition. Why isn’t this capability built into Linux distros yet? With security being so important these days it should be set up to take a blank drive, create the necessary partitions, encrypt them, then install onto them. Then we would have some good security. Also I don’t see why there is such a thing as unsecure web browsing even. The experts should be able to make everything automatically encrypted from the moment we connect. This is ridiculous that anybody with the right software can intercept everything we send or receive from our computers. Why isn’t the internet all SSL by now?? But alas, I digress. Thank you for your wonderful articles, Mr. Howtogeek, keep up the great work!

  7. Aron

    Hi,

    I just followed the instructions on a very new Ubuntu Edgy installation and had one tiny obstacle to overcome.

    Before I could make -d -C linux modules_prepare, I needed to cp /boot/config-2.6.17-11-generic linux/.config

    After that everything worked for me just as explained.
    Thanks for this great guide!
    All the best,
    Aron

  8. Maximander

    QUOTE: humbll
    “Why isnít this capability built into Linux distros yet?”

    Answer: because you pretty much need so many libs and such just to do the decryption that it’s (close to) impossible to install the whole OS inside an encrypted container. Now 2.6.20 has KVM (hyper visor like virtualization) so maybe a host OS to decrypt and then a guest inside an encrypted drive. Or, just this week, seagate announced the first fully encrypted consumer product, but they’re using hard/firmware to do their en/decryption so the OS on the drive doesn’t have to be aware of it.

    Anyway, eventually, I’m sure a distro will come out with a BIG initrd (ramdisk used to start up before the kernel and modules are all up and running) where the encryption is done so that the drive could be encrypted, but the more complex, and secure, you want it, the harder it will be to do without a running OS to power it.

  9. akaihola

    Maximander, the kernel and initrd still would have to be on the disk as cleartext, wouldn’t they?

  10. akaihola

    Daniel Spiewak:

    Or, better yet, this how-to could use $( ) instead of back-ticks for easier non-geek typing.

  11. Lil' Brittle

    Thanks, the .deb for the new 4.3 version kept giving me kernel module errors. Compiling from source was simply a matter of following this guide only substituting the new version number (4.3 instead of 4.2a)

  12. oxar

    Hi all,

    I’ve compiled Tcrypt 4.3 on Feisty, without any errors or warnings, I have mounted my existent tc volume, after inserting the password, I got this error:

    Unable to make device node for ‘truecrypt0′

    The Tc volume have been mounted correctly, but I would like to know the cause of this error. Any idea, guys?

  13. ben

    Hi, I have exactly the same trouble just after the passwd, but i can mount he device and format to ext3

    truecrypt /dev/sda3
    Enter password for ‘/dev/sda3′:
    Unable to make device node for ‘truecrypt0′

    truecrypt -vl
    /dev/mapper/truecrypt0:
    Volume: /dev/sda3
    Type: Normal
    Size: 743836745728 bytes
    Encryption algorithm: AES
    Mode of operation: LRW
    Read-only: No
    Hidden volume protected: No

Enter Your Email Here to Get Access for Free:

Go check your email!