2015-11-24 Update
Since the time of the writing of this document, truecrypt’s reputation has been called into question. Truecrypt’s response was to disband/close. It is unclear/unproven if truecrypt had any issues or was simply getting out of the game while the getting was good. I can no longer recommend truecrypt and recommend replacing Truecrypt with an alternative. While LUKS/cryptsetup is not a 1-for-1 replacement of truecrypt, it is the tool I recommend using for any and all disk encryption.
Background
Truecrypt is a multiplatform encryption tool; however, there have been numerous claims of it not being as secure as people think. There were so many claims that an IndieGoGo project was set up to fund a full (external) security audit of truecrypt (status: http://istruecryptauditedyet.com/). This, along with other concerns I have had with truecrypt caused me to look for an alternative, which lead me back to LUKS.
There are many ways to use encrypted containers without using truecrypt itself. This article focuses on opening an existing truecrypt container with cryptsetup (no truecrypt is used at all other than the original creation of the container).
Details
The steps for opening an existing truecrypt container with cryptsetup are as follows:
- attach your truecrypt container to a loopback device (note: you need to be root to do this or ensure your current user is a member of the disk group)
- losetup /dev/loop0 /path/to/truecrypt.file
- decrypt/open the truecrypt container
- cryptsetup –type tcrypt open /dev/loop0 myContainer
- enter your container’s passphrase when prompted
- myContainer is any “name” you want to give your container, this will become the mapper name (see below)
- mount the container
- mount /dev/mapper/myContainer /media/tmp
- change /media/tmp with your desired mountpoint
Your truecrypt contain’s contents should now be available in the /media/tmp (or your desired mountpoint) directory!
To unmount/cleanup you will need to do the following:
- umount /media/tmp #substitute your mountpoint
- cryptsetup –type tcrypt close myContainer #substitute your chosen container name
- losetup -d /dev/loop0 #release the loopback device
Notes
- I use the above procedure to mount my truecrypt volumes to move their contents to LUKS containers as truecrypt (in its entirety) has lost my trust