Monday, March 16, 2009

Command Line Truecrypt Volume Creation

This will create a hidden volume in an outer volume on a disk device. If you haven't been playing around with Truecrypt and breaking where it will try to mount things by default, this will work fine. Otherwise, you may have to determine what the /dev/mapper/truecrypt mountpoint will be. Same goes for /dev/sd?.

Create your normal Truecrypt volume on the device. You can also do this with a disk partition; i.e., sdq1.
truecrypt -k '' -p somewhatsekrit --volume-type=normal --filesystem=none --encryption=AES --hash=RIPEMD-160 --random-source=/dev/urandom -c /dev/sdq

Mount the volume in Truecrypt so that you can format the filesystem.
truecrypt -k '' --filesystem=none --protect-hidden=no -p somewhatsekrit /dev/sdq

Format the filesystem.
mkfs.ext2 /dev/mapper/truecrypt0

Unmount the volume.
truecrypt -d /dev/sdq

Create the hidden volume with a password you don't intend to divulge. Until they start pulling fingermails, of course. Adjust your hidden volume's size according to your device's contraints. Volume size is given in bytes. fdisk -l /dev/sdq will show how many bytes are available on the device or partition.
truecrypt -k '' --volume-type=hidden -p omgverysekrit --filesystem=none --encryption=AES --hash=RIPEMD-160 --random-source=/dev/urandom -c /dev/sdq --size=50000000

Mount the volume so the filesystem can be formatted.
truecrypt -k '' --filesystem=none --protect-hidden=no -p omgverysekrit --filesystem=none /dev/sdq

Format the volume's filesystem.
mkfs.ext2 /dev/mapper/truecrypt0

Unmount the volume.
truecrypt -d /dev/sdq

Truecrypt requires keyfile values be given (-k) when creating volumes via command line, or it will prompt for them. Adding the two single-quotes (-k '') just says that there isn't a keyfile to be used. Truecrypt in command line mode also apparently won't create an ext2 filesystem, so you first have to create the volume without a filesystem, mount it with truecrypt and use mkfs (mkfs.ext2 in this case) to format the the volume.

No comments: