Mount Truecrypt Container with cryptsetup

Truecrypt is a great multiplatform encryption tool; however, there have been numerous claims of it not being as secure as people think. There were so many claims that an IndieGoGo project was set up to fund a full (external) security audit of truecrypt (status: http://istruecryptauditedyet.com/). This, along with other concerns I have had with truecrypt caused me to look for an alternative, which lead me back to LUKS.

There are many ways to use encrypted containers without using truecrypt itself. This article focuses on opening an existing truecrypt container with cryptsetup (no truecrypt is used at all other than the original creation of the container).

The steps for opening an existing truecrypt container with cryptsetup are as follows:

  • attach your truecrypt container to a loopback device (note: you need to be root to do this or ensure your current user is a member of the disk group)
    • losetup /dev/loop0 /path/to/truecrypt.file
  • decrypt/open the truecrypt container
    • cryptsetup --type tcrypt open /dev/loop0 myContainer
      • enter your container's passphrase when prompted
      • myContainer is any "name" you want to give your container, this will become the mapper name (see below)
  • mount the container
    • mount /dev/mapper/myContainer /media/tmp
      • change /media/tmp with your desired mountpoint

Your truecrypt contain's contents should now be available in the /media/tmp (or your desired mountpoint) directory!

To unmount/cleanup you will need to do the following:

  • umount /media/tmp #substitute your mountpoint
  • cryptsetup --type tcrypt close myContainer #substitute your chosen container name
  • losetup -d /dev/loop0 #release the loopback device

Side Note: I use the above procedure to mount my truecrypt volumes to move their contents to LUKS containers.

Comments

zuluCrypt

It is possible to create TrueCrypt volumes using tcplay and access them using cryptsetup with a GUI application called ( zuluCrypt(http://code.google.com/p/zulucrypt/ )