I’ve been wanting to do this for a while, but never got around to. I’m finally going to be encrypting my local backups.
Currently, I backup a few folders (Dropbox, Desktop, /etc) from my laptop to a 1TB USB 3.0 external hard drive. I use rsync, but create a separate folder for each backup, as opposed to using the differential backup feature. This gives me “snapshots” of my files at a point in time, at the expense of disk space. In a future project, I’m going to be purchasing a second external hard drive to use for differential backups.
As a fan of Linux, I’d prefer to use an open source encryption solution. However, I sometimes use a Windows machine. I have a Windows 7 VM that I use, and both my work laptop and PC run Windows 7. For me, the biggest obstacle was finding something that was cross-platform compatible, and relatively easy to use. I had heard of TrueCrypt before, but never really took encrypting my data seriously. TrueCrypt is great. It is (mostly) open source, easy to use, and cross-platform. However, no one is really sure who wrote the software, and parts of the license are a bit unclear.
After learning how the NSA tried to foil most encryption (by placing back doors into crypto software) I came across an article proposing an audit to TrueCrypt. There was overwhelming public support, with contributions of over $16k on FundFill and over $46k on IndieGoGo. The major goals of the project are:
- Review the license
- Determine if binaries are built from source code
- Fix bugs in code
- Conduct audit of cryptography software
At the time of this writing, the audit is still in progress. But, for the time being, I figured if it was secure enough for this banker, it was good enough for me.
TrueCrypt is a forbidden item in most Linux distributions. “Forbidden”, because it does not comply with Fedora’s 100% open standards (mostly due to its unclear license). This only means we can’t install it from a Fedora-approved repository using yum, and will have to download the binary and install it manually. It wouldn’t be fair of me to not mention RealCrypt. RealCrypt is based on TrueCrypt, just repackaged with different branding and a few small tweaks. For all intents and purposes, you could use either, but this guide will be about TrueCrypt.
Step 1 – Download
Download TrueCrypt from here, or use wget…
UPDATE – Since TrueCrypt went offline, check out my other post for alternate download locations.
Step 2 – Extract
I’m using the 64-bit version, change your command appropriately
tar -zxvf truecrypt-7.1a-linux-x64.tar.gz
Step 3 – Install
Step 4 – Run
Start TrueCrypt by running…
…or going to Menu–>Accessories–>TrueCrypt
As a side-note, your user account will have to have root or sudo access to install and run TrueCrypt.
Step 1 – Become root
Su to root, and enter root’s password
Step 2 – Add to wheel group
Run the following command, replacing sampleusername with your username. This will add your user to the wheel group, which typically has root access.
usermod sampleusername -a -G wheel
Logoff and back on for the changes to take effect. You can verify your groupset by entering
Step 3 – TTY access
At some point while creating a container, you’ll be prompted to enter your password, at which point, you will receive an error.
This is because sudo will only run when the user is logged in to a real TTY. To fix this, we need to comment out a line from /etc/sudoers.
Comment out requiretty by changing the line…
In Part 2 of this article, I’ll be going over some theory and prepping the external drive.