Part 1: TrueCrypt on Fedora 20

I’ve been wanting to do this for a while, but never got around to. I’m finally going to be encrypting my local backups.

Currently, I backup a few folders (Dropbox, Desktop, /etc) from my laptop to a 1TB USB 3.0 external hard drive. I use rsync, but create a separate folder for each backup, as opposed to using the differential backup feature. This gives me “snapshots” of my files at a point in time, at the expense of disk space.  In a future project, I’m going to be purchasing a second external hard drive to use for differential backups.

As a fan of Linux, I’d prefer to use an open source encryption solution. However, I sometimes use a Windows machine. I have a Windows 7 VM that I use, and both my work laptop and PC run Windows 7. For me, the biggest obstacle was finding something that was cross-platform compatible, and relatively easy to use. I had heard of TrueCrypt before, but never really took encrypting my data seriously. TrueCrypt is great. It is (mostly) open source, easy to use, and cross-platform. However, no one is really sure who wrote the software, and parts of the license are a bit unclear.

After learning how the NSA tried to foil most encryption (by placing back doors into crypto software) I came across an article proposing an audit to TrueCrypt. There was overwhelming public support, with contributions of over $16k on FundFill and over $46k on IndieGoGo. The major goals of the project are:

  1. Review the license
  2. Determine if binaries are built from source code
  3. Fix bugs in code
  4. Conduct audit of cryptography software

At the time of this writing, the audit is still in progress. But, for the time being, I figured if it was secure enough for this banker, it was good enough for me.

TrueCrypt is a forbidden item in most Linux distributions. “Forbidden”, because it does not comply with Fedora’s 100% open standards (mostly due to its unclear license). This only means we can’t install it from a Fedora-approved repository using yum, and will have to download the binary and install it manually. It wouldn’t be fair of me to not mention RealCrypt. RealCrypt is based on TrueCrypt, just repackaged with different branding and a few small tweaks. For all intents and purposes, you could use either, but this guide will be about TrueCrypt.

 

Install TrueCrypt

Step 1 – Download

Download TrueCrypt from here, or use wget…

32-bit

wget http://www.truecrypt.org/download/truecrypt-7.1a-linux-x86.tar.gz

64-bit

wget http://www.truecrypt.org/download/truecrypt-7.1a-linux-x64.tar.gz

UPDATE – Since TrueCrypt went offline, check out my other post for alternate download locations.

 

Step 2 – Extract

I’m using the 64-bit version, change your command appropriately

tar -zxvf truecrypt-7.1a-linux-x64.tar.gz

 

Step 3 – Install

sudo ./truecrypt-7.1a-setup-x64

 

Step 4 – Run

Start TrueCrypt by running…

truecrypt

…or going to Menu–>Accessories–>TrueCrypt 20140311_001

 

Sudo access

As a side-note, your user account will have to have root or sudo access to install and run TrueCrypt.

Step 1 – Become root

Su to root, and enter root’s password

su -

 

Step 2 – Add to wheel group

Run the following command, replacing sampleusername with your username. This will add your user to the wheel group, which typically has root access.

usermod sampleusername -a -G wheel

Logoff and back on for the changes to take effect. You can verify your groupset by entering

groups

 

Step 3 – TTY access

At some point while creating a container, you’ll be prompted to enter your password, at which point, you will receive an error.

20140311_002 20140311_003

This is because sudo will only run when the user is logged in to a real TTY. To fix this, we need to comment out a line from /etc/sudoers.

sudo visudo

Comment out requiretty by changing the line…

Defaults    requiretty

…to

#Defaults    requiretty

 

In Part 2 of this article, I’ll be going over some theory and prepping the external drive.

-Logan

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.