summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint/replace_truecrypt.mdwn
blob: 3d09f4105d87e60c85468c5ec92acadbe30df813 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
[[!meta title="Replace TrueCrypt"]]

Due to various concerns, TrueCrypt is about to be replaced in Tails,
either by tcplay or cryptsetup.

This is the blueprint for [[!tails_ticket 5373]] and subtasks.

<div class="caution">
This has been resolved by including cryptsetup 1.6.
See the aforementioned ticket for details.
</div>

# Candidate alternatives

## Tc-play

[tc-play](https://github.com/bwalex/tc-play) is a Free implementation
of TrueCrypt based on dm-crypt, licensed under the 2-clause BSD license.
It is in Debian Jessie and wheezy-backports ([[!debpts tcplay]]), and
would serve as a full replacement of TrueCrypt... once a proper
GUI available.

tc-play allows to create TrueCrypt volumes.

version 2 added an ability to save and restore TrueCrypt volume headers to
external header files.This feature can be used to change a TrueCrypt volume
password.

## Cryptsetup

[Cryptsetup 1.6 supports reading the TrueCrypt
on-disk format](https://code.google.com/p/cryptsetup/wiki/Cryptsetup160),
so if/when udisks and friends are adapted (if needed), then we could
as well avoid shipping any additional software at all. It is part of
Debian Jessie.

Once unlocked on the command-line, the TC volume shows up in Nautilus,
but no udisks / GNOME Disks / Nautilus integration is here to enable
the user to graphically activate a TC volume.

Upstream (udisks) feature request:
<https://bugs.freedesktop.org/show_bug.cgi?id=70164>

cryptsetup 1.6.4 does not support creating TrueCrypt volumes.

Backporting cryptsetup 1.6.4-4 for Wheezy [is
easy](https://mailman.boum.org/pipermail/tails-dev/2014-July/006414.html).

## Zulucrypt

[zuluCrypt](https://code.google.com/p/zulucrypt) is a front end to cryptsetup
and tcplay, it make easy to manage Truecrypt
volumes through a GUI, but it's not packaged in Debian yet
([[!debbug 703911 desc="RFP #703911"]]).

  - It uses cryptsetup to unlock TrueCrypt volumes and LUKS volumes.
  - It uses cryptsetup to backup and restore LUKS volume headers.
  - It uses cryptsetup to add and remove keys in LUKS volumes.
  - It uses tcplay to create TrueCrypt volumes.
  - It uses tcplay to backup and restore TrueCrypt volume headers

zuluCrypt now has a [hidden volume like functionality using
cryptsetup](https://code.google.com/p/cryptsetup/issues/detail?id=7#c28).

zuluCrypt can open [LUKS volumes with a detached
header](https://code.google.com/p/cryptsetup/wiki/Cryptsetup140).