summaryrefslogtreecommitdiffstats
path: root/wiki/src/doc/encryption_and_privacy/truecrypt.mdwn
blob: bd9f4fea7341a001ec92999e16801fe9f903009c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
[[!meta title="Opening TrueCrypt volumes using cryptsetup"]]

On 28 May 2014, the [*TrueCrypt* website](http://truecrypt.sourceforge.net/) announced that the
project was no longer maintained and recommended users to find
alternate solutions. That website now reads:

> WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.

*TrueCrypt* was removed in Tails 1.2.1.

<div class="tip">

<p>We recommend that you use [[Tails encrypted persistence|doc/first_steps/persistence]] or [[LUKS encrypted
volumes|/doc/encryption_and_privacy/encrypted_volumes]] instead of <span class="application">TrueCrypt</span>
volumes.</p>

</div>

Still, you can open standard and hidden *TrueCrypt* volumes in Tails using the `cryptsetup`
command line tool.

<div class="note">

<p>This technique might not work on volumes created with <em>TrueCrypt</em>
version 4.1 to 4.3 (November 2005 to March 2007).</p>

</div>

1. [[Set up an administration
   password|first_steps/startup_options/administration_password]].

1. Choose
   <span class="menuchoice">
     <span class="guimenu">Applications</span>&nbsp;▸
     <span class="guisubmenu">System Tools</span>&nbsp;▸
     <span class="guimenuitem">Root Terminal</span>
   </span>
   to open a terminal with administration rights.

1. **If you want to open a standard *TrueCrypt* volume**, execute the
   following command. Replace `[volume]` with the path to your volume
   (partition or file container) and `[name]` with a name of your choice.

       cryptsetup open --type tcrypt [volume] [name]
   
   Here is an example of the command to execute to open a standard volume in a file container, yours is probably
   different:

       cryptsetup open --type tcrypt /media/amnesia/mydisk/mycontainer myvolume

   **Else, if you want to open a hidden *TrueCrypt* volume**, execute
   the following command. Replace `[volume]` with the path to your volume
   (partition or file container) and `[name]` with a name of your choice.

       cryptsetup --tcrypt-hidden open --type tcrypt [volume] [name]
   
   Here is an example of the command to execute to open a hidden volume on a partition, yours is probably
   different:

       cryptsetup --tcrypt-hidden open --type tcrypt /dev/sdc1 myhidden

1. After typing your password and once the command prompt reappears, execute the following commands to mount
   the volume. Replace `[name]` with the name chosen in step&nbsp;3.

       mkdir /media/amnesia/[name]

   a. And, if your volume contains a **NTFS or FAT file system** (default):

          mount -o uid=1000 /dev/mapper/[name] /media/amnesia/[name]

   a. Else, if your volume contains an **Ext2, Ext3, or Ext4 file system**:

          mount /dev/mapper/[name] /media/amnesia/[name]

1. If you don't see any error message, the volume is now available from the
   <span class="guimenu">Places</span> menu.

1. When you want to close your *TrueCrypt* volume, execute
   the following commands to safely remove it.
   Otherwise some of your files could be lost or damaged.
   Replace `[name]`with the mapping name chosen in step&nbsp;3.

       umount /media/amnesia/[name]
       cryptsetup close [name]