How do I automount truecrypt file/ partition at boot?

zahn01 · 2015-08-08 22:16:44

Greeting all,

I lack the ability (hence my reason for posting) to use /etc/crypttab to mount truecrypt encrypted partitions and filesystems at boot although I have done it (and do it) under “init scripts” based systems. My direct questions appear below the succeeding and prefacing paragraph.

Please note: Before anyone questions my desire to automount encrypted systems at boot, understand that my system is fully encrypted, thanks to luks. Also, please understand that the mountpoints are gid specific with permissions being 770, and no other account is a part of that relevant gid. That having been said, I an open and would welcome any advice about any security hole I may have, based upon the preceding.

I have read the arch wiki, but it did not help me and neither did Google. I am guessing that most internet info that deals with the topic of automounting truecrypt partitions at boot were intended for “init scripts” and not the more recent implementations of systemd. My systemd version is 221 or 222.

Therefore, my questions are as follows:

1) How do I use /etc/crypttab to (at boot) automount a truecrypt encrypted partition that opens with a keyfile?

2) How do I use /etc/crypttab to (at boot) automount a truecrypt encrypted file that opens with a keyfile, under the condition that the truecrypt encrypted file is located within a unencrypted partition? Obviously, the partition is in /etc/fstab with gig specific access and permissions are 770.

Thanks

Masstumor · 2015-08-09 01:00:07

Truecrypt isn't secure hasn't been for sometime now. If I was you I would move away from truecrypt to start. You should check out pgp encryption. its much more secure. Just some friendly advice, doesn't answer your question but if you really wanna keep your things secure I would switch.

jasonwryan · 2015-08-09 01:01:44

Masstumor wrote:

Truecrypt isn't secure hasn't been for sometime now. If I was you I would move away from truecrypt to start.

Not true.

Masstumor · 2015-08-09 01:15:45

jasonwryan wrote:

Not true.

Since truecrypt posted :WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues" there have been tons of articles saying it is and isn't. Still I wouldn't take the chance. They also brought this up at defcon in the past. I'll stop spamming this post just wanted to throw that out there. It's a better safe than sorry situation.

zahn01 · 2015-08-09 02:43:47

Masstumor wrote:

Truecrypt isn't secure hasn't been for sometime now. If I was you I would move away from truecrypt to start. You should check out pgp encryption. its much more secure. Just some friendly advice, doesn't answer your question but if you really wanna keep your things secure I would switch.

No disrespect intended, but I always bristle when someone suggest that truecrypt is insecure. Maybe they no longer have time for it and they do not want truecrypt's good reputation to be maligned when someone else takes over.

Perhaps the code was compromised. Left on a lost flashdrive. Maybe the NSA inserted themselves into the picture. Perhaps there is a truth beyond my ability to make suppositions. Regardless of the facts, unbenownst to most, without proper evidence, I judge truecrypt to be secure.

Also, since I inquired about /etc/crypttab, I 'd be remiss if I did not say.crypttab appears to work as: blockdevice, mountpoint options keyfiles/passwd.

zahn01 · 2015-08-09 02:49:01

jasonwryan wrote:

Masstumor wrote:
Truecrypt isn't secure hasn't been for sometime now. If I was you I would move away from truecrypt to start.
Not true.

You of all people could solve this. I have a high degree of respect for the documentation that you've written(raid+ encrypt'd lvm, etc) over the years. Despite the fact that you killed one of my post, I would feel privileged if you solved this. This would be well within your ability. Let me think: /etccrypttab name blockdevice, options, and last but not least, mountpoint. Whatever, you'll never see this, but thanks for the docs over the last couple of years.

Last edited by zahn01 (2015-08-09 02:51:15)

jasonwryan · 2015-08-09 03:48:05

Have you tried adapting the example in `man crypttab`?

zahn01 · 2015-08-09 16:34:32

jasonwryan wrote:

Have you tried adapting the example in `man crypttab`?

Did I try the sample from the man page? Hah-hah… uhm yeah… doesn't work.

I'll preface my response so that all can see how little I use and understand /etc/crypttab and truecrypt together in the same sentence, despite my sincere efforts to understand the confusing combination.

In crypttab, the first field is the name of whatever the command luksOpen would generate, eg, /dev/mapper/something. "Something" goes in the first field The 2nd field is the partition/file upon which the luksOpen command was performed, eg, sda7, which may optionally be specified by UUID. The third field is for passwords and key files The fourth is options.

What I did:
Between the crypttab man pages, wiki, the output of “mount -l” with truecrypt volumes mounted and sample crypttabs from the internet, everything conflicts and makes no sense. I literally had the man page open in three different windows, so that I could look at the relevant sections without scrolling too much, made and makes no sense to me. Normal crypttab makes sense because in the past I used it successfully. Luks and Truecrypt makes sense because I've used them for years.

My two goals are simple:
Automatically mount a truecrypt encrypted partition (at boot time), which was easy under init scripts.

Automatically mount a truecrypt encrypted file (at boot time), which was easy under init scripts. The program could do it.
Init scripts had a start up folder, so with no knowledge of crypttab, one could write a little script. The script could be placed in the number startup folder that ran later in the boot process

Last edited by zahn01 (2015-08-09 16:49:34)

Arch Linux

#1 2015-08-08 22:16:44

How do I automount truecrypt file/ partition at boot?

#2 2015-08-09 01:00:07

Re: How do I automount truecrypt file/ partition at boot?

#3 2015-08-09 01:01:44

Re: How do I automount truecrypt file/ partition at boot?

#4 2015-08-09 01:15:45

Re: How do I automount truecrypt file/ partition at boot?

#5 2015-08-09 02:43:47

Re: How do I automount truecrypt file/ partition at boot?

#6 2015-08-09 02:49:01

Re: How do I automount truecrypt file/ partition at boot?

#7 2015-08-09 03:48:05

Re: How do I automount truecrypt file/ partition at boot?

#8 2015-08-09 16:34:32

Re: How do I automount truecrypt file/ partition at boot?

Board footer