This document describes how to set up TrueCrypt 5.1a on Debian Etch (GNOME). Taken from the TrueCrypt page: “TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).”
One important change in version 5 is that it is not longer affected by changes to the Linux kernel.
This howto is a practical guide without any warranty – it doesn’t cover the theoretical backgrounds. There are many ways to set up such a system – this is the way I chose.
1 Preliminary Note
I used a standard Debian Etch r3 system for this howto – there were no extra repositories added.
2 Needed Packages
Let’s install some needed packages (root privileges are needed).
apt-get install build-essential libfuse-dev fuse-utils pkg-config libgtk2.0-dev
3 FUSE Kernel Module
Now we have to load the FUSE kernel module (root privileges needed):
To make sure that the FUSE kernel module will be loaded automatically on boot you have to add it to the modules list (root privileges needed).
Add the following two lines to the file.
#FUSE for TrueCrypt
The wxWidgets source code is needed to build the TrueCrypt executable – so let’s download it (do this as user, not as root!).
tar xvfz wxGTK-2.8.7.tar.gz
5.1 Get It
Open http://www.truecrypt.org/downloads.php within your preferred browser and click on the corresponding link to get to the download page for the source code.
Select “Mac OS X / Linux (.tar.gz)” from the drop-down menu, read the license agreement and accept it if you agree with it. Now click on “Download” …
… and save the file.
Next unpack the file. You can do this on the desktop …
… or from the command line (do this as user, not as root!).
tar xvfz TrueCrypt\ 5.1a\ Source.tar.gz
5.2 Compile It
Now we compile the TrueCrypt executable (do this as user, not as root!).
make WX_ROOT=~/Desktop/wxGTK-2.8.7 wxbuild
Ignore the warning “gsockgtk.cpp:134: warning: ´wxDummyGsockVar´ defined but not used” – that’s nothing important.
At this point switch to the root account and copy the TrueCrypt executeable to the right place.
cp /home/%your_username%/Desktop/truecrypt-5.1a-source/Main/truecrypt /usr/local/bin/
After that switch back to your user account, copy the user manual to the desktop and delete the remaninig .tar.gz files and the unpacked source files.
cp truecrypt-5.1a-source/Release/Setup\ Files/TrueCrypt\ User\ Guide.pdf ~/Desktop/
rm -Rf truecrypt-5.1a-source TrueCrypt\ 5.1a\ Source.tar.gz wxGTK-2.8.7 wxGTK-2.8.7.tar.gz
6 TrueCrypt Group
First we have to create a group that we’ll use within the sudo configuration in the next step. All users that belong to this group will be able to use TrueCrypt at full volume. The settings for users and groups are available in the GNOME desktop menu.
Enter the root password.
We have to adjust the sudo configuration to make sure that all members of the group “truecrypt” are allowed to use it (needed to mount crypted files/devices). Open the sudo configuration (root privileges needed) via:
Add the following line to the file …
%truecrypt ALL=(root) NOPASSWD:/usr/local/bin/truecrypt
… and save the changes (CTRL+X respectively STRG+X for German users).
8 GNOME Launcher
Let’s create a launcher in the GNOME menu to ease the access to TrueCrypt (root privileges needed).
The content should look like this:
[Desktop Entry] Encoding=UTF-8 Name=TrueCrypt Name[de]=TrueCrypt Name[en_CA]=TrueCrypt Name[en_GB]=TrueCrypt Comment=TrueCrypt v5.1a Comment[de]=TrueCrypt v5.1a Comment[en_CA]=TrueCrypt v5.1a Comment[en_GB]=TrueCrypt v5.1a Exec=truecrypt Icon=/usr/share/icons/Nuvola/scalable/stock/gtk-dialog-authentication.svg Terminal=false Type=Application Categories=GNOME;Application;System; StartupNotify=true
9 Access TrueCrypt
You can now use the launcher to access the TrueCrypt gui. Please note that it’s also possible to use TrueCrypt via the command line.
Additionally you’ll see a TrueCrypt icon in the upper panel (even if you close the gui) where you can show/hide the gui, mount/dismount volumes and adjust a few settings.
Please have a look at the user manual on your desktop to find out how to use TrueCrypt.