1

I am trying to get hold of truecrypt for an armhf linux or something similar.

I was wondering if there were any sources to do this? or can anyone make a suggestion? I need it so when its ejected nothing is at risk from being left decrypted.

TheHidden
  • 808
  • 1
    What about LUKS? –  Oct 14 '15 at 10:16
  • @Begueradj how good is this at creating a separate encrypted volume? from what I understand this would be the whole FS ? I am having a quick search but all I cant work out the finer details – TheHidden Oct 14 '15 at 10:35
  • Luksus is a command-line tool which apparently also supports TrueCrypt volumes. But I guess we could help you better if you gave us more information, e.g. what distribution/system you plan this running on. – phk Oct 14 '15 at 10:41
  • @phk all I can tell you is that I am using an ubuntu type fs using kernel 3.15.0+ on a armhf (armv7) architecture. it is going to be painful lol there is no specific build out there had to bundle it all my self. – TheHidden Oct 14 '15 at 11:22
  • Don't use Truecrypt. If you must go that route rather than LUKS consider Veracrypt instead. – Chris Davies Oct 14 '15 at 11:42
  • @roaima I get truecrypt is "broken" (cannery) but I need something that works pretty much the same way I am looking into as many methods as I can but so far it looks like i will have to do everything from source because it doesnt match up to my armv7 – TheHidden Oct 14 '15 at 12:28
  • OK, so you would need something compatible with the Debian ARM-port https://wiki.debian.org/ArmHardFloatPort. Anyway, I just noticed someone has apparently made a VeraCrypt binary for ARMv7: https://veracrypt.codeplex.com/wikipage?title=Contributed%20Resources (and Veracrypt is compatible with Truecrypt volumes) – phk Oct 14 '15 at 12:44
  • @phk I am trying this out but i keep getting a "dev/mapper/control: open failed: No such device" any ideas? – TheHidden Oct 14 '15 at 14:16

2 Answers2

1

I just added a armhf to my truecrypt PPA. I have only tested it on a Raspberry Pi and it worked great. See: https://launchpad.net/~stefansundin/+archive/truecrypt

On Raspbian you can run the following to install:

echo 'deb http://ppa.launchpad.net/stefansundin/truecrypt/ubuntu xenial main' | sudo tee /etc/apt/sources.list.d/truecrypt.list
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-key FFE1FFFFAFEC55BB
gpg --export --armor FFE1FFFFAFEC55BB | sudo apt-key add -
sudo apt-get update
sudo apt-get install truecrypt

The version is 7.1a, and I do not intend to update to 7.2 because it has less functionality.

stefansundin
  • 111
  • Thank you so much for this Stefan! This was a lifesaver, since Veracrypt can't decrypt what was encrypted by Truecrypt 7.1a (at least on RPi). I hope you keep that PPA available and updated. It'd be even more cool if you could make the binaries available on GitHub and perhaps even write a tutorial on how anyone could create the installer to run it on ARM 32 bit or ARM 64 bit. So that the knowledge would be available even if the PPA isn't...or even if the versions change. – Nav Apr 11 '23 at 15:34
0

The best way to to “full-disk” (which really means full-partition) encryption on Linux is to use its native facility: dm-crypt. This is pretty much always easier to set up than a third-party tool (fewer layers), more secure (fewer layers), and faster (fewer layers, and also the encryption is done in the kernel which is usually optimized to take into account all processor features including, in your case, NEON).

Use cryptsetup to manipulate encrypted volumes. Cryptsetup can manipulate several formats; use the standard one, LUKS. To create an encrypted volume, use a command like

cryptsetup luksFormat /dev/sdz1

(Be sure to specify the right disk instead of /dev/sdz1!)

When the disk is inserted, open the encrypted volume with

cryptsetup luksOpen /dev/sdz1 mysdcard

(You might do that with a udev rule — example)

Cryptsetup also supports a format that's compatible with TrueCrypt. The only reason to use this format (but it's a valid one) is if you want the removable disk to be also usable in Windows, which has TrueCrypt (or successors) but not LUKS.

Community
  • 1
Gilles 'SO- stop being evil'
  • 829,060
  • can i get this easily on armv7? and I would like a way to not have to use the kernel if possible. oh also I dont want to create a partition, I want to create a volume within the current partition it has to work in the same way true crypt does – TheHidden Oct 15 '15 at 12:07
  • @user1779617 Why don't you want to use the kernel? It has exactly the tool you need. You can make a volume that's a file within a partition with dm-crypt, I think you just need to pass the file name to cryptsetup luksFormat and cryptsetup luksOpen. – Gilles 'SO- stop being evil' Oct 15 '15 at 12:27
  • I have now built the mapper into the kernel (I was having some issues with my re-compile)... giving it my best shot but im just getting annoying errors – TheHidden Oct 15 '15 at 13:31