Installing TrueCrypt 5.1a & 6.1a On Ubuntu 8.04, 8.10 or 9.04

TrueCrypt was finally made available for Linux with the release of version 5.1a. Here’s how to install it.

**Update**
I have been made aware by Onopoc in the comments section that this same tutorial will work with TrueCrypt 6.1a as well. Simply change the name of the file in the respective spots where the exact file name is used

Installing TrueCrypt

  1. Open a terminal window and type: ‘wget http://www.truecrypt.org/downloads/truecrypt-5.1a-ubuntu-x86.tar.gz’
    TrueCrypt on Ubuntu
  2. Once that is done, type: ‘tar zxvf truecrypt-5.1a-ubuntu-x86.tar.gz’
    TrueCrypt on Ubuntu
  3. Now go to ‘Places‘ –> ‘Home Folder‘ and look for a file called
    truecrypt-5.1a-setup-ubuntu-x86‘ and double click on it
    Opening TrueCrypt
  4. You should get a dialog box asking you what you want to do with it. Choose ‘Run in Terminal
    Run TrueCrypt in the Terminal
  5. You should now see another dialog box with the option to ‘Install TrueCrypt‘ at the bottom. Choose this.
    Install TrueCrypt
  6. You will now have to accept the TrupeCrypt agreement, so choose the appropriate button
    Accept TrueCrypt EULA
  7. You should now see the package installer. Click the ‘Install Package‘ button in the upper right
    Install TrueCrypt
  8. Wait for the package to install. It may hang for a bit, but just let it run. You will soon be presented with a new dialog box saying the installation was successful
    Installation Successful

Running TrueCrypt

There are a couple of fairly easly ways to run TrueCrypt now that we have it installed.

The first way is to press ‘Alt + F2‘ and enter ‘truecrypt‘ in the text area. Then press ‘Run‘.
Launching TrueCrypt

The better way to do it is to create a launcher for it to make it easier for us in the future. Here’s how.

  1. Right click on the desktop and choose ‘Create Launcher
    Create Launcher
  2. In the box that comes up, type ‘TrueCrypt‘ in the Name field and
    truecrypt‘ in the Command field.
    Enter Name and Command
  3. You should now see an icon similar to this on your desktop
    Launcher Icon

That’s it. All you have to do to run TrueCrypt now is to double click your newly created launcher!
TrueCrypt Running

Encrypting Thumb Drives With TrueCrypt

TrueCrpyt LogoLast week I wrote a post on how to encrypt entire hard drives with TrueCrypt. We all know how easy it is to have your laptop lost or stolen and how important it is to protect sensitive data. However, something that is even easier to lose and often has just as sensitive data on it is thumb drives. I know personally I’ve lost a couple of them over time.

Today we’re going to learn how to encrypt these drives to keep them from prying eyes.

Setting Up

Just a few things to get you prepared for the encryption process.

  1. Grab TrueCrypt if you don’t already have it.
  2. Make sure your thumb drive is plugged in and move everything on it to your desktop. This is important because TrueCrypt is going to format the drive during the encryption process.
  3. Open the main TrueCrypt window
    TrueCrpyt encrypting thumb drives

Beginning the Encryption Process

During this phase, we will be getting the settings together so we can actually encrypt the drive.

  1. Click the ‘Create Volume‘ button on the main TrueCrypt window
  2. Choose the second radio button: Create a volume with a non-system partition/device
    Create a volume with a non-system partition/device
  3. At the next screen, leave the radio button on ‘Standard TrueCrypt Volume‘ (unless you know what you’re doing and want to get fancy:)
    Standard TrueCrypt Volume
  4. Now click the button that says ‘Select Device
    select device in truecrypt
  5. Find your thumb drive in the list (you can tell by what drive letter it is mounted in Windows). For this tutorial, we are going to choose the ‘partition’ not the actual device (so in my case ‘\Device\Harddisc6\Partition1′)
    selecting the partition
    If you get a warning after clicking ‘ok’, you can ignore it. It’s simply stating that you could also create an encrypted file on the device rather than encrypting the entire drive. Click Next
  6. I like to leave the Encrpytion and the Hash algorithms at their defaults, AES and RIPEMD-160 respectively. Feel free to play around if you know what you are doing.
    selecting encryption and hash algorithms aes ripemd-160
  7. On the Volume Size screen, you won’t be able to do anything because we chose to encrypt the entire drive. Click ‘Next
    encrypted volume size
  8. Create a passphrase on the next screen. Depending on how secure you want it to be, 20 characters is recommended. If nothing else, try to use symbols, caps, lowercase and numbers.
    choose and encryption passphrase

Starting the Encryption

Now, we will actually start the encryption process itself.

  1. Now you will need to move your mouse around the TrueCrypt window to create a unique pool of characters. This is important to the strength of the encryption keys TC will use.
    create a pool of unique keys
  2. Once you are satisfied, click the ‘Format’ button. You will be presented with a box saying that all data will be lost NOT encrypted. If you followed along from the start, you’ve already moved all your data off the drive and this won’t be a problem and you can click ‘Yes
    data is going to be encrypted
  3. TrueCrypt will now begin to encrypt the drive. Mine was only 128MB so it only took a few minutes. Your time will vary
    TrueCrypt encrypting the drive
  4. If everything went well, you should see a box saying the encryption was successful!
    successfully encrypted

Mounting the Drive

The first thing you will probably notice is that Windows doesn’t recognize the drive like it normally did. You can click on the drive letter it assigns it, but it’s just going to ask you if you want to format it. Don’t! Here’s what you do.

  1. Make sure the drive is still plugged in and the main TrueCrypt window is open. Also, select a drive letter in the list, I highlighted ‘Y’
    successfully encrypted
  2. Click the ‘Auto-Mount Devices‘ button. It’s going to ask you for the passphrase you created earlier, so enter that.
    enter your passphrase
  3. Your drive should now be mounted as whatever letter you choose (in my case ‘Y’)
    successfully mounted
  4. Your drive will now be able to be accessed just like any other drive on your system!

Final Thoughts

There really isn’t much to encrypting your data with TrueCrypt, but that doesn’t diminish the need for strong encryption on all of our portable (and non-portable) devices. A couple of final notes:

  1. Make sure you ‘Dismount’ the thumb drive before pulling it out by selecting the volume in the main TrueCrypt window and clicking on the ‘Dismount’ button.
  2. Also remember that you need TrueCrypt installed on every computer you will be using your thumb drive one. Sounds like a no-brainer, but be aware if your IT department won’t allow you to install extra software on your work machines.

Using Truecrypt to Encrypt Your Entire Hard Drive

If you’re as paranoid as I am, you more than likely appreciate the advancements that the TrueCrypt team has made with version 5.0. For me, the greatest thing they did was making whole disk encryption dead simple. Here’s how you do it.

Getting Started

  1. First you will need to visit the TrueCrypt site and download and install it on your system. I’m going to be using Windows XP for my demonstration, but they have since released very good and stable version for Mac OSX and Linux.
  2. Next, go ahead and open the main window by clicking on the TrueCrypt logo in the system tray. The window should look like this
    truecrypt whole disk encryption

Setting Up the Encryption Settings

  1. Click the the ‘Create Volume ‘ button
  2. On the next window, choose the radio button next to ‘Encrypt the system partition or entire system drivetruecrypt encrypt the system partition or entire drive
  3. You now have the option to ‘Encrypt the Windows system partition’ or ‘Encrypt the whole drive ‘. We will be choosing the latter for this example.truecrypt encrypt the whole drive
  4. For the next screen you can choose ‘Single Boot ‘ or ‘Multi-Boot’. More than likely you are only running one OS on your computer, so we will choose Single Boot.truecrypt encrypt the system partition or entire drive
  5. Now you can choose the encryption settings. Unless you really know what you are doing, the default settings are fine. AES is an incredibly powerful encryption algorithm and should be all you need. I would also leave the Hash Algorithm at RIPEMD-160
    truecrypt with AES and RIPEMD-160
  6. Next you will need to create a password. Depending on how paranoid you are, you should choose a passphrase close to 20 characters in length. I would also recommend using Steve Gibson’s Perfect Passwords Generator to make sure you create a completely unique phrase.
    truecrypt passphrase password random number generator
  7. Next you will need to move your mouse around the TrueCrypt window to create randomized data. This is fairly important, so spend a minute or two moving your mouse to make sure you really randomize things.
    truecrypt random number pool
  8. The next window should simply be showing you the keys that were generated for you. You can simply click next here.
    truecrypt generated keys

Creating the Rescue Disk

  1. The next step is to create what TrueCrypt calls the ‘Rescue Disk’. This disk will be used in case the boot loader or Windows become corrupt or infected with malware, yu will always have a way to decrypt the system. This step is extremely important, and TC will not let you proceed until it is satisfied that you did everything correctly. Begin by clicking the ‘Browse ‘ button. This will bring up a dialog box. Browse to your desktop and name the file something like rescueDisk.iso. IMPORTANT: remember to append the .iso or your file will not work correctly.
    truecrypt rescue disk
  2. You should now see a window telling you the file was created successfully. It’s now time to burn the newly created .iso file to a cd. I strongly recommend using ImgBurn . If for some reason that doesn’t work, you can use something like CD Burner XP Pro . Click next
    truecrypt iso recording imgburn
  3. Make sure you have a blank CD in your drive and open ImgBurn. Click on ‘Write image file to disc’
    truecrypt iso recording imgburn
  4. Next click on the ‘Browse for a file’ button
    truecrypt iso recording imgburn
  5. Finally click the giant ‘Write’ button towards the bottom
    truecrypt iso recording imgburn
  6. After you have the disc burned, leave it in the drive and click ‘Next’ in the TrueCrypt window
    truecrypt iso rescue disk verify
  7. If all went well you will be notified that the Rescue Disk was successfully verified
    truecrypt rescue disk successfully burned

Pretest and Installing the Bootloader

  1. You can choose to wipe the drive to really give you an incredibly secure hard drive, or just choose none if you aren’t storing government secrets on your computer (not that the government is intelligent enough to encrypt hard drives).
    truecrypt wipe mode
  2. Next TC will begin the pretest to make sure everything is in working order before it begins the encryption process. This will also install the TrueCrypt boot loader on the boot sector of your hard drive. This is a major reason why this encryption is so great. There is virtually no way to boot into the Windows file system without having the decryption key. Click ‘Test
    truecrypt pretest boot sector
    A friendly warning:)
    truecrypt boot warning
  3. After TC runs a few things you will be presented with a window to restart. Click ‘Yes
    truecrypt restart
  4. After the computer boots back up, you should see a black and white screen. Enter your passphrase you created earlier.
    truecrypt boot loader
  5. If all went well you will now see a new dialog box saying the pretest was completed successfully.
    truecrypt pretest completed successfully
  6. Click ‘OK’ on the Rescue Disk information window
    truecrypt rescue disk

Finally! Encrypting the Drive

  1. Whew! If you’ve made it this far, congratulations! We are now ready to encrypt the drive. You should see a window similar to the one below. Simply click the ‘Encrypt’ button and depending on your wipe mode and your encryption algorithms, go have a cup of coffee or go to sleep and let it run overnight.
    truecrypt begin the encryption
  2. When everything is done, you should see this
    truecrypt successfully encrypted

In Closing

If you were able to get through this tutorial, you should now feel much safer with your data knowing it’s now gone from incredibly insecure, to even the DOD or NSA would have trouble getting in (unless of course there was water boarding involved).

This is really helpful if you travel a lot and carry a laptop all the time. If something were to happen and it gets lost or stolen, yes, you lose the data but at least whoever has it can’t get it either. Of course this means we need some training in the art of backing up;)