|
Size: 6840
Comment:
|
Size: 6796
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 30: | Line 30: |
| realcrypt has a GUI, but in order to create a volume that can be mounted by ordinary users, you have to use the coomand line. | realcrypt has a GUI, but in order to create a volume that can be mounted by ordinary users, you have to use the command line. |
| Line 34: | Line 34: |
| [user1@desktop1 ~]$ realcrypt -t -c |
{{{ [root@localhost ~]# realcrypt -t -c |
| Line 37: | Line 37: |
1) Normal 2) Hidden Select [1]: 1 Enter file or device path for new volume: volume.tc |
1) Normal 2) Hidden Select [1]: Enter volume path: /root/realcrypt ## enter file or device path for new volume: Enter volume size (sizeK/size[M]/sizeG): 100M Encryption algorithm: 1) AES 2) Serpent 3) Twofish 4) AES-Twofish 5) AES-Twofish-Serpent 6) Serpent-AES 7) Serpent-Twofish-AES 8) Twofish-Serpent Select [1]: Hash algorithm: 1) RIPEMD-160 2) SHA-512 3) Whirlpool Select [1]: ##the default is 1 - just hit <enter> |
| Line 47: | Line 63: |
1) FAT 2) None |
1) FAT 2) None |
| Line 54: | Line 67: |
| Enter volume size (bytes - size/sizeK/sizeM/sizeG): 100M Hash algorithm: 1) RIPEMD-160 2) SHA-1 3) Whirlpool Select [1]:##the default is 1 - just hit <enter> Encryption algorithm: 1) AES 2) Blowfish 3) CAST5 4) Serpent 5) Triple DES 6) Twofish 7) AES-Twofish 8) AES-Twofish-Serpent 9) Serpent-AES 10) Serpent-Twofish-AES 11) Twofish-Serpent Select [1]: 8 Enter password for new volume ‘volume.tc’:## enter your desired password Re-enter password:## re-enter your desired password Enter keyfile path [none]:## just hit <enter> we haven’t created a keyfile realcrypt will now collect random data. Is your mouse connected directly to computer where realcrypt is running? [Y/n]: ## hit <enter> Please move the mouse randomly until the required amount of data is captured… Mouse data captured: 100% Done: 99.91 MB Speed: 7.08 MB/s Left: 0:00:00 Volume created. |
Enter password: ## enter your desired password Re-enter password: Enter keyfile path [none]: ## just hit <enter> we haven’t created a keyfile Please type at least 320 randomly chosen characters and then press Enter: Characters remaining: 15 Done: 100.000% Speed: 28 MB/s Left: 0 s The RealCrypt volume has been successfully created. }}} |
| Line 114: | Line 87: |
| [user1@desktop1 ~]$ realcrypt -t --mount --file-system=none volume.tc Enter mount directory [none]:##Hit <enter> Protect hidden volume? [y/N]:##Hit <enter> Enter keyfile path [none]:##Hit <enter> Enter password for ‘/home/user1/volume.tc’:##Enter the Password you chose and hit <enter> |
{{{ [root@localhost ~]# realcrypt -t --mount --filesystem=none /root/realcrypt ## enter your chosen file or device path Enter password for /root/realcrypt: ##Enter the Password you chose and hit <enter> Enter keyfile [none]: ## Hit <enter> Protect hidden volume (if any)? (y=Yes/n=No) [No]: ## Hit <enter> }}} |
| Line 128: | Line 103: |
| [user1@desktop1 ~]$ realcrypt -t -l /dev/mapper/realcrypt1 /home/user1/volume.tc |
{{{ [root@localhost ~]# realcrypt -t -l 1: /root/realcrypt /dev/mapper/realcrypt1 - }}} |
| Line 136: | Line 115: |
| [user1@desktop1 ~]$ mkfs.ext3 /dev/mapper/realcrypt1 mke2fs 1.40.2 (12-Jul-2007) |
{{{ [root@localhost ~]# mkfs.ext3 /dev/mapper/realcrypt1 mke2fs 1.41.4 (27-Jan-2009) |
| Line 141: | Line 120: |
| Line 143: | Line 121: |
| Line 145: | Line 122: |
| Line 147: | Line 123: |
25688 inodes, 102396 blocks 5119 blocks (5.00%) reserved for the super user |
25584 inodes, 102144 blocks 5107 blocks (5.00%) reserved for the super user |
| Line 153: | Line 126: |
| Line 155: | Line 127: |
| Line 157: | Line 128: |
| Line 159: | Line 129: |
1976 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729 Writing inode tables: done |
1968 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729 Writing inode tables: done |
| Line 170: | Line 135: |
| Line 173: | Line 137: |
| This filesystem will be automatically checked every 25 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. |
This filesystem will be automatically checked every 39 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. }}} |
| Line 181: | Line 146: |
[user1@desktop1 ~]$ mkdir safe [user1@desktop1 ~]$ mount /dev/mapper/realcrypt1 safe [user1@desktop1 ~]$ mkdir safe/my_safe [user1@desktop1 ~]$ chown user1:user1 safe/my_safe |
{{{ [root@localhost ~]# mkdir /home/user1/safe [root@localhost ~]# mount /dev/mapper/realcrypt1 /home/user1/safe [root@localhost ~]# mkdir /home/user1/safe/my_safe [root@localhost ~]# chown user1:user1 /home/user1/safe/my_safe }}} |
| Line 193: | Line 159: |
| [user1@desktop1 ~]$ cd safe [user1@desktop1 safe]$ ls -l |
{{{ [root@localhost ~]# cd /home/user1/safe [root@localhost safe] ls -l |
| Line 202: | Line 169: |
| }}} | |
| Line 208: | Line 176: |
| [user1@desktop1 safe]$ cd my_safe [user1@desktop1 my_safe]$ touch test.txt [user1@desktop1 my_safe]$ ls -l total 0 |
{{{ [user1@localhost safe]# cd my_safe [user1@localhost my_safe]# touch test.txt [user1@localhost my_safe]# ls -l total 1 |
| Line 217: | Line 186: |
| }}} | |
| Line 221: | Line 191: |
[user1@desktop1 my_safe]$ cd ~ [user1@desktop1 ~]$ umount /dev/mapper/realcrypt0 [user1@desktop1 ~]$ realcrypt -d [user1@desktop1 ~]$ realcrypt -l No volumes mapped [user1@desktop1 ~]$ |
{{{ [user1@localhost my_safe]# cd ~ }}} Then as root {{{ [root@localhost ~]# umount /dev/mapper/realcrypt1 [root@localhost ~]# realcrypt -d [root@localhost ~]# realcrypt -l [root@localhost ~]# }}} |
| Line 238: | Line 212: |
| [user1@desktop1 ~]$ realcrypt -t –mount –filesystem=ext3 volume.tc Enter mount directory [none]: safe Protect hidden volume? [y/N]:##Hit <enter> Enter keyfile path [none]:##Hit <enter> Enter password for ‘/home/user1/volume.tc’:##Enter the password you chose [user1@desktop1 ~]$ |
{{{ [root@localhost ~]# realcrypt -t --mount --filesystem=ext3 /root/realcrypt /home/user1/safe Enter password for /root/realcrypt: ##Enter the password you chose Enter keyfile [none]: ##Hit <enter> Protect hidden volume (if any)? (y=Yes/n=No) [No]: ##Hit <enter> [root@localhost ~]# }}} |
| Line 253: | Line 226: |
[user1@desktop1 ~]$ realcrypt -d |
{{{ [root@localhost ~]# realcrypt -d }}} |
Contents
Installation Instructions
yum install realcrypt
What is realcrypt?
The realcrypt application in the RPM Fusion repo is an encryption application based on truecrypt, freely available at http://www.truecrypt.org/. It differs from truecrypt in only the following ways:
The name truecrypt is changed to realcrypt throughout the application, as requested by the truecrypt License:
- All original graphics are replaced with entirely original new ones, as requested by the truecrypt License:
- A small patch allows alternative optimization flags to those specified in the original buildsystem to be used during compilation, and the binary package is compiled using Fedora's standard optimization flags.
- Additional support scripts and configuration files are included that allow the application to run through consolehelper. This simply means that you can attempt to run the application as a regular user, and it will prompt you for the administrator password and then launch the application with administrator privileges.
- A menu entry for the application is added
It does not differ from truecrypt in any other respect; in particular, no code relating to actual encryption or decryption is modified. Nevertheless, the truecrypt License requires that we ask you to report any and all bugs you find to [https://bugzilla.rpmfusion.org/ RPM Fusion's Bugzilla] and not to the truecrypt project.
Creating a New Volume that can be mounted by a normal user
realcrypt has a GUI, but in order to create a volume that can be mounted by ordinary users, you have to use the command line.
All actions are performed as 'root'
[root@localhost ~]# realcrypt -t -c Volume type: 1) Normal 2) Hidden Select [1]: Enter volume path: /root/realcrypt ## enter file or device path for new volume: Enter volume size (sizeK/size[M]/sizeG): 100M Encryption algorithm: 1) AES 2) Serpent 3) Twofish 4) AES-Twofish 5) AES-Twofish-Serpent 6) Serpent-AES 7) Serpent-Twofish-AES 8) Twofish-Serpent Select [1]: Hash algorithm: 1) RIPEMD-160 2) SHA-512 3) Whirlpool Select [1]: ##the default is 1 - just hit <enter> Filesystem: 1) FAT 2) None Select [1]: 2 Enter password: ## enter your desired password Re-enter password: Enter keyfile path [none]: ## just hit <enter> we haven’t created a keyfile Please type at least 320 randomly chosen characters and then press Enter: Characters remaining: 15 Done: 100.000% Speed: 28 MB/s Left: 0 s The RealCrypt volume has been successfully created.
We’ve now created an unformated volume, we’re going to map the volume so that we can format it with ext3 in the next section.
[root@localhost ~]# realcrypt -t --mount --filesystem=none /root/realcrypt ## enter your chosen file or device path Enter password for /root/realcrypt: ##Enter the Password you chose and hit <enter> Enter keyfile [none]: ## Hit <enter> Protect hidden volume (if any)? (y=Yes/n=No) [No]: ## Hit <enter>
Let’s check to make sure the volume was mapped. Issue the command below and you should see a similar output
[root@localhost ~]# realcrypt -t -l 1: /root/realcrypt /dev/mapper/realcrypt1 -
Now we’ll format the volume with ext3
[root@localhost ~]# mkfs.ext3 /dev/mapper/realcrypt1
mke2fs 1.41.4 (27-Jan-2009)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
25584 inodes, 102144 blocks
5107 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
13 block groups
8192 blocks per group, 8192 fragments per group
1968 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 39 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.Now that we’ve formated the volume we’ll create a directory in which we’ll mount the volume, then mount the volume, create a directory, and then take ownership of that directory. In the forth command below replace user1:user1 with your user:group.
[root@localhost ~]# mkdir /home/user1/safe [root@localhost ~]# mount /dev/mapper/realcrypt1 /home/user1/safe [root@localhost ~]# mkdir /home/user1/safe/my_safe [root@localhost ~]# chown user1:user1 /home/user1/safe/my_safe
Now we’ll change directories and check the ownership
[root@localhost ~]# cd /home/user1/safe [root@localhost safe] ls -l total 13 drwx—— 2 root root 12288 2008-01-16 10:58 lost+found/ drwxr-xr-x 2 user1 user1 1024 2008-01-16 10:59 my_safe/
You’ve now successfully created a normal volume, formated the volume, created the safe directory to be the mount point, mounted the volume and created a directory within it that we took ownership of so that we can write to the volume as a normal user. While mounted, you can use your file browser and create/copy any data like you would in any normal directory. To continue on the howto example a little further in konsole, we’ll change to the my_safe directory we created and took ownership of and create a file named test.txt. We’ll no longer need to use ’sudo’ as ownership of the directory is now our normal user account.
[user1@localhost safe]# cd my_safe [user1@localhost my_safe]# touch test.txt [user1@localhost my_safe]# ls -l total 1 -rw-r–r– 1 user1 user1 0 2008-01-16 11:00 test.txt
To un-mount the volume, we’ll need to change directory out of the mounted volume which we did in the above step, then un-mount the volume, and then double check that no volumes are mapped.
[user1@localhost my_safe]# cd ~
Then as root
[root@localhost ~]# umount /dev/mapper/realcrypt1 [root@localhost ~]# realcrypt -d [root@localhost ~]# realcrypt -l [root@localhost ~]#
We’re done with the creation process, when you want to map and mount the volume to use it regularly the process would be as follows
[root@localhost ~]# realcrypt -t --mount --filesystem=ext3 /root/realcrypt /home/user1/safe Enter password for /root/realcrypt: ##Enter the password you chose Enter keyfile [none]: ##Hit <enter> Protect hidden volume (if any)? (y=Yes/n=No) [No]: ##Hit <enter> [root@localhost ~]#
Once you’re done using the volume, dismount and unmap it.
[root@localhost ~]# realcrypt -d