Truecrypt is an Free utility that provides on-the-fly hard drive encryption. It also has the ability to encrypt a "container" file. The container file can then be mounted as a virtual hard drive and anything placed on it will be encrypted.
Contents |
I downloaded an RPM from the Truecrypt site.
This Introduction is taken from B-Con's (Brad Conte) site it is used with his permission (See discussion page for details)
Unlike the physical world, in the digital world it is impossible to create a literal physical safe box to store data in. Instead, we create what you might call a “virtual” safe box. In the physical world, objects are placed in a single container, such as a safe. This safe acts as a singular entity and binds all the objects in it together, separating the objects from the rest of the world by strong walls, walls that will open only when presented with the correct key. Likewise, in the digital world, data placed in a “virtual box” will be placed into a single container which acts like a safe. This “virtual safe” acts as a singular entity and binds all the data in it together. It separates the data from the rest of the world by using an algorithm to scramble the original data values so that they are not recognizable unless you have the right key to descramble it.
This safe box concept is the idea behind encrypted volumes, which is the method TrueCrypt uses for encryption. There are programs that exist for encrypting a single file individually, but managing encrypted files individually is not always reasonable. Oftentimes many, many files must be encrypted, and they must be viewed, edited, added to, and subtracted from, frequently. Each file could be manually managed, but it would take a lot of time (and could even cause technical difficulties) to do so. And when you have, say, an entire hard drive full of files that need to be encrypted, it’s not even humanly possible to attempt to manage them individually. Thus, the solution is to mass-manage them together in one encrypted safe box, a.k.a, an encrypted volume.
There are two types of encrypted volumes: files and partitions. With a file, the encrypted volume will be nothing but an ordinary computer file containing the encrypted data placed in it. This file can be copied across drives, downloaded, anything that can be done with a normal computer file. (You could think of it as being basically just like a ZIP or RAR archive, as the concepts of encrypted volumes and compressed archives are very similar.) With a partition, the encrypted volume will be a literal partition on your hard drive, and it will behave just like one.
Don’t be intimidated by the fact that you’ll be using volumes — dealing with encrypted volumes is very simple.
First, you choose the volume you wish to encrypt, whether it be a file or a partition. Then you specify some of the details you want to use (more on those later). Most importantly, you specify a password key that will be used to encrypt the volume. This key will not be stored in any way in the volume, so it is unrecoverable. TrueCrypt then creates the specified volume with the details you provided, encrypts said volume, then writes some encrypted data to the header section of the volume. Of specific interest, in the header there exists something called the “master key”. This master key is what is actually used to encrypt the contents of the volume. The key you entered is used to decrypt the master key, and the master key is used to decrypt the volume. (This means that if you change your key, the entire volume does not have to be decrypted and re-encrypted the new key, just the small header part with the master key needs to re-encrypted.)
After the volume has been created and encrypted, you can easily use it by mounting it with TrueCrypt. Mounting a volume is essentially telling the operating system to treat that volume as an actual disk partition, allowing you to access and manage it just like a normal partition. To mount a volume, all you have to do is select the volume and provide your original key. Once the volume has been mounted, it will appear as a normal drive on your operating system and you can treat it just like one in all regards. You can copy files to it, delete files from it, edit files in it, run programs from it, etc. As far as your operating system is concerned, this drive is just like any other drive it manages.
The mounted drive is nothing more than an interface to the encrypted volume, be it a file or an actual device. Thus, all data in the mounted drive resides actually resides in the encrypted volume. If your encrypted volume is a file, ie, whenever you move data to the mounted drive it is actually being moved to the file.
Encrypting and decrypting data on a volume is as simple as moving the data to and from the mounted drive just like you normally would any normal drive. When a volume is mounted, TrueCrypt acts as a middleman between the operating system and the mounted volume, similar to how virtual disk drive emulators, such as Daemon Tools, work. When data is saved to the drive, TrueCrypt encrypts it before saving it to the volume. When data is requested from the drive, Truecrypt decrypts it before giving it to the operating system to give to you. It’s drag-n-drop simple.
# mkdir /mnt/tc
# chmod 777 tc
# truecrypt -u /home/user_name/sample_crypt /mnt/tc
System prompts for password. Enter password and the encrypted container is mounted and the contents are available as any other directory in your file system.
$ truecrypt -l
Display a list of mapped volumes
$ truecrypt -d
Dismount and unmap all mapped volumes