Comments on: Using TrueCrypt(R)’s encrypted system partitions from Linux, now with less bugs http://jan-krueger.net/development/dmsetup-tc-0-2 Creative Engineering Wed, 07 Jan 2009 11:02:28 +0000 http://wordpress.org/?v=2.6.3 By: Jan http://jan-krueger.net/development/dmsetup-tc-0-2#comment-1392 Jan Thu, 21 Aug 2008 11:19:31 +0000 http://jan-krueger.net/?p=48#comment-1392 Andrew: I'm glad things work for you now. As for your question; yes, that's exactly what happens. Once my program reads the volume key from the volume header and calculates the right tweak value (that's XTS-related magic; feel free to read the source code to find out more ;)), all it does is output the right data for dmsetup (which you pipe into it; a later version of dmsetup-tc might call dmsetup itself but I don't see all that much of an added benefit). By the way, the official TrueCrypt(R) program does some more things when mounting volumes on Linux, including the use of FUSE for reasons not entirely clear to me, but in the end, it lets dmsetup handle the encryption stuff, too. Andrew: I’m glad things work for you now. As for your question; yes, that’s exactly what happens. Once my program reads the volume key from the volume header and calculates the right tweak value (that’s XTS-related magic; feel free to read the source code to find out more ;)), all it does is output the right data for dmsetup (which you pipe into it; a later version of dmsetup-tc might call dmsetup itself but I don’t see all that much of an added benefit).

By the way, the official TrueCrypt(R) program does some more things when mounting volumes on Linux, including the use of FUSE for reasons not entirely clear to me, but in the end, it lets dmsetup handle the encryption stuff, too.

]]> By: Andrew http://jan-krueger.net/development/dmsetup-tc-0-2#comment-1388 Andrew Wed, 20 Aug 2008 22:29:19 +0000 http://jan-krueger.net/?p=48#comment-1388 Built new dmsetup-tc with -DDEBUG CFLAG. This time around, the software appears to be operating perfectly. In contrast to my earlier post (attached to your original article about dmsetup-tc), this was my successful output: Loading header from /dev/hda... Deriving header key... Decrypting header... Validating header... * Validating header signature Could not decrypt the volume. You probably entered a wrong password.root@risa:~# root@risa:~# modprobe dm-crypt root@risa:~# dmsetup-tc /dev/hda /dev/hda1 | dmsetup create hda1 Enter passphrase for encrypted volume: Loading header from /dev/hda... Deriving header key... Decrypting header... Validating header... * Validating header signature * Validating header checksum * Validating checksum of master keys * Making sure we're dealing with system encryption * Making sure we're not dealing with partial encryption root@risa:~# mount -t ntfs-3g /dev/mapper/hda1 /media/hda1 -o ro root@risa:~# I am about to try some read-write access and see if things are still working nicely. Thanks alot, Jan, for your hard work on this! Question: Is it the case that dmsetup-tc exists just to decrypt the volume master keys from the device record using your passphrase, and then the dm-crypt facility handles all the encryption/decryption effort for the mounted volume, not your program? -Andrew Built new dmsetup-tc with -DDEBUG CFLAG. This time around, the software appears to be operating perfectly. In contrast to my earlier post (attached to your original article about dmsetup-tc), this was my successful output:

Loading header from /dev/hda…
Deriving header key…
Decrypting header…
Validating header…
* Validating header signature
Could not decrypt the volume. You probably entered a wrong password.root@risa:~#
root@risa:~# modprobe dm-crypt
root@risa:~# dmsetup-tc /dev/hda /dev/hda1 | dmsetup create hda1
Enter passphrase for encrypted volume:
Loading header from /dev/hda…
Deriving header key…
Decrypting header…
Validating header…
* Validating header signature
* Validating header checksum
* Validating checksum of master keys
* Making sure we’re dealing with system encryption
* Making sure we’re not dealing with partial encryption
root@risa:~# mount -t ntfs-3g /dev/mapper/hda1 /media/hda1 -o ro
root@risa:~#

I am about to try some read-write access and see if things are still working nicely.

Thanks alot, Jan, for your hard work on this!

Question: Is it the case that dmsetup-tc exists just to decrypt the volume master keys from the device record using your passphrase, and then the dm-crypt facility handles all the encryption/decryption effort for the mounted volume, not your program?

-Andrew

]]>