Linux is about free software, without restrictions, that you can modify and tweak as much as you like. No license agreements, no digital rights restrictions management, no paying through the nose for yet another 'upgrade' that delivers little more than bucks to the coffers of super-wealthy corporations while providing little (if any) benefit to the user, forever and ever, till the end of your computing days.
Sounds like a good deal, right? But you might have to learn something new (gasp!), so if that isn't in the cards for you, best to turn back now.
If you are still reading, then you do have at least a smidgin of an interest in learning something new; good for you. Today I'd like to look at a very powerful encryption tool for Linux called Truecrypt, and its frontend GUI, forcefield.
We can look for it in Synaptic Package Manager but since the console is so easy, and we don't want to miss any packages (plus we're not sure what exactly we want) let's start a console session by opening a Terminal session (found in Applications-Accessories)and type:
sudo apt-cache search truecrypt
followed by your password. This will return the following:
truecrypt - transparent volume encryption
forcefield - A GUI wrapper of truecrypt
plus a couple of other packages, followed by install y/n?, at which you should enter 'y' and hit return.
When the system calculated the needed extra files, it also listed a suggested package, and a recommended package, so let's install those as well:
sudo apt-get install python-crypto-dbg cracklib-runtime
which will then list some other files needed to install those, and just type 'y' and hit enter when you see the (now) familiar y/n?
So far, so good. We've installed Truecrypt, and a front-end GUI tool for it, forcefield. The first time we run forcefield (now found in the accessories folder, nested inside Applications folder), we're going to do it from the command line, just so we can set that we are the administrative user, so in the terminal type
sudo forcefield
followed by your password (if necessary). This will bring up a dialog box that says we need to set the suid (??), so click 'set the suid'; the system will do so, and then we will have a nice grey gui with a bunch of options at the bottom.
What is Truecrypt capable of? Well, from the Wikipedia listing we have the following:
It allows one to create a virtual encrypted disk (TrueCrypt volume) within a file and then mount it as a real disk. TrueCrypt can also encrypt an entire hard disk partition or a storage device/medium, such as floppy disk or USB memory stick. Thus, TrueCrypt creates device-hosted TrueCrypt volumes. Everything stored on a TrueCrypt volume is entirely encrypted (i.e., including file names and folder names). TrueCrypt volumes behave as real physical disk drives.
Using forcefield we can choose: 'create volume', 'mount file', 'list mounted', 'clear history', 'dismount all', 'about', and 'beenden' (German for exit, I believe).
When I tried this out, I chose 'create volume', which brought up a browser window, I then clicked to the folder I wanted to encrypt (something worthless as this is just a test) and forcefield asked my choose the volume size, offer a password, and then when I hit 'create', asked me for my user password. It took a couple of minutes to accept my password, and then several minutes longer to create the encrypted folder. Clearly a couple of bugs need to be worked out in the GUI.
OK, it's back to the trusty command line, at least until the bugs on forcefield are worked out; in the terminal (it might be handy to add the terminal to your menu bar to save time) type:
sudo truecrypt -c
this will launch a dialog that asks me if I want to create a normal or a hidden volume, and since this is the first time I'm trying this, I choose normal.
Then I am asked to enter the file or device path, and this is a file, so I enter: homemyusername/filename; I'm then prompted to choose a file system type, either FAT or none, I choose FAT; I then have to choose the hash algorithm, and then the encryption algorithm, and finally enter a password (twice) to protect the file.
The last bit is you have to wave your mouse around the desktop for around twenty seconds as the program collects random data, and then your file is encrypted. If you forget the password, then forget about recovering that file, or the contents of that USB (or HD??!?) drive; only a clean wipe will restore it, and the contents will be gone forevah.
Truecrypt has two levels of encryption, the first being a sort of false container that can be cracked (SHA-1); the second layer is uncrackable. Windows users may be familiar with Truecrypt as it's available for them as well. Best to play around with a test file before you do something more ambitious like encrypting your entire hard drive.
And how to decrypt things you might ask? Well, from the website, we get this answer:
How to Remove Encryption
Please note that TrueCrypt does not support in-place decryption. If you need to remove encryption (e.g., if you no longer need encryption), please follow these steps:
1. Mount your TrueCrypt volume.
2. Move all files from the TrueCrypt volume to any location outside the TrueCrypt volume (note that the files will be decrypted on-the-fly).
3. Dismount the TrueCrypt volume.
4. If the TrueCrypt volume is file-hosted, delete it (the container) just like you delete any other file.
I like the sound of that: on-the-fly. And on further consideration, let's look at that a bit closer; the file I chose to be my volume was myfile.tar.gz, though it could have been anything--a text file, a photo, a sound file, etc.
The gz ending is similar to a zip (for Windows), or dmg (for Mac); and normally we'd want to un-gzip it. In this case though, it's a container, and thus even if it's not hidden, by it's very appearance it's deceptive, because it looks to be an archive file, but it's a volume,i.e., something that other stuff can be stored inside.
You put files inside of the volume that is called myfile.tar.gz, and those are things that you are protecting from illegal governmentprying eyes, be they medical records, credit card info, sensitive business info, the secret recipe to Coca-Cola, or whatever. Pretty nifty.
Just as an aside, and completely unrelated to Truecrypt/encryption/etc., I've found that one of the best sources for Linux info in recent days has been Digg (!?). Maybe it because of the recent release of Feisty Fawn, or because of Dell choosing Ubuntu, but there have been tons of stories about Linux the past couple of weeks. Funny, in an odd sort of way.
And in other Linux news, the OLPC (one laptop per child) rollout has begun.That is all.