1. Create the key:
truecrypt --create-keyfile /etc/tc.key \ --hash=Whirlpool \ --random-source=/dev/urandom
2. Change permissions on the key:
chown 600 /etc/tc.key
3. Create the encrypted file container
- save the truecrypt file in /root/tc.volume
- encrypt with triple encryption algorithm AES-Twofish-Serpent (slower than just AES but arguably more secure, since the data is encrypted three times by a cascading algorithm, with three different keys: first with AES, then by Twofish, and then by Serpent)
- use Whirlpool hash
- format filesystem to ext4
- do not use the password
- use the generated key file /etc/tc.key
- volume is 1G = 1073741824 bytes
truecrypt -c /root/tc.volume \ --volume-type="normal" \ --encryption="AES-Twofish-Serpent" \ --hash=Whirlpool \ --filesystem=ext4 \ -p "" \ --keyfiles=/etc/tc.key \ --size=1073741824 \ --random-source=/dev/urandom
4. Create a mountpoint:
mkdir -p /u
5. Mount the encrypted file container:
truecrypt /root/tc.volume /u --keyfiles=/etc/tc.key
6. Verify that the encrypted volume is mounted:
truecrypt --list
This should produce the output similar to the below:
1: /root/tc.volume /dev/mapper/truecrypt1 /u
zefr 