Create encrypted file container using truecrypt (Ubuntu)

1. Create the key:

truecrypt --create-keyfile /etc/tc.key \
--hash=Whirlpool \
--random-source=/dev/urandom

2. Change permissions on the key:

chown 600 /etc/tc.key

3. Create the encrypted file container

  • save the truecrypt file in /root/tc.volume
  • encrypt with triple encryption algorithm AES-Twofish-Serpent (slower than just AES but arguably more secure, since the data is encrypted three times by a cascading algorithm, with three different keys: first with AES, then by Twofish, and then by Serpent)
  • use Whirlpool hash
  • format filesystem to ext4
  • do not use the password
  • use the generated key file /etc/tc.key
  • volume is 1G = 1073741824 bytes
truecrypt -c /root/tc.volume \
--volume-type="normal" \
--encryption="AES-Twofish-Serpent" \
--hash=Whirlpool \
--filesystem=ext4 \
-p "" \
--keyfiles=/etc/tc.key \
--size=1073741824 \
--random-source=/dev/urandom

4. Create a mountpoint:

mkdir -p /u

5. Mount the encrypted file container:

truecrypt /root/tc.volume /u --keyfiles=/etc/tc.key

6. Verify that the encrypted volume is mounted:

truecrypt --list

This should produce the output similar to the below:

1: /root/tc.volume /dev/mapper/truecrypt1 /u