truecrypt system encryption

Non release banter
Post Reply
ishaitan
Ronin
Ronin
Posts: 1
Joined: 27 May 2012, 12:56
Location: RU

truecrypt system encryption

Post#1 by ishaitan » 27 May 2012, 22:51

Hello!
I like encrypt my proteus live usb with truecrypt. This possible?

User avatar
fanthom
Site Admin
Site Admin
Posts: 4549
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: truecrypt system encryption

Post#2 by fanthom » 28 May 2012, 02:41

this is not possible with truecrypt at the moment.
Porteus-1.2 will have a support for LUKS encrypted save.dat containers so every change you made to the system (passwords, firefox bookmarks, personal settings) can be stored safely in that container. (you will be asked for a password during boot)
Please add [Solved] to your thread title if the solution was found.

BJWTech
Ronin
Ronin
Posts: 3
Joined: 27 Feb 2014, 20:24
Distribution: Gentoo
Location: Thermal CA

Re: truecrypt system encryption

Post#3 by BJWTech » 27 Feb 2014, 22:06

Where is this documented. I would like everything that is a change from the default system to be encrypted. IE; anything in /home or any config file that was changed. I would prefer to use LUKS and have it ask for the decryption PW on boot. Is this possible? Is there a guide on setting this up?

Thank you!

User avatar
fanthom
Site Admin
Site Admin
Posts: 4549
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: truecrypt system encryption

Post#4 by fanthom » 27 Feb 2014, 22:37

@BJWTech
encryption is possible for save.dat only but in fact this is the only thing which needs to be encrypted (unless you keep passwords/sensitive data in modules), the rest is public on our server anyway.

please open save.dat manager, create save.dat and make sure you enable encryption for it, set the password and done. now point 'changes=' cheatcode to your encrypted .dat and during every boot you will be prompted for a password. if you fail 3 times to provide correct pass then you boot into 'Always Fresh' - your data are still protected :)

this setup has advantage: modules are unencrypted so reading from them does not put extra CPU charge for decrypting.
Please add [Solved] to your thread title if the solution was found.

BJWTech
Ronin
Ronin
Posts: 3
Joined: 27 Feb 2014, 20:24
Distribution: Gentoo
Location: Thermal CA

Re: truecrypt system encryption

Post#5 by BJWTech » 27 Feb 2014, 23:13

Thank you for the quick reply. No way to just encrypt the /porteus directory? I am using a native linux file system, so am currently saving changes to the /porteus directory directly. Am I correct on this assumption?

Thank you!

User avatar
fanthom
Site Admin
Site Admin
Posts: 4549
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: truecrypt system encryption

Post#6 by fanthom » 27 Feb 2014, 23:47

as far as i know cryptsetup can encrypt full partition only but not a part of it (folders). you could use save.dat on linux filesystem or use encfs (start it through rc.local):
http://slackbuilds.org/repository/14.1/system/encfs/
which does encryption for folders. the disadvantage is that only /home and other not important from booting point of view folders (like /opt) could be encrypted with encfs.
Please add [Solved] to your thread title if the solution was found.

BJWTech
Ronin
Ronin
Posts: 3
Joined: 27 Feb 2014, 20:24
Distribution: Gentoo
Location: Thermal CA

Re: truecrypt system encryption

Post#7 by BJWTech » 27 Feb 2014, 23:50

OK. Thanks again! I will just go the save.dat route and try it out.

Post Reply