Page 1 of 1

truecrypt system encryption

Posted: 27 May 2012, 22:51
by ishaitan
Hello!
I like encrypt my proteus live usb with truecrypt. This possible?

Re: truecrypt system encryption

Posted: 28 May 2012, 02:41
by fanthom
this is not possible with truecrypt at the moment.
Porteus-1.2 will have a support for LUKS encrypted save.dat containers so every change you made to the system (passwords, firefox bookmarks, personal settings) can be stored safely in that container. (you will be asked for a password during boot)

Re: truecrypt system encryption

Posted: 27 Feb 2014, 22:06
by BJWTech
Where is this documented. I would like everything that is a change from the default system to be encrypted. IE; anything in /home or any config file that was changed. I would prefer to use LUKS and have it ask for the decryption PW on boot. Is this possible? Is there a guide on setting this up?

Thank you!

Re: truecrypt system encryption

Posted: 27 Feb 2014, 22:37
by fanthom
@BJWTech
encryption is possible for save.dat only but in fact this is the only thing which needs to be encrypted (unless you keep passwords/sensitive data in modules), the rest is public on our server anyway.

please open save.dat manager, create save.dat and make sure you enable encryption for it, set the password and done. now point 'changes=' cheatcode to your encrypted .dat and during every boot you will be prompted for a password. if you fail 3 times to provide correct pass then you boot into 'Always Fresh' - your data are still protected :)

this setup has advantage: modules are unencrypted so reading from them does not put extra CPU charge for decrypting.

Re: truecrypt system encryption

Posted: 27 Feb 2014, 23:13
by BJWTech
Thank you for the quick reply. No way to just encrypt the /porteus directory? I am using a native linux file system, so am currently saving changes to the /porteus directory directly. Am I correct on this assumption?

Thank you!

Re: truecrypt system encryption

Posted: 27 Feb 2014, 23:47
by fanthom
as far as i know cryptsetup can encrypt full partition only but not a part of it (folders). you could use save.dat on linux filesystem or use encfs (start it through rc.local):
http://slackbuilds.org/repository/14.1/system/encfs/
which does encryption for folders. the disadvantage is that only /home and other not important from booting point of view folders (like /opt) could be encrypted with encfs.

Re: truecrypt system encryption

Posted: 27 Feb 2014, 23:50
by BJWTech
OK. Thanks again! I will just go the save.dat route and try it out.