I have a dual boot system with Windows 7 and Ubuntu 10.04. In order to secure the system, I have system encryption with Truecrypt and encrypted LVM in Ubuntu. I need to access my Windows files from within Ubuntu. After a bit of searching around the Internet, I pieced together this command line, which I put in /etc/rc.local. Since my system is fully encrypted and used by only me, I’m not concerned about the password being in /etc/rc.local. I installed the Truecrypt console version.
I added the following line to /etc/rc.local:
echo “MyTruecryptPassPhrase” | /usr/local/bin/truecrypt -t -m system -k “” -p ”” –protect-hidden=no –fs-options=rw,noatime,umask=000 –filesystem=ntfs-3g /dev/<windows partition> /<local mount point>
By echoing the passphrase and piping it to the Truecrypt command, we avoid having it show up in the ‘ps -ef’ command. The filesystem will be mounted with 0777 permissions.
I have found that it is even possible to mount outer partitions (with hidden partitions inside) using this method, and protecting the hidden partition. The command is as follows:
echo “HiddenPartitionPassphrase\n\nOuterPartitionPassphrase” | /usr/bin/truecrypt -t -k “” -p “”Β –protect-hidden=yes –fs-options=rw,noatime,umask=000Β /dev/sda2 /windows
By using the hidden OS feature in Truecrypt, it is possible to triple boot your computer, with all data on the drive except for the /boot partition in Linux being encrypted. Since no secret information is stored in /boot, this is not a problem.
I don’t use Truecrypt on Linux so this might not be relevant to your application but if any of your readers are considering doing something similar (storing a password in a script), it’s worth noting that echo’ing s password can expose it in plain text since any command, including its parameters, show up in a ps listing. Even if you expect a command to exit immediately, it’s probably a bad idea. Many programs provide an option to read a password from a file for that reason, since it avoids the problem (only the location of the passwod file will show up in the ps listing then).
Comment by vanitylicenseplate — January 18, 2012 @ 10:35 pm