Using TrueCrypt with a key file on a rootkene carrier
The more we use a computer and the more it enters our lives, the more often we begin to think about the security of stored information on it. Not to mention enterprises, when problems in the security of stored information can lead to large losses.
In this publication, I will tell you how to create a virtual encrypted disk in the system for access to which a key file is required, which is located on the rootkene.
TrueCrypt- This software allows you to create a virtual encrypted logical drive stored in the file system as a file. All data written to this disc, including file and directory names, is “encrypted on the fly”. There is also the ability to fully encrypt sections of the hard drive or usb media. The mounted partition is identical to a regular logical drive or removable drive, which makes it possible to work with it with all the utilities built into the operating system, such as disk verification and defragmentation.
Rutoken is a device made in the form of a usb key fob, which serves to authorize a user on a computer, protect data, secure remote access to information resources, etc.
As the developers recommend rutoken, you can’t connect it until the drivers are installed. The installation procedure is no different from installing any application. We answer all questions positively and accept the terms of the license agreement. Unpack the TrueCrypt translation file into the folder where it was installed. We launch TrueCrypt and in the settings we change the language to Russian - Settings \ Language , select Russian and OK.
After connecting to TrueCrypt, run “Security Token Settings” - Service \ Security Tokens , in the window that opens, run “ Library Auto Detection ”. If the search is successful, the library path will automatically fill in, then OK.
Now we need to create a key file. To do this, open the "Key File Generator" - Service \ Key File Generator . Before us is key generation.
To save the key file, click " Create and Save File ", select the path and save the key file. We will be notified of the successful saving of the key.
Everything is ready, so that the key can be written to rutoken - Tools \ Key files of the security token . A request for the Rootoken password should appear (if it did not appear, apparently the library was not specified), enter the password for the rootkene user (by default 12345678). In the window that opens, click “ Import cl. file token ”, indicate the key file that we generated in the previous paragraph, and then specify how it will be called on the rootkene.
If you plan to use the key only with rutoken, you must delete the key stored on the computer.
Now rutoken is completely ready for work with TrueCrypt, you can create an encrypted volume.
ATTENTION! All further rash actions on your part with your hard drive at your own peril and risk! I describe the safest way to create a hidden partition. If you do not want to lose data, follow the instructions.
To create a new volume, use the TrueCrypt Volume Creation Wizard - Volumes \ Create New Partition .
The TrueCrypt Volume Creation Wizard launches. Select " Create Encrypted File Container ", i.e. virtual encrypted disk will be stored in one file.
Volume type: Normal volume .
Choose where you will store the disk file. If you check the box "Do not save history", then you will have to indicate the location of the file each time.
In the encryption settings you need to specify the encryption algorithm that will be used to encrypt the created disk. Each algorithm has its own speed, to view the encryption / decryption speed for all algorithms, click "test".
Now you need to enter the size of the created volume.
It's time to specify the key file and password. Click “Key.files”, if your key is not there, then in the window click “ Token files ”, enter the password of the rootkene and select the token.
We proceed further, where we already need to specify the options (file system, cluster and file type: dynamic or static) and mark up our future disk. Partitioning takes some time; the larger the volume, the longer it will be allocated.
In the main TrueCrypt window, click “ File ”, select the volume file and click “ Mount ”.
If you don’t have a rutoken enabled, you will get the error “The key file of the security token was not found .” Connect the rutoken if it is not connected. Click "Key.files" and select the rootkene key.
If the password was entered correctly, and the rootkene was connected and the necessary key is selected, then you will see a new disk mounted. Have a good work!
Important! When the drive is mounted, the rootkene must be disconnected from the usb port, as the developers themselves advise in order to extend its life. On my own, I advise you to configure automatic unmounting when not active.
In the next part I will tell you how to do the same, but already on the Linux operating system.
In this publication, I will tell you how to create a virtual encrypted disk in the system for access to which a key file is required, which is located on the rootkene.
TrueCrypt- This software allows you to create a virtual encrypted logical drive stored in the file system as a file. All data written to this disc, including file and directory names, is “encrypted on the fly”. There is also the ability to fully encrypt sections of the hard drive or usb media. The mounted partition is identical to a regular logical drive or removable drive, which makes it possible to work with it with all the utilities built into the operating system, such as disk verification and defragmentation.
Rutoken is a device made in the form of a usb key fob, which serves to authorize a user on a computer, protect data, secure remote access to information resources, etc.
We will need
- TrueCrypt distribution - http://www.truecrypt.org/downloads ;
- Russian translation - http://www.truecrypt.org/localizations ;
- Rutoken - http://www.rutoken.ru/products/rutoken/ ;
- drivers for Rutoken - http://www.rutoken.ru/hotline/download/ ;
Install TrueCrypt and the driver for the rootkene
As the developers recommend rutoken, you can’t connect it until the drivers are installed. The installation procedure is no different from installing any application. We answer all questions positively and accept the terms of the license agreement. Unpack the TrueCrypt translation file into the folder where it was installed. We launch TrueCrypt and in the settings we change the language to Russian - Settings \ Language , select Russian and OK.
Connect rutoken to usb port
After connecting to TrueCrypt, run “Security Token Settings” - Service \ Security Tokens , in the window that opens, run “ Library Auto Detection ”. If the search is successful, the library path will automatically fill in, then OK.
Create a key file
Now we need to create a key file. To do this, open the "Key File Generator" - Service \ Key File Generator . Before us is key generation.
To save the key file, click " Create and Save File ", select the path and save the key file. We will be notified of the successful saving of the key.
Writing a key to rutoken
Everything is ready, so that the key can be written to rutoken - Tools \ Key files of the security token . A request for the Rootoken password should appear (if it did not appear, apparently the library was not specified), enter the password for the rootkene user (by default 12345678). In the window that opens, click “ Import cl. file token ”, indicate the key file that we generated in the previous paragraph, and then specify how it will be called on the rootkene.
If you successfully add it, it will appear in the list with the name that you specified.
If you plan to use the key only with rutoken, you must delete the key stored on the computer.
Now rutoken is completely ready for work with TrueCrypt, you can create an encrypted volume.
Create an encrypted volume
ATTENTION! All further rash actions on your part with your hard drive at your own peril and risk! I describe the safest way to create a hidden partition. If you do not want to lose data, follow the instructions.
To create a new volume, use the TrueCrypt Volume Creation Wizard - Volumes \ Create New Partition .
The TrueCrypt Volume Creation Wizard launches. Select " Create Encrypted File Container ", i.e. virtual encrypted disk will be stored in one file.
Volume type: Normal volume .
Choose where you will store the disk file. If you check the box "Do not save history", then you will have to indicate the location of the file each time.
In the encryption settings you need to specify the encryption algorithm that will be used to encrypt the created disk. Each algorithm has its own speed, to view the encryption / decryption speed for all algorithms, click "test".
Now you need to enter the size of the created volume.
It's time to specify the key file and password. Click “Key.files”, if your key is not there, then in the window click “ Token files ”, enter the password of the rootkene and select the token.
We proceed further, where we already need to specify the options (file system, cluster and file type: dynamic or static) and mark up our future disk. Partitioning takes some time; the larger the volume, the longer it will be allocated.
At the end of the process, you will be notified that the volume was created successfully.
Mount the created volume
In the main TrueCrypt window, click “ File ”, select the volume file and click “ Mount ”.
If you don’t have a rutoken enabled, you will get the error “The key file of the security token was not found .” Connect the rutoken if it is not connected. Click "Key.files" and select the rootkene key.
If the password was entered correctly, and the rootkene was connected and the necessary key is selected, then you will see a new disk mounted. Have a good work!
Important! When the drive is mounted, the rootkene must be disconnected from the usb port, as the developers themselves advise in order to extend its life. On my own, I advise you to configure automatic unmounting when not active.
In the next part I will tell you how to do the same, but already on the Linux operating system.