zuluCrypt Front End for cryptSetup


Since truecrypt is going away (see http://truecrypt.sourceforge.net/), we need some way of carrying around secure information such as bank accounts and passwords. This solution, while not as cross platform as TrueCrypt was, does give a nice GUI to allow you to work with any Linux machine. I have not tried it on OSX (yet), but it may work there also.

Basically, I was looking for an alternative to TrueCrypt and ran across this article, http://www.linux.org/threads/encrypted-containers-without-truecrypt.4478/ describing how to use cryptsetup. It was a little complicated (read the modifications in the comments), but I figured I could figure out a way of automating it fairly well. Then, I ran across zuluCrypt (https://code.google.com/p/zulucrypt/) and figured "why not try this." I now love it.

zuluCrypt is a front end. It allows you to use the GUI to create encrypted storage, mount it, add/remove keys, and even back up the headers in case something gets corrupted. It can even open old TrueCrypt containers and will integrate with KDE and Gnome key storage stuff (which I do NOT use).

The maintainer, mhogomchungu, is very responsive and appears to be working on it very regularly. Please support him.

Took me some time to build it on Debian, but it was mainly a matter of finding the correct libraries and building it. So, here are my instructions. These are for my specific system; Wheezy 64 bit, XFCE4 front end. If you have something else, you'll need to modify this.

BTW, these are a direct rip off of the file BUILD_INSTRUCTIONS in the zuluCrypt download (version 4.7.2). I've just modified them for Debian and XFCE4.

First, download the package from https://code.google.com/p/zulucrypt/. I chose the tar.bz2 format. This does not come as a pre-packaged binary, so we will have to compile it. But, it is fairly easy. I'm going to assume you have downloaded the file into ~/Downloads (ie, the Downloads directory of your home directory).

Open a command prompt

cd Downloads
tar -xjvf zuluCrypt-4.7.2.tar.bz2 # or whatever the file is
cd zuluCrypt-4.7.2 # or whatever the directory your created was
mkdir build
cd build

I do not build for the KDE wallet or the Gnome "secret" store. You will need to add some libraries to do those. Read the file BUILD_INSTRUCTIONS in the main directory if you want to do this.

sudo apt-get update && \
sudo apt-get install libblkid-dev libqt4-dev gcc g++ libcryptsetup-dev cmake libgcrypt11-dev pkg-config libdevmapper-dev uuid-dev
# following will build WITHOUT KDE or Gnome "wallet" support and mount the "drives" in your home directory
# will also disable udev
# read BUILD_INSTRUCTIONS for information
# if you do not have the needed tools or libraries, this will tell you
cmake -DCMAKE_INSTALL_PREFIX=/usr/ -DCMAKE_BUILD_TYPE=RELEASE -DNOKDE=true -DNOGNOME=true -DHOMEMOUNTPREFIX=true . ..
make
sudo make install

To get it to auto-run in xfce, do the following. NOTE that it will bring up the window (see below).The main thing I'm trying to do here is get the little icon up next to my clock so I can open it. However, you might be just as happy going to the menu (Applications Menu | Accessories)

  1. Go to Applications Menu | Settings | Session and Startup | Application Autostart
  2. Click the Add button
    1. Name: zuluCrypt
    2. Description: Encrypted Container Handler
    3. Command: /usr/bin/zuluCrypt-gui

The program is very simple to use. It hides all the complexity and has a nice menu interface, though some of the stuff took actual thinking on my part to figure out what the programmer was saying. Darn it.

NOTE: After I wrote this, the maintainer saw my comment about not being able to start in the tray. He modified zuluCrypt adding the -e option to do it as of version v4.7.3. See his comment below.

Don't you just love open source? With a good maintainer or two, they actually search for things to change. Thank you for an excellent program.

Hints:

  1. Don't make your containers any larger than they need to be. In the days of giga and tera drives and partitions, you'll be surprised at what you can put in a single 3M partition (the minimum you can build here). I have files full of all sorts of sensitive things, and have not made it to a half meg yet.
  2. Lots of little files is better than one big file if you are doing any kind of replication or backup. I use OwnCloud to sync some of my directories to my laptop. If I modify the contents of one of my small files, it takes less time to upload. Remember, these are encrypted, meaning making one small change to one file can (should) randomly change the entire container, so there is no such thing as a delta upload (a la rsync).
  3. Ok, steal from Windows. If you ahve more than one file, consider using an extension. Then, associate that extension with zuluCrypt (right click, select Open With). You can now simply find the file and open it. It appears the installer already associates it with .tc files (the Windows standard for TrueCrypt files).
  4. The volume will be mounted in your home directory, under a directory with the same name as the file. SO, don't put your encrcypted containers in your home directory; put them in a subdirectory.
  5. OwnCloud uses some kind of File Alteration Monitor to determine when to upload a changed file. If your encrypted container is changed, you must unmount it (called close in the app) before the lock is released to allow this to happen.
  6. One thing about a small container (3 Meg) with a bunch of small files is that the defaults for mkfs.ext4 may not create enough blocks. I really don't remember how I did it, but I believe I created the container, then reformatted it with more blocks (or larger blocks, like I said, I really don't remember). I'll try to sit down and recreate it and this time document what I do. But, if you have 2M of free disk space and you get an error that you don't have enough room to write a 2k file, that is the issue. It just ran out of blocks to put them in. This is super tuning, as what I think I did was figure out my file sizes and then customized the file systtem for that. That is really a failing with ext4, but I don't know the answer and will not compete with the geniuses that maintain that.
Tags: cryptosetup, encrypted container, LUKS, truecrypt
Last update:
2014-09-11 08:30
Author:
Rod
Revision:
1.6
Average rating:0 (0 Votes)

You can comment this FAQ

Chuck Norris has counted to infinity. Twice.

Comment of mhogomchungu:
Hi, current maintainer of zuluCrypt here. Just came across your page as i was googling to see what ... show moreis out there about zuluCrypt and google landed me here. I specifically did not add an option start zuluCrypt-gui while minimized to tray because i though nobody would want that feature. I just added it and hence you can now set zuluCrypt-gui start minimized to tray by starting it with "-e" option.zuluMount-gui already has this option. The feature will on zuluCrypt 4.7.3 but you can get it now with git version. date: Sun Aug 10 21:16:17 EDT 2014
Added at: 2014-08-11 03:17

Comment of mhogomchungu:
Just though i should comment again and inform about a change that will be in the ... show morenext version in response to your comment number 4. In the next version,if the mount point path is found to already be taken,the mount point will automatically append "_X" where "X" is an integer starting from one. This change will allow seamless opening of volumes that reside in user home directory with home directory mount path. Thanks for your review of my project
Added at: 2014-08-28 01:04