-1

I have a 3TB Truecrypt partition on a 3,5'' portable USB hard drive. Currently, to mount the partition I have to

  1. plug in the USB drive

  2. run veracrypt

  3. select the right volume

  4. tick "truecrypt mode"

  5. click "mount"

  6. enter the Truecrypt passphrase

  7. enter my user's password

  8. double-click on the mounted volume, which opens a new Nautilus (Files) window showing my files.

I read somewhere that TCRYPT support (for TrueCrypt or VeraCrypt volumes) may be compiled into cryptsetup, the software that also handles LUKS volumes. So I wonder, why doesn't Ubuntu (25.10 in my case) automatically attempt to mount TC volumes? (mine is not hidden, just a regular old TC partition).

And, corollary, how can I setup my system so that it does offer to mount TC volumes? I'd like the workflow to be:

  1. plug in the USB drive

  2. I get prompted to enter the Truecrypt passphrase

  3. Nautilus (Files) window opens with the contents

...i.e. exactly what happens with LUKS volumes.

Do I need to put something in /etc/fstab? Or write a script that does sudo cryptsetup --type tcrypt open /dev/sdX1 myvolume, make it executable and create a shortcut to it?

Improve this question
3
  • 3
    VeraCrypt's official website provides an old version of its software that is compatible with TrueCrypt volumes. This allows VeraCrypt users to convert TrueCrypt volumes to VeraCrypt volumes that are compatible with the latest version of VeraCrypt in both Linux and other platforms. Commented Jan 31 at 23:34
  • Are you saying that cryptsetup can not directly open a TC volume, therefore what I'm after is only possible after converting my TC volume to a VeraCrypt volume? That's odd, as the documentation expressly states that cryptsetup supports both TrueCrypt and VeraCrypt volumes. Commented Jan 31 at 23:47
  • No, I did not say that cryptsetup cannot directly open a TrueCrypt volume. I do not have any disagreements with what the documentation expressly states. Commented Jan 31 at 23:52

1 Answer 1

Reset to default
3

To suggest unlocking a TureCrypt volume the system needs first to know that the device contains a TrueCrypt volume. But the TrueCrypt header is encrypted, so nothing gives any hint about the content of this device. Consider:

bor@quokka:~$ sudo cryptsetup tcryptDump /dev/sdb
Enter passphrase for /dev/sdb: 
TCRYPT header information for /dev/sdb
Version:        5
Driver req.:    7.0
Flags:          0x0
Sector size:    512 [bytes]
MK offset:  131072 [bytes]
Volume size:    104595456 [bytes]
PBKDF2 hash:    ripemd160
Cipher chain:   aes
Cipher mode:    xts-plain64
MK bits:        512
bor@quokka:~$

The /dev/sdb was formatted as TrueCrypt volume and after having entered the password cryptsetup also understands and recognizes it. But nothing on this device identifies it as a TrueCrypt container:

bor@quokka:~$ sudo blkid -p /dev/sdb
bor@quokka:~$ lsblk -f /dev/sdb
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
sdb                                         
bor@quokka:~$ udisksctl info --block-device /dev/sdb
/org/freedesktop/UDisks2/block_devices/sdb:
  org.freedesktop.UDisks2.Block:
    Configuration:              []
    CryptoBackingDevice:        '/'
    Device:                     /dev/sdb
    DeviceNumber:               2064
    Drive:                      '/org/freedesktop/UDisks2/drives/QEMU_QEMU_HARDDISK_1_0000_3a00_3a1d_2e7_2'
    HintAuto:                   true
    HintIconName:               
    HintIgnore:                 false
    HintName:                   
    HintPartitionable:          true
    HintSymbolicIconName:       
    HintSystem:                 false
    Id:                         
    IdLabel:                    
    IdType:                     
    IdUUID:                     
    IdUsage:                    
    IdVersion:                  
    MDRaid:                     '/'
    MDRaidMember:               '/'
    PreferredDevice:            /dev/sdb
    ReadOnly:                   false
    Size:                       104857600
    Symlinks:                   /dev/disk/by-diskseq/56
                                /dev/disk/by-id/usb-QEMU_QEMU_HARDDISK_1-0000:00:1d.7-2-0:0
                                /dev/disk/by-path/pci-0000:00:1d.7-usb-0:2:1.0-scsi-0:0:0:0
                                /dev/disk/by-path/pci-0000:00:1d.7-usbv2-0:2:1.0-scsi-0:0:0:0
    UserspaceMountOptions:      
bor@quokka:~$

If you look at the content of the /dev/sdb with a hex editor, you will see what appears a garbage or random content.

You can unlock it manually though if you know the correct device:

bor@quokka:~$ sudo cryptsetup tcryptOpen /dev/sdb tcrypt
Enter passphrase for /dev/sdb: 
bor@quokka:~$ lsblk -if /dev/sdb
NAME     FSTYPE FSVER LABEL UUID                                 FSAVAIL FSUSE% MOUNTPOINTS
sdb                                                                             
`-tcrypt ext4   1.0         5ae80e09-d375-494b-86a3-49f00f9e7802                
bor@quokka:~$

I do not think it is possible to do what you want using TrueCrypt.

For the sake of completeness - it is possible to run a command when USB drive is inserted. This command could be a script that first unlocks the volume and then starts Nautilus on the result. There are several alternative methods to do it in the answers to this question. Of course, the challenge is to unambiguously identify the device.

Improve this answer
1
  • sudo blkid /dev/sdd2 returns a partition unique identifier (PARTUUID) which should unambiguously identify the partition. From there, all we need is: sudo cryptsetup tcryptOpen /dev/disk/by-partuuid/1e37de2f-2f65-4242-9e39-d7592bcf5946 3tb sudo mount /dev/mapper/3tb 3TB/ ...and we're done! I also added a line in /etc/fstab /dev/mapper/3tb /home/user/3TB ntfs user,noauto To unmount: sync umount /home/user/3TB cryptsetup tcryptClose 3tb It's not fully automated (I have to run a script in my home directory), but if this works reliably I'm sure there will be a way to automate it. Commented Feb 2 at 1:09

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.