Automatically Mount a Truecrypt Partition in xfce4

logo38px

I’m naturally very security conscious about my software design and implementation and also my personal and professional information. So, I use a series of free software programs to help me manage and protect a lot of my own information along with critical client information. I use truecrypt for encrypting data such as email (thunderbird data) and my browsing history (firefox data),

The very first program in the chain of security is Truecrypt. Before I can access any of my own information I have to decrypt my Truecrypt partition and mount it. I have written a quick little script which asks me for my password and launches truecrypt with a given set of command line options in order to decrypt and mount my data.

Automating the password would completely defeat the data protection that truecrypt provides, so I’m forced to type the password each time I log into my system, but it’s not that big a deal. Obviously, this password must be the strongest possible password. Don’t use test123, no passw0rd, and no pass123, or 1234567890 for this one.

Here is a basic startup script that I added to my xfce startup applications.

#!/bin/bash
PW=`zenity --password`
sudo truecrypt --password="$PW" --keyfiles=/secure/keys/directory /dev/sda1 /media/mydata

I use several keys and a password to encrypt my truecrypt partition and mount it onto /media/mydata . The script above does all of that and prompts me for a password in a user-friendly dialog. There are other command line options available which can be used in truecrypt.

Adding the script to the xfce startup applications is quick and easy. Go to the main menu -> settings -> settings manager -> session and startup -> application autostart -> add then just fill in some basic information and the path to my startup script (/home/amado/bin/startup.sh) and..

Boom! all done. Now all I have to do is provide a password to the script and it will decrypt my data automatically every time I log into xfce4. After mounting my files, I normally load up my KeePass database from those files and use different password to decrypt that database.

I’m also playing around with the idea of maybe storing my password in my phone and enable bluetooth so that if my cell phone is near my computer, the password can be read directly from the phone and used for decrypting my partition. I truly hope that I never reach that level of laziness lol. We’ll see, in time.