TrueCrypt

From The System Administrator Zone

TrueCrypt

Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux

TrueCrypt
TrueCrypt Tutorial: Truly Portable Data Encryption

OS X Command Line Examples

Envoking Help at the Command Line

# /Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt --text --help 
#

Mount a Volume

# /Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt --text --non-interactive --password=PASSWORD \
  /Users/Test/Documents/Archive_File /private/var/tmp/Backup_TMP

#

List Currently Mounted Volumes

# /Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt --text  -l
1: /Users/Test/Documents/Archive_File /dev/disk4 /private/var/tmp/Backup_TMP
# 

Unmount a Volume

# /Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt --text --dismount /Users/Test/Documents/Archive_File 
#

Automounting A TrueCrypt Volume - OS X

The OS X startup scripts are hiding in */Library/StartupItems/. I added the following script extracts to the startup script of a daemon whose files I had moved to an external disk formated using TrueCrypt. If someone steals that disk, they won't get the data.

StartService

/Library/StartupItems/MySQLCOM/MySQLCOM start

At the beginning of the StartService function, add the following, changing anything in ALL_CAPS to your values. This example uses an encrypted disk partition. You can adjust it with the command line examples above to use a encrypted file.

The PASSWORD_KEY is simply a word or phrase that will be converted to an MD5 value. The MD5 value is used as the volume password.
See: Passwords
        # mount TrueCrypt disk or exit on failure
        if [ ! -d /MOUNT_POINT/INTERNAL_FILE ]
        then
           # Mount the file system
           echo "PASSWORD_KEY" > /tmp/KEY_STASH
           key=`/sbin/md5 /tmp/KEY_STASH | /usr/bin/cut -f 4 -d " "`
           rm /tmp/KEY_STASH
           # change /dev/rdisk2 to your value
           /Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt --text     \
                --non-interactive --password=${key}                        \
                /dev/rdisk2 /MOUNT_POINT
           # added a couple of pauses to allow things to settle down
           # these may not be needed, but don't hurt.
           sleep 5
           mount  -u -o owners /MOUNT_POINT
           sleep 5
           # Test to see if it worked and exit on failure
           if [ ! -d /MOUNT_POINT/INTERNAL_FILE ]
           then
                ConsoleMessage "Decrypted directory not found"
                exit 1
           fi
        fi
        if [ "${MYSQLCOM:=-NO-}" = "-YES-" ] ; then
                ConsoleMessage "Starting MySQL database server"
                $SCRIPT start > /dev/null 2>&1
        fi

StopService

/Library/StartupItems/MySQLCOM/MySQLCOM stop

StopService simply unmounts the volume after the daemon has stopped.

        if [ -d /MOUNT_POINT/INTERNAL_FILE ]
        then
           /Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt         \
                --text --dismount /MOUNT_POINT
        fi

Restart Service

/Library/StartupItems/MySQLCOM/MySQLCOM restart

RestartService restarts the MySQl database daemon.

        if test -x $SCRIPT ; then
                RunService "$1"
        else
                ConsoleMessage "Could not find MySQL startup script!"
        fi