3 .\" The DragonFly Project. All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in
13 .\" the documentation and/or other materials provided with the
15 .\" 3. Neither the name of The DragonFly Project nor the names of its
16 .\" contributors may be used to endorse or promote products derived
17 .\" from this software without specific, prior written permission.
19 .\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 .\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22 .\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23 .\" COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
24 .\" INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
25 .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
27 .\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 .\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
29 .\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 .Nd tool to manage TrueCrypt volumes
43 .Op Fl a Ar pbkdf_hash
46 .Op Fl f Ar keyfile_hidden
51 .Op Fl s Ar system_device
56 .Op Fl s Ar system_device
60 utility provides full support for creating and opening/mapping
61 TrueCrypt-compatible volumes.
62 It supports the following commands, each with a set of options
63 detailed further below:
64 .Bl -tag -width indent
66 Create a new encrypted TrueCrypt volume on the device
70 Print out information about the encrypted device specified by
72 .It Fl m Ar mapping , Fl -map Ns = Ns Ar mapping
73 Map the encrypted TrueCrypt volume on the device specified by
81 Options common to all commands are:
82 .Bl -tag -width indent
83 .It Fl d Ar device , Fl -device Ns = Ns Ar device
86 on which the TrueCrypt volume resides/will reside.
87 This option is mandatory for all commands.
88 .It Fl k Ar keyfile , Fl -keyfile Ns = Ns Ar keyfile
91 to use in addition to the passphrase.
92 This option can appear multiple times; if so, multiple
93 keyfiles will be used.
94 .It Fl f Ar keyfile , Fl -keyfile-hidden Ns = Ns Ar keyfile
97 to use in addition to the passphrase when either creating a
98 hidden volume or when protecting a hidden volume while mapping
99 or querying the outer volume.
100 If you only intend to map a hidden volume, the
102 option has to be used.
103 This option can appear multiple times; if so, multiple
104 keyfiles will be used.
107 Additional options for the
110 .Bl -tag -width indent
111 .It Fl a Ar pbkdf_hash , Fl -pbkdf-prf Ns = Ns Ar pbkdf_hash
112 Specifies with hash algorithm to use for the PBKDF2 password
114 To see which algorithms are supported, specify
115 .Fl -pbkdf-prf Ns = Ns Ar help .
116 .It Fl b Ar cipher , Fl -cipher Ns = Ns Ar cipher
117 Specifies with cipher algorithm or cascade of ciphers to use
118 to encrypt the new volume.
119 To see which algorithms are supported, specify
120 .Fl -cipher Ns = Ns Ar help .
121 .It Fl x Ar pbkdf_hash , Fl -pbkdf-prf-hidden Ns = Ns Ar pbkdf_hash
122 Specifies with hash algorithm to use for the PBKDF2 password
123 derivation for the hidden volume.
124 Only valid in conjunction with
126 If no algorithm is specified, the same as for the outer volume
128 To see which algorithms are supported, specify
129 .Fl -pbkdf-prf-hidden Ns = Ns Ar help .
130 .It Fl y Ar cipher , Fl -cipher-hidden Ns = Ns Ar cipher
131 Specifies with cipher algorithm or cascade of ciphers to use
132 to encrypt the hidden volume on the new TrueCrypt volume.
133 Only valid in conjunction with
135 If no cipher is specified, the same as for the outer volume
137 To see which algorithms are supported, specify
138 .Fl -cipher-hidden Ns = Ns Ar help .
140 Specifies that the newly created volume will contain a hidden
142 The keyfiles applied to the passphrase for the hidden
143 volume are those specified by
144 .Fl -keyfile-hidden .
145 The user will be prompted for the size of the hidden volume
149 Additional options for the
154 .Bl -tag -width indent
155 .It Fl e, Fl -protect-hidden
156 Specifies that an outer volume will be queried or mapped, but
157 its reported size will be adjusted accordingly to the size of
158 the hidden volume contained in it.
159 Both the hidden volume and outer volume passphrase and keyfiles
161 .It Fl s Ar system_device , Fl -system-encryption Ns = Ns Ar system_device
162 This option is required if you are attempting to access a device
163 that uses system encryption, for example an encrypted
168 option will point at the actual encrypted partition, while the
170 argument will point to the parent device (i.e.\& underlying physical disk)
171 of the encrypted partition.
174 Create a new TrueCrypt volume on
176 using the cipher cascade
177 of AES and Twofish and the Whirlpool hash algorithm for
178 PBKDF2 password derivation and two keyfiles,
182 .Bd -ragged -offset indent
184 .Fl -device Ns = Ns Ar /dev/vn0
185 .Fl -cipher Ns = Ns Ar AES-256-XTS,TWOFISH-256-XTS
186 .Fl -pbkdf-prf Ns = Ns Ar whirlpool
187 .Fl -keyfile Ns = Ns Ar one.key
188 .Fl -keyfile Ns = Ns Ar two.key
191 Map the outer volume on the TrueCrypt volume on
195 but protect the hidden volume, using the keyfile
197 from being overwritten:
198 .Bd -ragged -offset indent
199 .Nm Fl -map Ns = Ns Ar truecrypt1
200 .Fl -device Ns = Ns Ar /dev/vn0
202 .Fl -keyfile-hidden Ns = Ns Ar hidden.key
205 Map the hidden volume on the TrueCrypt volume on
211 .Bd -ragged -offset indent
212 .Nm Fl -map Ns = Ns Ar truecrypt2
213 .Fl -device Ns = Ns Ar /dev/vn0
214 .Fl -keyfile Ns = Ns Ar hidden.key