3 .\" The DragonFly Project. All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in
13 .\" the documentation and/or other materials provided with the
15 .\" 3. Neither the name of The DragonFly Project nor the names of its
16 .\" contributors may be used to endorse or promote products derived
17 .\" from this software without specific, prior written permission.
19 .\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 .\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22 .\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23 .\" COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
24 .\" INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
25 .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
27 .\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 .\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
29 .\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 .Nd tool to manage TrueCrypt volumes
43 .Op Fl a Ar pbkdf_hash
45 .Op Fl f Ar keyfile_hidden
47 .Op Fl x Ar pbkdf_hash
53 .Op Fl f Ar keyfile_hidden
55 .Op Fl s Ar system_device
60 .Op Fl f Ar keyfile_hidden
62 .Op Fl s Ar system_device
68 utility provides full support for creating and opening/mapping
69 TrueCrypt-compatible volumes.
70 It supports the following commands, each with a set of options
71 detailed further below:
72 .Bl -tag -width indent
74 Create a new encrypted TrueCrypt volume on the device
78 Print help message and exit.
80 Print out information about the encrypted device specified by
82 .It Fl m Ar mapping , Fl -map Ns = Ns Ar mapping
83 Map the encrypted TrueCrypt volume on the device specified by
90 Print version message and exit.
93 Options common to all commands are:
94 .Bl -tag -width indent
95 .It Fl d Ar device , Fl -device Ns = Ns Ar device
98 on which the TrueCrypt volume resides/will reside.
99 This option is mandatory for all commands.
100 .It Fl f Ar keyfile_hidden , Fl -keyfile-hidden Ns = Ns Ar keyfile_hidden
102 to use in addition to the passphrase when either creating a
103 hidden volume or when protecting a hidden volume while mapping
104 or querying the outer volume.
105 If you only intend to map a hidden volume, the
107 option has to be used.
108 This option can appear multiple times; if so, multiple
109 keyfiles will be used.
110 .It Fl k Ar keyfile , Fl -keyfile Ns = Ns Ar keyfile
113 to use in addition to the passphrase.
114 This option can appear multiple times; if so, multiple
115 keyfiles will be used.
118 Additional options for the
121 .Bl -tag -width indent
122 .It Fl a Ar pbkdf_hash , Fl -pbkdf-prf Ns = Ns Ar pbkdf_hash
123 Specifies which hash algorithm to use for the PBKDF2 password
125 To see which algorithms are supported, specify
126 .Fl -pbkdf-prf Ns = Ns Cm help .
127 .It Fl b Ar cipher , Fl -cipher Ns = Ns Ar cipher
128 Specifies which cipher algorithm or cascade of ciphers to use
129 to encrypt the new volume.
130 To see which algorithms are supported, specify
131 .Fl -cipher Ns = Ns Cm help .
133 Specifies that the newly created volume will contain a hidden
135 The keyfiles applied to the passphrase for the hidden
136 volume are those specified by
137 .Fl -keyfile-hidden .
138 The user will be prompted for the size of the hidden volume
140 .It Fl x Ar pbkdf_hash , Fl -pbkdf-prf-hidden Ns = Ns Ar pbkdf_hash
141 Specifies which hash algorithm to use for the PBKDF2 password
142 derivation for the hidden volume.
143 Only valid in conjunction with
145 If no algorithm is specified, the same as for the outer volume
147 To see which algorithms are supported, specify
148 .Fl -pbkdf-prf-hidden Ns = Ns Cm help .
149 .It Fl y Ar cipher , Fl -cipher-hidden Ns = Ns Ar cipher
150 Specifies which cipher algorithm or cascade of ciphers to use
151 to encrypt the hidden volume on the new TrueCrypt volume.
152 Only valid in conjunction with
154 If no cipher is specified, the same as for the outer volume
156 To see which algorithms are supported, specify
157 .Fl -cipher-hidden Ns = Ns Cm help .
160 Additional options for the
165 .Bl -tag -width indent
166 .It Fl e, Fl -protect-hidden
167 Specifies that an outer volume will be queried or mapped, but
168 its reported size will be adjusted accordingly to the size of
169 the hidden volume contained in it.
170 Both the hidden volume and outer volume passphrase and keyfiles
172 .It Fl s Ar system_device , Fl -system-encryption Ns = Ns Ar system_device
173 This option is required if you are attempting to access a device
174 that uses system encryption, for example an encrypted
179 option will point at the actual encrypted partition, while the
181 argument will point to the parent device (i.e.\& underlying physical disk)
182 of the encrypted partition.
185 Create a new TrueCrypt volume on
187 using the cipher cascade
188 of AES and Twofish and the Whirlpool hash algorithm for
189 PBKDF2 password derivation and two keyfiles,
193 .Bd -ragged -offset indent
195 .Fl -device Ns = Ns Cm /dev/vn0
196 .Fl -cipher Ns = Ns Cm AES-256-XTS,TWOFISH-256-XTS
197 .Fl -pbkdf-prf Ns = Ns Cm whirlpool
198 .Fl -keyfile Ns = Ns Cm one.key
199 .Fl -keyfile Ns = Ns Cm two.key
202 Map the outer volume on the TrueCrypt volume on
206 but protect the hidden volume, using the keyfile
208 from being overwritten:
209 .Bd -ragged -offset indent
210 .Nm Fl -map Ns = Ns Cm truecrypt1
211 .Fl -device Ns = Ns Cm /dev/vn0
213 .Fl -keyfile-hidden Ns = Ns Cm hidden.key
216 Map the hidden volume on the TrueCrypt volume on
222 .Bd -ragged -offset indent
223 .Nm Fl -map Ns = Ns Cm truecrypt2
224 .Fl -device Ns = Ns Cm /dev/vn0
225 .Fl -keyfile Ns = Ns Cm hidden.key