Меню Рубрики

Linux veracrypt command line

HackWare.ru

Этичный хакинг и тестирование на проникновение, информационная безопасность

Как установить VeraCrypt в Linux

VeraCrypt – это наследница программы TrueCrypt. Она предназначена для шифрования дисков и обеспечивает очень надёжную безопасность. Программа полностью бесплатная, у неё открыт исходный код, автор программы регулярно выпускает обновления, которые не только исправляют ошибки, но и приносят новые функции и улучшения.

Установка VeraCrypt в Linux

VeraCrypt отсутствует в стандартных репозиториях ряда популярных дистрибутивов Linux. Поэтому без достаточной информации у некоторых пользователей могут быть затруднения. Эта инструкция описывает процесс установки VeraCrypt в Kali Linux, Linux Mint, Ubuntu, Arch Linux и BlackArch.

По аналогии, описанные здесь действия могут использоваться и для других дистрибутивов Linux. Кроме версий под Windows и Linux, также имеются версии VeraCrypt для FreeBSD и Raspbian (Raspberry Pi ARMv7).

Установка с помощью скрипта

Я написал скрипт, который упрощает установку VeraCrypt в Linux. Скрипт успешно протестировался в Kali Linux, Linux Mint, Ubuntu.

Чтобы воспользоваться этим скриптом создайте файл VeraCrypt-manager.sh, например, следующим образом:

И скопируйте в него следующий скрипт:

Будет выведена информация об использовании:

Для установки VeraCrypt запустите скрипт следующим образом:

Скрипт сам определит последнюю версию и скачает её с официального сайта.

Далее скрипт спросит:

После ввода цифр, скрипт запустит нужный установщик:

Нажмите кнопку «Install VeraCrypt». Будет открыто окно с лицензией, примите её, нажамв кнопку «I accept and agree to be bound by the license terns»:

Будет показано окно с информацией для удаления:

Закройте это окно, после этого откроется ещё одно консольное окно, когда в нём завершаться все операции, также закройте его:

Всё, на этом установка завершена. Для запуска выполните

С помощью этого же скрипта вы можете проверить текущую последнюю версию, а также удалить VeraCrypt.

Ручная установка VeraCrypt

Все программы, а в особенности имеющие отношение к безопасности, крайне важно скачивать только с официальных сайтов.

Официальными местами размещения установочных файлов VeraCrypt являются:

Скачайте версию для Linux – это файл с расширением .tar.bz2.

Распакуйте скаченный архив. Будет извлечено четыре новых файла с примерно следующими именами (номер версии может отличаться):

  • veracrypt-1.21-setup-console-x64
  • veracrypt-1.21-setup-console-x86
  • veracrypt-1.21-setup-gui-x64
  • veracrypt-1.21-setup-gui-x86

x64 и x86 здесь обозначают битность, gui – это версия с графическим интерфейсом, а console – версия с интерфейсом командной строки. Т.е., например, для запуска установки 64-битной версии с графическим интерфейсом нужно запустить файл veracrypt-1.21-setup-gui-x64.

Чтобы запустить установщик, откройте консоль (командную строку), перетащите туда нужный файл, и допишите перед ним sudo, чтобы получилось примерно так:

Нажмите ENTER и начнётся описанная выше установка.

Особенности установки консольной версии VeraCrypt

У консольной версии установка проходит в текстовом интерфейсе. В начале нужно выбрать:

При выборе первого пункта, будет произведена установка. При выборе второго пункта будет извлечён архив.

Далее нужно будет нажать Enter, чтобы была показана лицензия. Лицензия длинная, для её прокрутки можно использовать клавишу пробела (Space).

В самом конце нужно будет ввести yes, что будет подтверждать принятие лицензии:

Установка VeraCrypt в Arch Linux/BlackArch

И Arch Linux, и BlackArch имеют в своих репозиториях VeraCrypt, поэтому установка предельно проста:

Этой командой будет установлена версия с графическим интерфейсом. Чтобы открыть программу выполните:

Портативная версия VeraCrypt для Linux

Для Linux нет специального архива с портативной версией. Тем не менее, любой установщик VeraCrypt на выбор предлагает установить или просто разархивировать программу:

В папку /tmp будет извлечён архив вида veracrypt_*_console_amd64.tar.gz или veracrypt_*_amd64.tar.gz.

Каталог /tmp очищается при каждой перезагрузке. Поэтому извлечённый файл нужно скопировать в другую папку:

Чтобы распаковать архив:

Теперь портативная версия будет доступна по пути

Как одновременно установить версии VeraCrypt с консольным и графическим интерфейсом в Linux

Чтобы иметь в системе VeraCrypt с различными интерфейсами, можно установить одну из версий как обычную программу, а вторую использовать как портативную. Либо обе версии использовать как портативные.

Источник

How to Use VeraCrypt on Command Line to Encrypt Drives on Ubuntu 18.04

In our previous article, we discussed how to install and use VeraCrypt to encrypt drives on Ubuntu 18.04. We used the VeraCrypt GUI method. In this article, we are going to learn how to use VeraCrypt on command line interface to achieve the same encryption.

To run VeraCrypt in text user interface, just type veracrypt and pass the -t/–text option.

The command line synopsis of the veracrypt command is;

To learn more about VeraCrypt command line options, run veracrypt -h

Use VeraCrypt on Command Line to Encrypt Drives

Create a Hidden VeraCrypt Volume

To create a hidden VeraCrypt volume, step through the following procedure.

Create an outer volume

Launch veracrypt command from the terminal and pass option -c/–create and of course the -t/–text option. Most of the options will be requested if you don’t specify them on the command line and thus the setup becomes interactive.

When you run the command, you are prompted to choose the type of volume. In this case, we are going to setup a Normal volume.

Next, define the Encryption as well as the hashing algorithms;

In the above, we chose the AES and SHA 512 as encryption and hashing algorithms respectively. You can also just press enter to accept the defaults.

Define the filesystem to format the volume with.

In this case, we are going with Linux Ext4.

Next, you need to set the password for encrypting outer volume. For PIM and keyfile path, press enter to set empty values.

Next, type random numbers that can be use to improve the cryptographic strength of the encryption key. In this case, you are required to enter at least 320 random numbers.

To create the outer volume in non-interactive mode, run the command below;

Create a hidden volume within the outer volume

Once the outer volume is created, you need to create the hidden volume within it. So repeat the above procedure but this time round;

  • Define the volume type as hidden.
  • Define the size of the hidden volume.

Set a different Password for hidden volume

If all is well, then your hidden volume should be successfully created.

To create a hidden volume in non-interactive mode, run the command below;

Mount the Volumes

Once you are done creating the volumes, you can now mount them and write your files or data to them as you wish.

Mounting Outer Volume

To mount the outer volume, run the command below. When prompted for a password, use the password set for the outer volume above.

To mount a volume prompting only for its password:

List the mounted VeraCrypt volumes.

To unmount the volume,

Mounting the hidden volume

To mount the hidden volume, run veracrypt command as shown above but this time, use the password defined for the hidden volume.

Seen how easy it is to use VeraCrypt on command line to encrypt your storage volumes? You can now create or put your sensitive data into the hidden volume. Enjoy the power of encryption.

Источник

Command Line Usage

Note that this section applies to the Windows version of VeraCrypt. For information on command line usage applying to the Linux and Mac OS X versions, please run: veracrypt –h

It must be followed by a parameter indicating the file and path name of a VeraCrypt volume to mount (do not use when dismounting) or the Volume ID of the disk/partition to mount.
The syntax of the volume ID is ID:XXXXXX. XX where the XX part is a 64 hexadecimal characters string that represent the 32-Bytes ID of the desired volume to mount.

To mount a partition/device-hosted volume, use, for example, /v \Device\Harddisk1\Partition3 (to determine the path to a partition/device, run VeraCrypt and click Select Device). You can also mount a partition or dynamic volume using its volume name (for example, /v \\?\Volume<5cceb196-48bf-46ab-ad00-70965512253a>\). To determine the volume name use e.g. mountvol.exe. Also note that device paths are case-sensitive.

You can also specify the Volume ID of the partition/device-hosted volume to mount, for example: /v ID:53B9A8D59CC84264004DA8728FC8F3E2EE6C130145ABD3835695C29FD601EDCA. The Volume ID value can be retrieved using the volume properties dialog.

It must be followed by a parameter which can have one of the values indicated below.

ro or readonly: Mount volume as read-only.

rm or removable: Mount volume as removable medium (see section Volume Mounted as Removable Medium).

ts or timestamp: Do not preserve container modification timestamp.

sm or system: Without pre-boot authentication, mount a partition that is within the key scope of system encryption (for example, a partition located on the encrypted system drive of another operating system that is not running). Useful e.g. for backup or repair operations. Note: If you supply a password as a parameter of /p, make sure that the password has been typed using the standard US keyboard layout (in contrast, the GUI ensures this automatically). This is required due to the fact that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available.

bk or headerbak: Mount volume using embedded backup header. Note: All volumes created by VeraCrypt contain an embedded backup header (located at the end of the volume).

recovery: Do not verify any checksums stored in the volume header. This option should be used only when the volume header is damaged and the volume cannot be mounted even with the mount option headerbak. Example: /m ro

label=LabelValue: Use the given string value LabelValue as a label of the mounted volume in Windows Explorer. The maximum length for LabelValue is 32 characters for NTFS volumes and 11 characters for FAT volumes. For example, /m label=MyDrive will set the label of the drive in Explorer to MyDrive.

Please note that this switch may be present several times in the command line in order to specify multiple mount options (e.g.: /m rm /m ts)

VeraCrypt Format.exe (VeraCrypt Volume Creation Wizard):

/help or /? Display command line help.
/truecrypt or /tc Activate TrueCrypt compatibility mode which enables mounting volumes created with TrueCrypt 6.x and 7.x series.
/hash It must be followed by a parameter indicating the PRF hash algorithm to use when mounting the volume. Possible values for /hash parameter are: sha256, sha-256, sha512, sha-512, whirlpool, ripemd160 and ripemd-160. When /hash is omitted, VeraCrypt will try all possible PRF algorithms thus lengthening the mount operation time.
/volume or /v
/letter or /l It must be followed by a parameter indicating the driver letter to mount the volume as. When /l is omitted and when /a is used, the first free drive letter is used.
/explore or /e Open an Explorer window after a volume has been mounted.
/beep or /b Beep after a volume has been successfully mounted or dismounted.
/auto or /a If no parameter is specified, automatically mount the volume. If devices is specified as the parameter (e.g., /a devices), auto-mount all currently accessible device/partition-hosted VeraCrypt volumes. If favorites is specified as the parameter, auto-mount favorite volumes. Note that /auto is implicit if /quit and /volume are specified. If you need to prevent the application window from appearing, use /quit.
/dismount or /d Dismount volume specified by drive letter (e.g., /d x). When no drive letter is specified, dismounts all currently mounted VeraCrypt volumes.
/force or /f Forces dismount (if the volume to be dismounted contains files being used by the system or an application) and forces mounting in shared mode (i.e., without exclusive access).
/keyfile or /k It must be followed by a parameter specifying a keyfile or a keyfile search path. For multiple keyfiles, specify e.g.: /k c:\keyfile1.dat /k d:\KeyfileFolder /k c:\kf2 To specify a keyfile stored on a security token or smart card, use the following syntax: token://slot/SLOT_NUMBER/file/FILE_NAME
/tryemptypass ONLY when default keyfile configured or when a keyfile is specified in the command line.
If it is followed by y or yes or if no parameter is specified: try to mount using an empty password and the keyfile before displaying password prompt.
if it is followed by n or no: don’t try to mount using an empty password and the keyfile, and display password prompt right away.
/nowaitdlg If it is followed by y or yes or if no parameter is specified: don’t display the waiting dialog while performing operations like mounting volumes.
If it is followed by n or no: force the display waiting dialog is displayed while performing operations.
/secureDesktop If it is followed by y or yes or if no parameter is specified: display password dialog in a dedicated secure desktop to protect against certain types of attacks.
If it is followed by n or no: the password dialog is displayed in the normal desktop.
/tokenlib It must be followed by a parameter indicating the PKCS #11 library to use for security tokens and smart cards. (e.g.: /tokenlib c:\pkcs11lib.dll)
/tokenpin It must be followed by a parameter indicating the PIN to use in order to authenticate to the security token or smart card (e.g.: /tokenpin 0000). Warning: This method of entering a smart card PIN may be insecure, for example, when an unencrypted command prompt history log is being saved to unencrypted disk.
/cache or /c If it is followed by y or yes or if no parameter is specified: enable password cache;
If it is followed by n or no: disable password cache (e.g., /c n).
If it is followed by f or favorites: temporary cache password when mounting multiple favorites (e.g., /c f).
Note that turning the password cache off will not clear it (use /w to clear the password cache).
/history or /h If it is followed by y or no parameter: enables saving history of mounted volumes; if it is followed by n: disables saving history of mounted volumes (e.g., /h n).
/wipecache or /w Wipes any passwords cached in the driver memory.
/password or /p It must be followed by a parameter indicating the volume password. If the password contains spaces, it must be enclosed in quotation marks (e.g., /p ”My Password”). Use /p ”” to specify an empty password. Warning: This method of entering a volume password may be insecure, for example, when an unencrypted command prompt history log is being saved to unencrypted disk.
/pim It must be followed by a positive integer indicating the PIM (Personal Iterations Multiplier) to use for the volume.
/quit or /q Automatically perform requested actions and exit (main VeraCrypt window will not be displayed). If preferences is specified as the parameter (e.g., /q preferences), then program settings are loaded/saved and they override settings specified on the command line. /q background launches the VeraCrypt Background Task (tray icon) unless it is disabled in the Preferences.
/silent or /s If /q is specified, suppresses interaction with the user (prompts, error messages, warnings, etc.). If /q is not specified, this option has no effect.
/mountoption or /m

(Only with /create)
It must be followed by a parameter indicating the size of the container file that will be created. This parameter is a number indicating the size in Bytes. It can have a suffixe ‘K’, ‘M’, ‘G’ or ‘T’ to indicate that the value is in Kilobytes, Megabytes, Gigabytes or Terabytes respectively. For example:

  • /size 5000000: the container size will be 5000000 bytes
  • /size 25K: the container size will be 25 KiloBytes.
  • /size 100M: the container size will be 100 MegaBytes.
  • /size 2G: the container size will be 2 GigaBytes.
  • /size 1T: the container size will be 1 TeraBytes.
/create Create a container based volume in command line mode. It must be followed by the file name of the container to be created.
/size
/password (Only with /create)
It must be followed by a parameter indicating the password of the container that will be created.
/hash (Only with /create)
It must be followed by a parameter indicating the PRF hash algorithm to use when creating the volume. It has the same syntax as VeraCrypt.exe.
/encryption (Only with /create)
It must be followed by a parameter indicating the encryption algorithm to use. The default is AES if this switch is not specified. The parameter can have the following values (case insensitive):

  • AES
  • Serpent
  • Twofish
  • AES(Twofish)
  • AES(Twofish(Serpent))
  • Serpent(AES)
  • Serpent(Twofish(AES))
  • Twofish(Serpent)
/filesystem (Only with /create)
It must be followed by a parameter indicating the file system to use for the volume. The parameter can have the following values:

  • None: don’t use any filesystem
  • FAT: format using FAT/FAT32
  • NTFS: format using NTFS. Please note that in this case a UAC prompt will be displayed unless the process is run with full administrative privileges.
/dynamic (Only with /create)
It has no parameters and it indicates that the volume will be created as a dynamic volume.
/force (Only with /create)
It has no parameters and it indicates that overwrite will be forced without requiring user confirmation.
/silent (Only with /create)
It has no parameters and it indicates that no message box or dialog will be displayed to the user. If there is any error, the operation will fail silently.
/noisocheck or /n Do not verify that VeraCrypt Rescue Disks are correctly burned. WARNING: Never attempt to use this option to facilitate the reuse of a previously created VeraCrypt Rescue Disk. Note that every time you encrypt a system partition/drive, you must create a new VeraCrypt Rescue Disk even if you use the same password. A previously created VeraCrypt Rescue Disk cannot be reused as it was created for a different master key.

Syntax

VeraCrypt.exe [/tc] [/hash ][/a [devices|favorites]] [/b] [/c [y|n|f]] [/d [drive letter]] [/e] [/f] [/h [y|n]] [/k keyfile or search path] [tryemptypass [y|n]] [/l drive letter] [/m ] [/p password] [/pim pimvalue] [/q [background|preferences]] [/s] [/tokenlib path] [/v volume] [/w]

Note that the order in which options are specified does not matter.

Examples

Mount the volume d:\myvolume as the first free drive letter, using the password prompt (the main program window will not be displayed):

veracrypt /q /v d:\myvolume

Dismount a volume mounted as the drive letter X (the main program window will not be displayed):

Mount a volume called myvolume.tc using the password MyPassword, as the drive letter X. VeraCrypt will open an explorer window and beep; mounting will be automatic:

veracrypt /v myvolume.tc /l x /a /p MyPassword /e /b

Create a 10 MB file container using the password test and formatted using FAT:

Источник

Популярные записи


Adblock
detector