Ottawa PC Users' Group, Inc.
 Product Review 


Multi-Platform Encryption
by Alan German

For a number of years I used TrueCrypt, an open-source encryption utility, to store a number of individual files in an encrypted container (folder). However, in 2014, the program’s developers abruptly indicated that they would no longer support the software and suggested that users should switch to Microsoft’s BitLocker product.

Now, I had several issues with this “solution”. Firstly, BitLocker is only available in certain editions of Windows – typically the “ultimate” type versions – and, of course, not for any version of Windows that I was using. Secondly, BitLocker is a whole-disk encryption tool and I only needed to encrypt a small number of files in a single folder. Finally, BitLocker is a Windows’ product and so won’t run on any other platform – notably Linux.

There are varying opinions on the Internet as to whether or not users can, or should, continue to use TrueCrypt. Some assert that the last available version of the software remains a viable option, while others suggest that there are flaws in TrueCrypt. Given that the program has essentially been abandoned, perhaps the prudent course of action is to seek out an encryption utility that is under active development

One likely successor is actually a fork of the original TrueCrypt program. VeraCrypt has been produced, and is currently being maintained, by IDRIX, a French software encryption organization.

Because VeraCrypt is a forked product, its features and operations are very similar to its parent. In particular, versions are available for both Windows and Linux which satisfies one of my specific requirements. In addition, web-based reports indicate that the software bugs identified in TrueCrypt have been patched in the current release of VeraCrypt so the new program has no known deficiencies.

Downloading and installing the Windows version of VeraCrypt was no problem. However, accessing my secure folder that had been previously encrypted with TrueCrypt required some special treatment.

With VeraCrypt running, I needed to click on the “Select File” button and browse for my original TrueCrypt folder. Next up was clicking on the “Volume Tools” button, selecting "Change Volume Password", and checking the box labelled "TrueCrypt Mode" (see screenshot). Finally, I had to enter the old password for the encrypted folder, and the new password (in duplicate). For my purposes, I made the “new” password the same as the old password since all I was really doing was accessing the container in TrueCrypt format and converting it to VeraCrypt format.

The folder could then be mounted using any available driver letter to create a virtual drive. This drive then provided access to the now-unencrypted files in the container. Dismounting the virtual drive re-established the encrypted folder, while the process for “changing” the volume password ensured that future access to the folder using VeraCrypt required no further special action.

The latter statement is accurate when opening the encrypted folder manually; however, using a batch file to do the same thing has yet another small twist.

In TrueCrypt, the /l (/letter) switch was used to indicate the drive letter to be assigned to the mounted volume. For example, a command line with a /lx switch would mean that the encrypted folder would be mounted as virtual drive x:. A subtle change in VeraCrypt is that the same switch must be specified as /l x (note the intermediate space character). Similarly, the equivalent dismount command must use a /d x switch.

So, in order to mount, and dismount, the container “encrypted_folder” from drive d: as the virtual drive x: requires commands in the form:

veracrypt /q /v d:\ encrypted_folder /l x
veracrypt /q /d x

While, as noted, most of Veracrypt’s features are very similar to those of TrueCrypt, one thing that is different in both the Windows and Linux versions is the time required for the program to load. This is illustrated by the start-up message: "This process may take a long time and VeraCrypt may seem unresponsive". It appears that some changes have been made to the hashing algorithms in order to enhance security and this has resulted in an initial delay (of perhaps 15 seconds).

Finally, there is (and always has been) a backup issue when using an encrypted folder to store working files. The folder may be un-encrypted, one or more of the individual files contained in the folder modified, and then the folder re-encrypted. The problem is that the date-time stamp on the actual folder doesn’t change. As a consequence, file/folder synchronization programs (e.g. FreeFileSync) do not consider that any changes have taken place, and will omit the encrypted folder from the standard backup process.

In the Linux world, the “touch” command can be used to change the time-date stamp on a file or a folder to that when the command is activated. A nice feature of this command is that it can be run as part of a script file to un-encrypt/re-encrypt a folder. Fortunately, this same command has been compiled as an executable Windows’ program (touch.exe) and is available as part of the “GNU utilities for Win32” package.

The final line in my batch file is: touch encrypted_folder. This means that, at the end of my session, when I manually run FreeFileSync to backup the data partition of my hard drive to an external USB memory stick, the encrypted folder is included in the file transfer process, since FreeFileSync now considers this to be a newly-modified entity.

 

Note to Linux users:

There are a few idiosyncrasies with switching to the Linux version of VeraCrypt from TrueCrypt. Firstly, I found that, despite the instructions, the “Run” command on the relevant installation file didn’t do anything, and I needed to use the “Run in Terminal” command. In addition, the instructions to “Press Enter or space bar to see the rest of the software license.” didn’t work precisely as indicated. “Enter” did nothing, and multiple presses of the space bar were required to browse through the license text. Finally, to uninstall the now-redundant TrueCrypt package required using the Terminal command:
sudo /.'/usr/bin/truecrypt-uninstall.sh'

For further details, see:
https://linuxnorth.wordpress.com/
2015/10/01/moving-from-
truecrypt-to-veracrypt/

 


Bottom Line:

Veracrypt (Open-source)
Version 1.16
Mounir Idrassi, IDRIX
https://veracrypt.codeplex.com/

GNU utilities for Win32 (Freeware)
Karl M. Syring
http://unxutils.sourceforge.net/


Click here to view the full OPCUG website with frames.

Copyright and Usage
Ottawa Personal Computer Users' Group (OPCUG), Inc.
3 Thatcher Street, Ottawa, ON  K2G 1S6

The opinions expressed in these reviews do not necessarily
represent the views of the OPCUG or its members.

Send comments or suggestions to the .