NTFS formatted truecrypt volumes
I have an encrypted USB drive that I use both with Linux, Mac and MS Windows based systems. The most portable filesystem to use for such a situation is NTFS (FAT has too many limitations and getting a Windows machine to read/write any non M$ filesystem is too much of a hassle.
The most portable disk encryption that I know of is Truecrypt, so that is what I use to encrypt the disk (this Howto is based on version 7.1a).
The Linux version of Truecrypt, however, does not support the creation of NTFS formatted volumes out of the box. You need a couple of addional steps for that. First create a new Truecrypt volume to your liking, but select 'none' as the filesystem type.
After the volume has been created (which can take up to a few hours for a large disk), manually create the NFTS filesystem. This can only be done from the commandline. First map the new volume on a device node:
$ truecrypt --filesystem=none /dev/sdc2
Enter password for /dev/sdc2:
Enter keyfile [none]:
Protect hidden volume (if any)? (y=Yes/n=No) [No]:
Enter your user password or administrator password:
Now validate that the virtual device is present:
$ truecrypt -v -l
Virtual Device: <strong>/dev/mapper/truecrypt1</strong>
Size: 736 GB
Hidden Volume Protected: No
Encryption Algorithm: AES
Primary Key Size: 256 bits
Secondary Key Size (XTS Mode): 256 bits
Block Size: 128 bits
Mode of Operation: XTS
PKCS-5 PRF: HMAC-RIPEMD-160
Volume Format Version: 2
Embedded Backup Header: Yes
Create the filesystem (if you do not specify the
mkfs.ntfs will first fill the complete volume with zero's, which is quite useless on a freshly encrypted volume):
$ sudo mkfs.ntfs -f -L TRUECRYPT /dev/mapper/truecrypt1
[sudo] password for michielf:
Cluster size has been automatically set to 4096 bytes.
Creating NTFS volume structures.
mkntfs completed successfully. Have a nice day.
This completes the procedure. You can now use the disk on any Linux, Mac or Windows machine with Truecrypt installed.