TrueCrypt

其實很早以前就知道這個軟件，不過以前沒有使用，今天折騰了一把，記錄下使用過程當中碰見的一些問題。

百度百科：

TrueCrypt，是一款免費開源的加密軟件，同時支持Windows Vista,7/XP, Mac OS X, Linux 等操做系統。TrueCrypt不須要生成任何文件便可在硬盤上創建虛擬磁盤，用戶能夠按照盤符進行訪問，全部虛擬磁盤上的文件都被自動加密，須要經過密碼來進行訪問。TrueCrypt 提供多種加密算法，包括：AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish，其餘特性還有支持FAT32和NTFS分區、隱藏卷標、熱鍵啓動等。

這個軟件原來的官網是：http://www.truecrypt.org。不過如今官方號稱這個軟件已經不安全了。咱們如今進去前面我說的那個官網就會自動跳轉到http://truecrypt.sourceforge.net/這個網址。官方的解釋是該軟件再也不安全，替代的產品是windows自帶的bitlocker。原文以下：
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.


Migrating from TrueCrypt to BitLocker:

If you have the system drive encrypted by TrueCrypt:

Decrypt the system drive (open System menu in TrueCrypt and select Permanently Decrypt System Drive). If you want to encrypt the drive by BitLocker before decryption, disable Trusted Platform Module first and do not decrypt the drive now.

Encrypt the system drive by BitLocker. Open the Explorer:

Click the drive C: (or any other drive where system encryption is or was used) using the right mouse button and select Turn on BitLocker:



If you do not see the Turn on BitLocker menu item, click here.

Alternatively, use search in the Start menu or screen:



If you do not see the BitLocker item, click here.

If BitLocker reports Trusted Platform Module (TPM) unavailable error, click here.

If the system drive is still encrypted by TrueCrypt, decrypt it now (open System menu in TrueCrypt and select Permanently Decrypt System Drive).

If you have a non-system drive encrypted by TrueCrypt:

If you have a spare or backup drive (having sufficient space to store all data you need to migrate to BitLocker), encrypt it by BitLocker (click the drive in Explorer using the right mouse button and select Turn on BitLocker):



If you do not see the Turn on BitLocker menu item, click here.

Copy all data from the drive encrypted by TrueCrypt to the drive encrypted by BitLocker.

If you do not have a spare drive, first decrypt the drive encrypted by TrueCrypt. Select the drive in TrueCrypt, open the Volumes menu and select Permanently Decrypt item (available in version 7.2). Then encrypt the drive by BitLocker (see above).

To mount a drive encrypted by BitLocker, open the drive in Explorer.

To dismount a removable drive encrypted by BitLocker, use Eject menu item or Safely Remove icon:



To dismount a non-removable drive encrypted by BitLocker, use Offline item in the context menu of the drive in Disk Management window:



To mount the drive again, use Online item in the context menu of the drive.

If you have a file container encrypted by TrueCrypt:

Create a new virtual disk file (VHD). Open the Computer Management window (click the Computer or PC icon using the right mouse button and select Manage):

Select the Disk Management item:



Alternatively, use search in the Start menu or screen:

Open Action menu in the Disk Management window and select Create VHD:

Create and attach a new virtual disk file (VHD):

Initialize the new virtual drive. Click the new disk icon using the right mouse button and select Initialize Disk:

Create a partition on the virtual drive. Click the unallocated space using the right mouse button and select New Simple Volume:

Encrypt the new virtual drive by BitLocker. Click the drive in Explorer using the right mouse button and select Turn on BitLocker:



If you do not see the Turn on BitLocker menu item, click here.

Copy all data from the mounted TrueCrypt file container to the new virtual drive encrypted by BitLocker.

To dismount the drive, click the drive using the right mouse button in Explorer and select Eject:



To mount the drive again, double click the virtual disk file (requires Windows 8 or later):



Alternatively, use Attach VHD in the Action menu of the Disk Management window:

Download:

WARNING: Using TrueCrypt is not secure

You should download TrueCrypt only if you are migrating data encrypted by TrueCrypt.

TrueCrypt 7.2           sig key

If you use TrueCrypt on other platform than Windows, click here.

而後我本身下載使用了一下官網提供的最後的那個版本，結果發現能夠安裝，不過使用的時候會提示不安全而不能正常使用。因而就在我打算放棄使用這個軟件的時候，我又發現了這篇帖子：http://www.52pojie.cn/thread-325161-1-1.html

TrueCrypt不會死 -- 瑞士網友建立TrueCrypt新家園

在一個國外的網站上看到了一篇關於著名加密軟件TrueCrypt的英語文章，我把主要意思翻譯了一下，供有興趣的網友參考。

The development of TrueCrypt, an open source piece of software used for on-the-fly encryption, has been terminated and users have been advised not to use it because it is not secure enough. Now, it seems that another team of developers have forked the software and rebased it in Switzerland.

The abrupt announcement of the demise of TrueCrypt took everyone by surprise and some of its users have been disappointed that their favorite software is no longer being developed. The Sourceforge website, where the project was keeping its files, is now plastered with warnings that TrueCrypt is no longer secure because it is full of security issues.

Fortunately for us, TrueCrypt was an open source project and that meant that anyone could take it and fork it into another version, and try to fix some of the problems reported. Whether this will be a success remains to be seen, but at least there is a chance that it will live on.

Many users think that the TrueCrypt project has been forced to close its doors by various other malevolent forces, like the US government, for example. To be fair, the US government is accused of many such acts, but it is likely that it's not actually responsible for all of them.

So, TrueCrypt has now been rebased in Switzerland and the project has been forked by another team of developers. They are promising that the security problems will be fixed and that no one will be able to force them to close the gates.

「Currently it is very unclear what really happened. Was it really just the end of a 10 year effort, or was it driven by some government？ While a simple defacement is more and more unlikely we still don't know where this is going. However the last 36 hours showed clearly that TrueCrypt is a fragile product and must be based on more solid ground. We start now with offering to download the Truecrypt file as is, and we hope we can organize a solid base for the Future,」 reads the new truecrypt.ch website.

曾獲包括斯諾登（Edward Snowden）在內的專業人士推薦並使用過的流行達十年之久的著名加密軟件TrueCrypt，於2014年5月28日突遭關閉，其官方網站被重定向到 SourceForge網頁而且警告稱該軟件並不安全，建議全部TrueCrypt用戶將加密的數據遷移到Bitlocker，這一消息對於不少習慣了使用TrueCrypt的用戶來講猶如一顆重磅炸彈！TrueCrypt項目究竟發生了什麼？對於TrueCrypt突遭神祕關閉的背景、真實緣由，一時間各類猜想紛至沓來：網站被黑、有人惡做劇、主要開發者已經放棄開發甚至已經死亡、項目被NSA盯上並遭到脅迫、發現重大安全漏洞甚至已經被脅迫植入後門等等。

真正的背景如何，有待進一步觀察。不過已經有一些熱心的網友開始行動起來準備拯救他們一直以來心愛的加密軟件，一個瑞士的開發者團隊剛剛組建了TrueCrypt新的網上家園。他們決心修復TrueCrypt的安全漏洞而且承諾沒有人可以強迫他們關閉大門！

參見：

Steve Gibson: TrueCrypt is still safe to use（TrueCrypt仍然能夠安全使用） https://www.grc.com/misc/truecrypt/truecrypt.htm

TrueCrypt瑞士開發團隊官網：If TrueCrypt.org really is dead, we will try to organize a future.  http://truecrypt.ch/

 

英文原文：https://www.grc.com/misc/truecrypt/truecrypt.htm

		TrueCryptⓇ
		Final Release Repository

1,132,149 views

Yes . . . TrueCrypt is still safe to use.

Phase 2 of the TrueCrypt Audit FINISHED! No significant cryptographic problems found And see why the TrueCrypt spinoffs are violations of the TrueCrypt license.

Google is generating a false-positive alert
Recent attempts to download the TrueCrypt files here, using Chrome or Firefox (Mozilla uses Google's technology), have been generating false-positive malware infection warnings. They must be false-positives because no change has been made to the files since this page was put up nearly a year ago (May 29th, 2014) and many people have confirmed that the downloaded binaries have not changed and that their cryptographic hashes still match.

Also, the well-known and respected 「VirusTotal」 site, which scans files through all virus scanners reports ZERO hits out of 57 separate virus scan tests: VirusTotal scan results.

We have no idea where or why Google got the idea that there was anything wrong with these files. This just appears to be 「The Google」 doing their best to protect us from ourselves. But that does misfire occasionally. We expect it to fix itself within a day or two.

Although the disappearance of the TrueCrypt site, whose ever-presence the Internet community long ago grew to take for granted, shocked and surprised many, it clearly came as no surprise to the developers who maintained the site and its namesake code for the past ten years. An analysis of the extensive changes made to TrueCrypt's swan song v7.2 release, and to the code's updated v3.1 license, shows that this departure, which was unveiled without preamble, was in fact quite well planned.

For reasons that remain a titillating source of hypothesis, intrigue and paranoia, TrueCrypt's developers chose not to graciously turn their beloved creation over to a wider Internet development community, but rather, as has always been their right granted by TrueCrypt's longstanding license, to attempt to kill it off by creating a dramatically neutered 7.2 version that can only be used to view, but no longer to create new, TrueCrypt volumes.

Then, leveraging the perverse and wrongheaded belief that software whose support was just cancelled renders it immediately untrustworthy, they attempted to foreclose on TrueCrypt's current and continued use by warning the industry that future problems would remain unrepaired. This being said of the latest 7.1a version of the code that has been used by millions, without change, since its release in February of 2012, more than 27 months before. Suddenly, for no disclosed reason, we should no longer trust it?

The mistake these developers made was in believing that
they still 「owned」 TrueCrypt, and that it was theirs to kill.

But that's not the way the Internet works. Having created something of such enduring value, which inherently requires significant trust and buy-in, they are rightly unable to now take it back. They might be done with it, but the rest of us are not.

The developers' jealousy is perhaps made more understandable by examining the code they have created. It is truly lovely. It is beautifully constructed. It is amazing work to be deeply proud of. Creating something of TrueCrypt's size and complexity, and holding it together as they did across the span of a decade, is a monumental and truly impressive feat of discipline. So it is entirely understandable when they imply, as quoted below, that they don't trust anyone else to completely understand and maintain their creation as they have. Indeed, it will not be easy. They might look at the coding nightmare atrocity that OpenSSL became over the same span of time and think: 「Better to kill off our perfect creation than turn it over to others and have it become that.」

Those who believe that there is something suddenly 「wrong」 with TrueCrypt because its creators have decided they no longer have so much to give are misguided.

TrueCrypt's creators may well be correct. TrueCrypt may never be as pure and perfect as it is at this moment, today—in the form they created and perfected. Their true final version, 7.1a, may be the pinnacle of this story. So anyone would and should be proud to use and to continue to use this beautiful tool as it is today.

TrueCrypt's formal code audit will continue as planned. Then the code will be forked, the product's license restructured, and it will evolve. The name will be changed because the developers wish to preserve the integrity of the name they have built. They won't allow their name to continue without them. But the world will get some future version, that runs on future operating systems, and future mass storage systems.

There will be continuity . . . as an interesting new chapter of Internet lore is born.

Linux Foundation
Tweets from the @OpenCryptoAudit project:

• At 5:40am, 29 May 2014
  We will be making an announcement later today on the TrueCrypt audit and our work ahead.
• 9 hours later at 2:40pm, 29 May 2014
  We are continuing forward with formal cryptanalysis of TrueCrypt 7.1 as committed, and hope to deliver a final audit report in a few months.
• And eight minutes later at 2:48pm, 29 May 2014
  We are considering several scenarios, including potentially supporting a fork under appropriate free license, w/ a fully reproducible build.

So it appears that the unexpected (putting it mildly) disappearance of TrueCrypt.org and the startling disavowal of TrueCrypt's bullet proof security will turn out to be a brief disturbance in the force. We should know much more about a trustworthy TrueCrypt in the late summer of 2014.

Time to panic? No. The TrueCrypt development team's deliberately alarming and unexpected 「goodbye and you'd better stop using TrueCrypt」 posting stating that TrueCrypt is suddenly insecure (for no stated reason) appears only to mean that if any problems were to be subsequently found, they would no longer be fixed by the original TrueCrypt developer team . . . much like Windows XP after May of 2014. In other words, we're on our own. But that's okay, since we now know that TrueCrypt is regarded as important enough (see tweets above from the Open Crypto Audit and Linux Foundation projects) to be kept alive by the Internet community as a whole. So, thanks guys . . . we'll take it from here.

Note that once TrueCrypt has been independently audited it will be the only mass storage encryption solution to have been audited. This will likely cement TrueCrypt's position as the top, cross-platform, mass storage encryption tool.

My two blog postings on the day, and the day after, TrueCrypt's self-takedown:

• Whither TrueCrypt?
• An Imagined Letter from the TrueCrypt Developer(s)

My third and final posting about this page, in order to allow feedback.
The posting generated many interesting comments:

• Yes . . . TrueCrypt is still safe to use.

And then the TrueCrypt developers were heard from . . . Steven Barnhart (@stevebarnhart) wrote to an eMail address he had used before and received several replies from 「David.」 The following snippets were taken from a twitter conversation which then took place between Steven Barnhart (@stevebarnhart) and Matthew Green (@matthew_d_green): TrueCrypt Developer 「David」: 「We were happy with the audit, it didn't spark anything. We worked hard on this for 10 years, nothing lasts forever.」 Steven Barnhart (Paraphrasing): Developer 「personally」 feels that fork is harmful: 「The source is still available as a reference though.」 Steven Barnhart: 「I asked and it was clear from the reply that "he" believes forking's harmful because only they are really familiar w/code.」 Steven Barnhart: 「Also said no government contact except one time inquiring about a ‘support contract.’ 」 TrueCrypt Developer 「David」 said: 「Bitlocker is ‘good enough’ and Windows was original ‘goal of the project.’ 」 Quoting TrueCrypt Developer David: 「There is no longer interest.」

TrueCrypt v7.1a installation packages:	Downloads
•  TrueCrypt Setup 7.1a.exe   (32/64-bit Windows)	285,739
•  TrueCrypt 7.1a Mac OS X.dmg	66,215
•  truecrypt-7.1a-linux-x64.tar.gz	69,302
•  truecrypt-7.1a-linux-x86.tar.gz	42,687
•  truecrypt-7.1a-linux-console-x64.tar.gz	30,893
•  truecrypt-7.1a-linux-console-x86.tar.gz	24,388
The TrueCrypt User's Guide for v7.1a:
•  TrueCrypt User Guide.pdf	152,372
The TrueCrypt v7.1a source code as a gzipped TAR and a ZIP:
•  TrueCrypt 7.1a Source.tar.gz	24,977
•  TrueCrypt 7.1a Source.zip	30,683

Verifying the TrueCrypt v7.1a Files
(Because caution is never foolish.)

Many sites attempt to assert the authenticity of the files they offer by posting their cryptographic hash values. But if bad guys were able to maliciously alter the downloaded files, they could probably also alter the displayed hashes. Until we have secure DNS (DNSSEC, which will create a secured Internet-wide reference for many things besides IP addresses) the best we can do is host confirmation hashes somewhere else, under the theory that as unlikely as it is that this primary site was hacked, it's significantly less likely that two unrelated sites were both hacked.

So, for those who double-knot their shoelaces, Taylor Hornby (aka FireXware) of Defuse Security is kindly hosting a page of hash values of every file listed above. And, being the thorough cryptographic code auditor that he is, Taylor first verified the files GRC is offering here against several independent archives:
https://defuse.ca/truecrypt-7.1a-hashes.htm

Additional online TrueCrypt sites and repositories:

• The reconstructed browsable version of the truecrypt.org website. A terrific Canadian web developer, Andrew Y. (who also created the ScriptSafe Chrome browser extension to duplicate the script-disabling of Firefox's NoScript), captured some of the TrueCrypt.org website before it disappeared from the Internet and then reconstructed the missing pieces using the PDF manual. The result is a terrific web-browsable site for TrueCrypt.
• TrueCrypt.ch: A just launched, Swiss-based, possible new home for TrueCrypt. Follow these folks on Twitter: @TrueCryptNext. Given the deliberate continuing licensing encumbrance of the registered TrueCrypt trademark, it seems more likely that the current TrueCrypt code will be forked and subsequently renamed. In other words . . . for legal reasons it appears that what TrueCrypt becomes will not be called 「TrueCrypt.」
• github.com/DrWhax/truecrypt-archive: This is a frequently cited and trusted archive maintained by Jurre van Bergen (@DrWhax) and Stefan Sundin. It contains a nearly complete, historical repository of previous TrueCrypt versions, tracking its evolution all the way back to when it was previously named 「ScramDisk」 (which is when we were first using and working with it).
• github.com/syglug/truecrypt: Another TrueCrypt v7.1 archive, though apparently not the latest. But readily browsable if someone wishes to poke around within the source with their web browser.
• IsTrueCryptAuditedYet.com: This is the home of the TrueCrypt auditing project. As the audit moves into its next phase, digging past the startup and boot loader and into the core crypto, updates will be posted and maintained here.

Thoughts about a next-generation encrypted-data logo:

Graphic designer William Culver spend a bit of time thinking about a logo for whatever TrueCrypt becomes in the future. The theme of an infinity symbol is meant to convey the endless lifetime of this terrific data encryption solution. As is made clear on William's page for this, he's releasing all copyright:

256 x 256 pixels

32 x 32 pixels

Additional Miscellany:

• Amazon uses TrueCrypt when exporting archived data to users. See the first Q&A of the link. TrueCrypt is a perfect solution for this. We have every reason to believe that it is utterly bulletproof and only TrueCrypt provides the universal Windows/Mac/Linux platform neutrality that this application requires.

瑞士繼續維護這個軟件的組織的官網是：https://truecrypt.ch/

下面說說我本身的總結：

官網最新的7.2版本不能正常使用，不過他的老版本能夠正常使用，好比7.2的上一個版本7.1a。這些繼續維護他的網站提供了7.1a版本的下載，並作了一些改進。因而我安裝了7.1a版本。安裝好是英文的界面，不過網上不少簡體中文語言包，複製到該軟件的安裝目錄而後在軟件的setting什麼選擇一下語言包便可，這個軟件能夠安裝，也能夠解壓使用，很方便，安裝好以後界面以下：

功能有不少，我說說幾種經常使用的使用吧。

文件型加密：

點擊「建立加密卷」，

能夠看見有三種，我如今說的就是第一種，第二種是以分區的形式，第三種是以系統分區的形式，也就是給你如今所使用的系統進行加密，開機的時候會提示你輸入密碼才能進入，繼續說第一種，下一步。

下一步。

這個時候須要手動建立一個文件來做爲你的加密分區，位置隨便你，點擊「選擇文件」

好比我輸入「加密文件夾」而後肯定。

下一步，這裏可改加密算法。

下一步。

這裏大小看你本身的須要，若是你要隱藏的東西不少就大點，此時下面爲何顯示的是D盤呢？這是由於我剛纔建立那個文件的時候建立在D盤裏面，因此咱們新建立的這個加密卷實際上是用了D盤的空間，從D盤劃分了一部分來使用，因此到時候我建立好這個加密卷的時候，這個加密卷有多大，那麼D盤也就會相應的減小多大的空間。這裏我就輸入100MB，而後下一步，

這裏提示你輸入密碼，而且可使用一個密鑰文件，若是你以爲不夠安全的話就可使用一個密鑰文件，這個文件能夠是一張圖片，一個mp3等等。而後到時候解密使用這個加密卷的時候沒有這個密鑰文件就不能解開，因此若是你使用了一個密鑰文件，那麼必定要保管好這個文件，不過到時候打不開你的加密卷是很悲催的。而後接着下一步。

個人密碼過短了，不要緊，選「是」

這裏你能夠選擇不一樣文件系統來做爲你加密卷的文件系統，而且能夠移動鼠標來產生隨機緩衝。而後選擇「格式化」。

退出便可。

到這裏建立文件型加密卷就完成了。那麼該怎麼使用這個呢？

咱們能夠看見這個加密卷的大小是100MB。

相應的D盤也減小了100MB。

此時咱們能夠經過掛載這個加密捲來往裏面添加一些咱們想要隱藏的文件，方法：隨便選擇一個盤符，

而後選擇咱們剛纔建立的那個文件。

而後點擊左下角的「掛載」，而後出現下面的提示，

輸入密碼而後肯定就會在資源管理器中看見多了一個盤符H。

此時就能夠往這個加密卷中添加東西了。

而後卸載以後就會隱藏掉這個加密捲了，別人不能看見，就算知道這個文件也沒有密碼打開。由於是文件型的加密卷，因此這個文件其實仍是屬於D盤，因此若是從D盤往這個加密卷中添加東西能夠看見很快，不過因爲我剛纔選擇的是FAT文件系統，因此不支持複製大於4G的文件，改爲NTFS就能夠了。還有就是咱們在這個加密卷中刪除一些東西以後咱們會看見這個加密卷的可用空間仍是同樣，這是由於這個在這個加密卷中也存在一個回收站，刪除的東西仍是在這個加密卷中，這個回收站是隱藏的，因此看不見，能夠經過取消勾選下圖中的選項來看見。

能夠在回收站上右擊——屬性讓刪除的文件不通過回收站。

還有咱們手動刪除了這個加密卷以後會發現他的空間歸還給了原來的D盤，由於這個是文件型的加密卷。

還有就是這個文件

能夠隨意更更名稱，也能夠添加擴展名。

這個軟件還有不少其餘的功能，好比加密windows，這裏就再也不講了。