# Requesting porting TrueCrypt to FreeBSD



## ph0enix (Apr 2, 2009)

What's the chance of someone actually doing that?
The OS-X source code can be downloaded here:
http://www.truecrypt.org/downloads2

Thanks! 

J.


----------



## Watermelon (Apr 3, 2009)

Hi,

there is also a FreeBSD config in Makefile oft the Linux/OSX Sourcecode....

about a year ago i requested that port too.... the german bsdgroup made a experimental port, the gui worked quiet well....

the problem was that system completly hung when copying bigger(few MB) to a container(with pw and keyfile)....

i dont remember more but there should be more info in the froum of the german bsdgroup and also on portsmailinglist...

https://forum.bsdgroup.de/showthread.php?t=1704
http://lists.freebsd.org/pipermail/freebsd-ports/2008-February/046790.html

regards Watermelon


----------



## oliverh (Apr 5, 2009)

I do think it has something to do with fusefs, but then I didn't try it anymore.


----------



## halplus (May 14, 2009)

Well FreeBSD has "native" heavy encryption since some time with GEOM (geom_eli). Take a look at:

http://en.wikipedia.org/wiki/GEOM
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/swap-encrypting.html

Is quite an advanced piece of software the one you decided to use . No game. Well maybe more user friendly things could make it more popular but the power is right there . Think about a GUI interface to that and you are unlikely to need truecrypt (and it's non-BSD license).


----------



## SirDice (May 14, 2009)

Unfortunately you can't attach a geli encrypted volume as a non-root user. 

I for one would be interested in something that a non-root user could use. On the fly attaching/mounting of encrypted volumes (think USB harddisks/memory sticks).


----------



## graudeejs (May 14, 2009)

you can....
you need to install and configure security/sudo
you can even configure it to allow attaching without password (Not the geli passphrase, don't get confused)


----------



## SirDice (May 14, 2009)

killasmurf86 said:
			
		

> you can....
> you need to install and configure security/sudo
> you can even configure it to allow attaching without password (Not the geli passphrase, don't get confused)



I am familiar with sudo but that's not what I had in mind. As in essence you still need root to do it (sudo takes care of the root bit). I want something a non-root user can use without the need for any type of root access.


----------



## halplus (Jun 25, 2009)

Let any user mount/dismount arbitrary volumes in my system without my permission? I don't think that's a good idea.


----------



## SirDice (Jun 25, 2009)

halplus said:
			
		

> Let any user mount/dismount arbitrary volumes in my system without my permission? I don't think that's a good idea.



It's what vfs.usermount does. And hald plus a DE. Doesn't work for encrypted volumes though..


----------



## hedwards (Jul 1, 2009)

halplus said:
			
		

> Is quite an advanced piece of software the one you decided to use . No game. Well maybe more user friendly things could make it more popular but the power is right there . Think about a GUI interface to that and you are unlikely to need truecrypt (and it's non-BSD license).


Well the reason why some want Truecrypt is mainly for interoperability purposes, I'm not personally aware of other options which are going to work in that fashion on Windows and Linux. Getting it to work on FreeBSD would mean that we wouldn't need to get the partitions working between programs.


----------



## Dara (Oct 28, 2009)

Any news on this ? 
it would be nice to have something that could be used on both BSD and windows..


----------



## dennylin93 (Oct 28, 2009)

halplus said:
			
		

> Let any user mount/dismount arbitrary volumes in my system without my permission? I don't think that's a good idea.



Sometimes it is necessary. People usually use a normal user for desktop environments. It would be quite absurd if they needed root privileges every time they plugged in a USB stick or use a CD/DVD.


----------



## Deleted member 2077 (Nov 11, 2009)

halplus said:
			
		

> Well FreeBSD has "native" heavy encryption since some time with GEOM (geom_eli). Take a look at:
> 
> http://en.wikipedia.org/wiki/GEOM
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
> ...



GEOM is really nice.  Unfortunately it's a pain to use if you want to have an encrypted root drive.  Also, you can't really share GEOM volumes like you can with truecrypt.  

Truecrypt support a "file based" FS and you can stick that on a memory stick and open it on your Windows, Mac and Linux workstations.


----------



## honk (Nov 11, 2009)

feralape said:
			
		

> GEOM is really nice.  Unfortunately it's a pain to use if you want to have an encrypted root drive.



A pain? Why do you think so? Is TrueCrypt better when it comes to complete disk encryption? Just curious...


----------



## Oko (Nov 12, 2009)

honk said:
			
		

> A pain? Why do you think so? Is TrueCrypt better when it comes to complete disk encryption? Just curious...


Because he doesn't know what he is talking about. Geli is kernel driver. TrueCrypt is userland program. Colin Percival's scrypt is by far the best userland crypto function available. By the way Colin Parcival is one of the brightest FreeBSD developers and I am not saying that just because he has Ph.D. in mathematics from Oxford University


----------



## halplus (Nov 25, 2009)

hedwards said:
			
		

> Well the reason why some want Truecrypt is mainly for interoperability purposes, I'm not personally aware of other options which are going to work in that fashion on Windows and Linux. Getting it to work on FreeBSD would mean that we wouldn't need to get the partitions working between programs.



Allright I buy the interoperability reason. What i still do not buy is the port. I mean wouldn't be better to instead of reuse code that works in Kernel Mode for another OS to reuse code from FreeBSD? (TrueCrypt has a KM driver at least in windows). Also does it needs to be done in KM? I mean in linux you can use loopback and losetup to mount a file as disk partition (thinking about reuse here and also base security on existing one)


----------



## halplus (Nov 25, 2009)

dennylin93 said:
			
		

> Sometimes it is necessary. People usually use a normal user for desktop environments. It would be quite absurd if they needed root privileges every time they plugged in a USB stick or use a CD/DVD.



Well in any case (including desktop usage) leave anybody do that is a magnificent security hole in some use cases (if not all). And.. do you need to grant all privileges to do that? I mean somebody mentioned sudo wich i think is a nice option (configurable at will). Or maybe sudo a script that mounts x or y only.


----------



## halplus (Nov 25, 2009)

halplus said:
			
		

> I mean in linux you can use loopback and losetup to mount a file as disk partition (thinking about reuse here and also base security on existing one)



Ok is not the same as in linux:

http://www.freebsd.org/doc/en/books/handbook/disks-virtual.html


----------



## dekloper (Jan 21, 2010)

halplus said:
			
		

> Well FreeBSD has "native" heavy encryption since some time with GEOM (geom_eli). Take a look at:
> 
> http://en.wikipedia.org/wiki/GEOM
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
> ...



It`s all very well, but in the current working system is not very convenient, since the cryptosystem based on geom_eli involves the destruction of existing data files. 
I would like to see a solution, allowing encryption of existing data, such as truecrypt. 
There is a similar opensource project for Win-platforms http://diskcryptor.net


----------



## danger@ (Jan 22, 2010)

you can always backup && restore onto an encrypted partition...


----------



## jkusniar (Jan 26, 2010)

*pefs*

Hello. While looking around for encryption solution, which could be used by regular users to encrypt e.g. one directory inside their home dir, I have found this: http://wiki.freebsd.org/SOC2009GlebKurtsov. Does anyone have any experience with it?


----------



## foo_daemon (Oct 21, 2011)

Someone has (at long last?) complied with this request! security/truecrypt.
Apparently the latest version (7.1) supports the GUI, but hell, I would be fine with just a working command line version. I'm updating my ports and installing it now..


----------

