Skip to content
This repository


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Free and simple TrueCrypt Implementation based on dm-crypt

tree: 6677c0f3b9

Fetching latest commit…

Cannot retrieve the latest commit at this time

tcplay is now available for both DragonFly BSD and Linux. The Linux port still
needs extensive testing, but most stuff works.

If anyone wants to add new features or port it to another OS, I'll gladly merge
your changes into this repository so that there is a single point of contact.

Coming features:
	- restoring header from backup header
	- ???

*NOTE* This code is *EXPERIMENTAL*, use it at your own risk! It has been tested
in quite a range of scenarios, though :)

This is a free (BSD-licensed), pretty much fully featured (including multiple
keyfiles, cipher cascades, etc) TrueCrypt implementation. I would consider
dual-licensing it if required. Drop me an email to discuss the options :)

It is based solely on the documentation available on the TrueCrypt website,
many hours of trial and error and the output of the Linux' TrueCrypt client.
As it turns out, most technical documents on TrueCrypt contains mistakes, hence
the trial and error approach :)

Some notable differences between actual implementation and documentation:
 - PBKDF using RIPEMD160 only uses 2000 iterations if the volume isn't a system
 - The keyfile pool is not XOR'ed with the passphrase but modulo-8 summed.
 - Every field *except* the minimum version field of the volume header are in
   big endian.
 - Some volume header fields (creation time of volume and header) are missing
   in the documentation.
 - All two-way cipher cascades are the wrong way round in the documentation,
   but all three-way cipher cascades are correct.

DragonFly BSD uses the hybrid OpenSSL + cryptodev(9) approach that can be 
found in crypto-dev.c. OpenSSL is only used for the hash/pbkdf2. The
encryption/decryption is performed via cryptodev(9) with enabled cryptosoft.

On Linux gcrypt is used for the encryption and decryption. For the hash/pbkdf2
either gcrypt or OpenSSL can be used. gcrypt only supports pbkdf2 since its
July release (1.5.0), while OpenSSL has had pbkdf2 since around December, so
its easier to find in most distros.

The crypto options can be chosen with make/Makefile parameters.

The interface to device mapper is libdevmapper on Linux and libdm on DragonFly.
libdm is a BSD-licensed version of libdevmapper that I hacked together in a few

This implementation supports mapping (opening) both system and normal TrueCrypt
volumes, as well as opening hidden volumes and opening an outer volume while
protecting a hidden volume. There is also support to create volumes, including
hidden volumes, etc.
Something went wrong with that request. Please try again.