Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Free and simple TrueCrypt Implementation based on dm-crypt
tree: 6846f47990

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.


A Linux port is underway.

*NOTE* tcplay has now been integrated into DragonFly BSD, it's actual home. I'll
try to keep the version up here up to date, but I can't make any promises. For
the newest version, check out DragonFly BSD and look into sbin/tcplay and
If anyone wants to add new features or port it to another OS, I'll gladly merge
your changes into this repository so that there is a single POC. But until then
it's home will mainly be DragonFly.

*NOTE* This code is *EXPERIMENTAL*, use it at your own risk! It has been tested
in quite a range of scenarios, though :)

This is a free (BSD-licensed) TrueCrypt implementation. It is based solely on
the documentation available on the TrueCrypt website, many hours of
trial and error and the output of the Linux' TrueCrypt client. As it turns out,
most technical documents on TrueCrypt contains mistakes, hence the trial and
error approach :)

Some notable differences between actual implementation and documentation:
 - PBKDF using RIPEMD160 only uses 2000 iterations if the volume isn't a system
 - The keyfile pool is not XOR'ed with the passphrase but modulo-8 summed.
 - Every field *except* the minimum version field of the volume header are in
   big endian.
 - Some volume header fields (creation time of volume and header) are missing
   in the documentation.
 - All two-way cipher cascades are the wrong way round in the documentation,
   but all three-way cipher cascades are correct.

It is designed for DragonFly BSD, but would work, with minor changes, on any
OS with device mapper and dm-crypt. This is also the reason for the dependency
on libprop, since the DragonFly libdevmapper uses libprop. One of the main
bits that would need porting is the crypto.c or crypto-dev.c implementation;
for Linux a reasonable approach would be to create a crypto-gcrypt.c that uses
libgcrypt instead of a mix of OpenSSL and cryptodev(9). Since libdevmapper
is GPL-licensed, on DragonFly libdm is used, a BSD-licensed version of libdevmapper
that I hacked together in a few hours.

Another thing requiring porting are bits and pieces in io.c; mainly the
get_disk_info function needs to be adapted to the system. Depending on whether
your system has urandom, random and tty in /dev or not, other changes may be
required, too. Some of the endianess macros in hdr.c might need to be changed
if you don't have be32toh, htobe32, etc.

The implementation in crypto.c (the file is now gone, but is present in older
revisions) is not very useful right now; it's just a proof of concept
of how to use OpenSSL to do the crypto and hashing, but since the
current OpenSSL version doesn't support XTS mode, and the coming versions will
only support AES-XTS, it is not for real use. DragonFly BSD uses the hybrid
OpenSSL + cryptodev(9) approach that can be found in crypto-dev.c. OpenSSL is
only used for the hash/pbkdf2. The encryption/decryption is performed via
cryptodev(9) with enabled cryptosoft.

This implementation supports mapping (opening) both system and normal TrueCrypt
volumes, as well as opening hidden volumes and opening an outer volume while
protecting a hidden volume.

Support for creating volume was only recently added and has been tested, but it
is still considered experimental.
Something went wrong with that request. Please try again.