Shell script: truecrypt-1.0.sh

01 November 2007

To scratch a frequently encountered itch, namely mounting and unmounting Truecrypt volumes on USB keys and external drives on a number of systems in a day, I wrote a shell script that automates the command line arguments that I use most often as well as making it simpler to assume root privileges to do so. The script is designed to be kept on the key along with the encrypted datastore, though it could also be placed on each system in a publically accessible location (such as /usr/local/bin)

The script assumes that it'll be run on a UNIX (-alike) system with both Truecrypt and sudo installed, and that the user accounts which have need of Truecrypt volumes have been configured to mount and unmount said volumes with a line similar to the following in the /etc/sudoers file:

%truecrypt ALL=(root) NOPASSWD:/usr/bin/truecrypt

If the user account in question has sudo access but must supply their password to authenticate, the sudo utility will automatically prompt the user for it per usual.

It should work on pretty much any Linux system that meets these requirements (it was developed on Gentoo). If you keep copies of this script with the datastores, you'll either have to mount the key without the 'noexec' option (set in /etc/fstab), or you'll have to perform some shell interpreter gymnastics (/bin/bash /mnt/usb_key/truecrypt.sh mount /mnt/usb_key/foobar.tc /home/vector/mnt) to get around that.

Options passed to the Truecrypt executable are simple and hard coded. If you need anything different, you'll have to edit the script, which is a trivial exercise. The command truecrypt.sh help will display the online documentation.

truecrypt-1.0.sh (PGP signature)

gpg --verify truecrypt-1.0.sh.asc to verify download; signed with my public key)