Re: [Tails-dev] VeraCrypt/TrueCrypt support in GNOME Disks

Nachricht löschen

Nachricht beantworten
Autor: segfault
Datum:  
To: devkit-devel
CC: tails-dev
Betreff: Re: [Tails-dev] VeraCrypt/TrueCrypt support in GNOME Disks
Hi,

segfault:
> We are currently working on the patches for the unlock dialog in Disks.
> This will probably be finished soon. The resulting UI is much more
> complex than in the LUKS case, but this simply reflects the more complex
> needs of VeraCrypt users.


the Disks patches are ready now, they can be found in the support-tcrypt
branch at https://github.com/segfault3/gnome-disk-utility.

This branch requires udisks and libblockdev with TCRYPT support, which
can be found in the support-tcrypt and add_veracrypt branches at:
https://github.com/segfault3/udisks
https://github.com/segfault3/libblockdev

This extends the unlock dialog by widgets which allow specifying the
parameters supported by TrueCrypt and VeraCrypt volumes. This includes:

- Whether the volume to be unlocked is hidden.
- Whether the volume to be unlocked is a system partition.
Note: TrueCrypt and VeraCrypt only support encrypting Windows system
partitions [1], so the label for this option is "Windows system".
- Whether to use a PIM [2].
- Whether to use one or multiple keyfiles. In the beginning there is
only one button to choose a single keyfile. When a keyfile is chosen,
another button appears below to allow selecting another keyfile, and
so on.

To reduce the number of options displayed by default, the additional
options are hidden below an expander labeled "More options".

Since TCRYPT volumes cannot be reliably detected as such, a label is
displayed at the top of the unlock dialog to indicate to the user that
this volume might not actually be encrypted.

[1] https://www.veracrypt.fr/en/System%20Encryption.html
[2] https://www.veracrypt.fr/en/Header%20Key%20Derivation.html

Cheers!