1.\" 2.\" Copyright (c) 2011 3.\" The DragonFly Project. All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in 13.\" the documentation and/or other materials provided with the 14.\" distribution. 15.\" 3. Neither the name of The DragonFly Project nor the names of its 16.\" contributors may be used to endorse or promote products derived 17.\" from this software without specific, prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23.\" COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 24.\" INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 25.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 27.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 29.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.Dd July 5, 2011 33.Dt TCPLAY 8 34.Os 35.Sh NAME 36.Nm tcplay 37.Nd tool to manage TrueCrypt volumes 38.Sh SYNOPSIS 39.Nm 40.Fl c 41.Fl d Ar device 42.Op Fl g 43.Op Fl a Ar pbkdf_hash 44.Op Fl b Ar cipher 45.Op Fl f Ar keyfile_hidden 46.Op Fl k Ar keyfile 47.Op Fl x Ar pbkdf_hash 48.Op Fl y Ar cipher 49.Nm 50.Fl i 51.Fl d Ar device 52.Op Fl e 53.Op Fl f Ar keyfile_hidden 54.Op Fl k Ar keyfile 55.Op Fl s Ar system_device 56.Nm 57.Fl m Ar mapping 58.Fl d Ar device 59.Op Fl e 60.Op Fl f Ar keyfile_hidden 61.Op Fl k Ar keyfile 62.Op Fl s Ar system_device 63.Nm 64.Fl h | v 65.Sh DESCRIPTION 66The 67.Nm 68utility provides full support for creating and opening/mapping 69TrueCrypt-compatible volumes. 70It supports the following commands, each with a set of options 71detailed further below: 72.Bl -tag -width indent 73.It Fl c , Fl -create 74Create a new encrypted TrueCrypt volume on the device 75specified by 76.Fl -device . 77.It Fl h, Fl -help 78Print help message and exit. 79.It Fl i , Fl -info 80Print out information about the encrypted device specified by 81.Fl -device . 82.It Fl m Ar mapping , Fl -map Ns = Ns Ar mapping 83Map the encrypted TrueCrypt volume on the device specified by 84.Fl -device 85as a 86.Xr dm 4 87mapping called 88.Ar mapping . 89.It Fl v, Fl -version 90Print version message and exit. 91.El 92.Pp 93Options common to all commands are: 94.Bl -tag -width indent 95.It Fl d Ar device , Fl -device Ns = Ns Ar device 96Specifies the disk 97.Ar device 98on which the TrueCrypt volume resides/will reside. 99This option is mandatory for all commands. 100.It Fl f Ar keyfile_hidden , Fl -keyfile-hidden Ns = Ns Ar keyfile_hidden 101Specifies a keyfile 102to use in addition to the passphrase when either creating a 103hidden volume or when protecting a hidden volume while mapping 104or querying the outer volume. 105If you only intend to map a hidden volume, the 106.Fl -keyfile 107option has to be used. 108This option can appear multiple times; if so, multiple 109keyfiles will be used. 110.It Fl k Ar keyfile , Fl -keyfile Ns = Ns Ar keyfile 111Specifies a 112.Ar keyfile 113to use in addition to the passphrase. 114This option can appear multiple times; if so, multiple 115keyfiles will be used. 116.El 117.Pp 118Additional options for the 119.Fl -create 120command are: 121.Bl -tag -width indent 122.It Fl a Ar pbkdf_hash , Fl -pbkdf-prf Ns = Ns Ar pbkdf_hash 123Specifies which hash algorithm to use for the PBKDF2 password 124derivation. 125To see which algorithms are supported, specify 126.Fl -pbkdf-prf Ns = Ns Cm help . 127.It Fl b Ar cipher , Fl -cipher Ns = Ns Ar cipher 128Specifies which cipher algorithm or cascade of ciphers to use 129to encrypt the new volume. 130To see which algorithms are supported, specify 131.Fl -cipher Ns = Ns Cm help . 132.It Fl g, Fl -hidden 133Specifies that the newly created volume will contain a hidden 134volume. 135The keyfiles applied to the passphrase for the hidden 136volume are those specified by 137.Fl -keyfile-hidden . 138The user will be prompted for the size of the hidden volume 139interactively. 140.It Fl x Ar pbkdf_hash , Fl -pbkdf-prf-hidden Ns = Ns Ar pbkdf_hash 141Specifies which hash algorithm to use for the PBKDF2 password 142derivation for the hidden volume. 143Only valid in conjunction with 144.Fl -hidden . 145If no algorithm is specified, the same as for the outer volume 146will be used. 147To see which algorithms are supported, specify 148.Fl -pbkdf-prf-hidden Ns = Ns Cm help . 149.It Fl y Ar cipher , Fl -cipher-hidden Ns = Ns Ar cipher 150Specifies which cipher algorithm or cascade of ciphers to use 151to encrypt the hidden volume on the new TrueCrypt volume. 152Only valid in conjunction with 153.Fl -hidden . 154If no cipher is specified, the same as for the outer volume 155will be used. 156To see which algorithms are supported, specify 157.Fl -cipher-hidden Ns = Ns Cm help . 158.El 159.Pp 160Additional options for the 161.Fl -info 162and 163.Fl -map 164commands are: 165.Bl -tag -width indent 166.It Fl e, Fl -protect-hidden 167Specifies that an outer volume will be queried or mapped, but 168its reported size will be adjusted accordingly to the size of 169the hidden volume contained in it. 170Both the hidden volume and outer volume passphrase and keyfiles 171will be required. 172.It Fl s Ar system_device , Fl -system-encryption Ns = Ns Ar system_device 173This option is required if you are attempting to access a device 174that uses system encryption, for example an encrypted 175.Tn Windows 176system partition. 177The 178.Fl -device 179option will point at the actual encrypted partition, while the 180.Ar system_device 181argument will point to the parent device (i.e.\& underlying physical disk) 182of the encrypted partition. 183.El 184.Sh EXAMPLES 185Create a new TrueCrypt volume on 186.Pa /dev/vn0 187using the cipher cascade 188of AES and Twofish and the Whirlpool hash algorithm for 189PBKDF2 password derivation and two keyfiles, 190.Pa one.key 191and 192.Pa two.key : 193.Bd -ragged -offset indent 194.Nm Fl -create 195.Fl -device Ns = Ns Cm /dev/vn0 196.Fl -cipher Ns = Ns Cm AES-256-XTS,TWOFISH-256-XTS 197.Fl -pbkdf-prf Ns = Ns Cm whirlpool 198.Fl -keyfile Ns = Ns Cm one.key 199.Fl -keyfile Ns = Ns Cm two.key 200.Ed 201.Pp 202Map the outer volume on the TrueCrypt volume on 203.Pa /dev/vn0 204as 205.Sy truecrypt1 , 206but protect the hidden volume, using the keyfile 207.Pa hidden.key , 208from being overwritten: 209.Bd -ragged -offset indent 210.Nm Fl -map Ns = Ns Cm truecrypt1 211.Fl -device Ns = Ns Cm /dev/vn0 212.Fl -protect-hidden 213.Fl -keyfile-hidden Ns = Ns Cm hidden.key 214.Ed 215.Pp 216Map the hidden volume on the TrueCrypt volume on 217.Pa /dev/vn0 218as 219.Sy truecrypt2 , 220using the keyfile 221.Pa hidden.key : 222.Bd -ragged -offset indent 223.Nm Fl -map Ns = Ns Cm truecrypt2 224.Fl -device Ns = Ns Cm /dev/vn0 225.Fl -keyfile Ns = Ns Cm hidden.key 226.Ed 227.Sh SEE ALSO 228.Xr crypttab 5 , 229.Xr cryptsetup 8 230.Sh HISTORY 231The 232.Nm 233utility appeared in 234.Dx 2.11 . 235.Sh AUTHORS 236.An Alex Hornung 237