📄 cli.c
字号:
Released under the TrueCrypt Collective License 1.0\n\n\
Copyright (C) 2004-2006 TrueCrypt Foundation. All Rights Reserved.\n\
Copyright (C) 1998-2000 Paul Le Roux. All Rights Reserved.\n\
Copyright (C) 2004 TrueCrypt Team. All Rights Reserved.\n\
Copyright (C) 1999-2005 Dr. Brian Gladman. All Rights Reserved.\n\
Copyright (C) 1995-1997 Eric Young. All Rights Reserved.\n\
Copyright (C) 2001 Markus Friedl. All Rights Reserved.\n\n"
, VERSION_STRING);
}
static void DumpUsage (FILE *f)
{
fprintf (f,
"Usage: truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]\n"
" or: truecrypt [OPTIONS] -i\n"
" or: truecrypt [OPTIONS] -c | --create | -C | --change [VOLUME_PATH]\n"
" or: truecrypt [OPTIONS] -d | --dismount | -l | --list [MAPPED_VOLUME]\n"
" or: truecrypt [OPTIONS] --backup-headers | --restore-header FILE [VOLUME]\n"
" or: truecrypt [OPTIONS] --properties [VOLUME_PATH]\n"
" or: truecrypt [OPTIONS] --keyfile-create FILE\n"
" or: truecrypt -h | --help | --test | -V | --version\n"
"\nCommands:\n"
" VOLUME_PATH Map volume\n"
" VOLUME_PATH MOUNT_DIRECTORY Map and mount volume\n"
" --backup-headers FILE [VOLUME] Backup headers of VOLUME to FILE\n"
" -c, --create [VOLUME_PATH] Create a new volume\n"
" -C, --change [VOLUME_PATH] Change password/keyfile(s)\n"
" -d, --dismount [MAPPED_VOLUME] Dismount and unmap volume\n"
" -h, --help Display detailed help\n"
" --keyfile-create FILE Create a new keyfile\n"
" -i, --interactive Map and mount volume interactively\n"
" -l, --list [MAPPED_VOLUME] List mapped volumes\n"
" --properties [VOLUME_PATH] Display properties of volume\n"
" --restore-header FILE [VOLUME] Restore header of VOLUME from FILE\n"
" --test Test algorithms\n"
" -V, --version Display version information\n"
"\nOptions:\n"
" --cluster SIZE Cluster size\n"
" --display-keys Display encryption keys\n"
" --display-password Display password while typing\n"
" --disable-progress Disable progress display\n"
" --encryption EA Encryption algorithm\n"
" --filesystem TYPE Filesystem type\n"
" --hash HASH Hash algorithm\n"
" -k, --keyfile FILE|DIR Keyfile for volume\n"
" --keyfile-add FILE|DIR New keyfile for volume\n"
" -K, --keyfile-protected FILE|DIR Keyfile for protected volume\n"
" -M, --mount-options OPTIONS Mount options\n"
" -N, --device-number NUMBER Map volume as device number\n"
" --overwrite Overwrite files without confirmation\n"
" -p, --password PASSWORD Password for volume\n"
" --password-tries NUMBER Password entry tries\n"
" -P, --protect-hidden Protect hidden volume\n"
" --random-source FILE Random number generator input file\n"
" --quick Use quick format\n"
" --update-time Do not preserve timestamps\n"
" -r, --read-only Map/Mount volume as read-only\n"
" --size SIZE Volume size\n"
" --type TYPE Volume type\n"
" -u, --user-mount Set default user and group ID on mount\n"
" -v, --verbose Verbose output\n"
"\n MAPPED_VOLUME = DEVICE_NUMBER | DEVICE_NAME | MOUNT_POINT | VOLUME_PATH\n"
"For a detailed help, use --help or see truecrypt(1) man page.\n"
"For more information, visit <http://www.truecrypt.org/docs/>.\n"
);
}
static void DumpHelp ()
{
fprintf (stdout,
"Manages encrypted TrueCrypt volumes, which can be mapped as virtual block\n"
"devices and used as any other standard block device. All data being read\n"
"from a mapped TrueCrypt volume is transparently decrypted and all data being\n"
"written to it is transparently encrypted.\n"
"\n"
"Usage: truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]\n"
" or: truecrypt [OPTIONS] -i\n"
" or: truecrypt [OPTIONS] -c | --create | -C | --change [VOLUME_PATH]\n"
" or: truecrypt [OPTIONS] -d | --dismount | -l | --list [MAPPED_VOLUME]\n"
" or: truecrypt [OPTIONS] --backup-headers | --restore-header FILE [VOLUME]\n"
" or: truecrypt [OPTIONS] --properties [VOLUME_PATH]\n"
" or: truecrypt [OPTIONS] --keyfile-create FILE\n"
" or: truecrypt -h | --help | --test | -V | --version\n"
"\n"
"Options:\n"
"\n"
"VOLUME_PATH [MOUNT_DIRECTORY]\n"
" Open a TrueCrypt volume specified by VOLUME_PATH and map it as a block device\n"
" /dev/mapper/truecryptN. N is the first available device number if not\n"
" otherwise specified with -N. To map a hidden volume, specify its password\n"
" and/or keyfiles (the outer volume cannot be mapped at the same time).\n"
" Filesystem of the mapped volume is mounted at MOUNT_DIRECTORY if specified.\n"
" See also options --display-password, --filesystem, -k, -M, -p, -P,\n"
" --password-tries, -r, -u, --update-time. Note that passing some of the options\n"
" may affect security or plausible deniability. See options -i and -p for more\n"
" information.\n"
"\n"
"--backup-headers BACKUP_FILE [VOLUME_PATH]\n"
" Backup headers of a volume specified by VOLUME_PATH to a file BACKUP_FILE.\n"
" Volume path is requested from user if not specified on command line. Both\n"
" normal/outer and hidden volume headers are stored in the backup file even\n"
" if there is no hidden volume within the volume (to preserve plausible\n"
" deniability). When restoring the volume header, it is possible to select\n"
" which header is to be restored. Note that this command drops effective user\n"
" ID. See also --restore-header.\n"
"\n"
"-c, --create [VOLUME_PATH]\n"
" Create a new volume. Most options are requested from user if not specified\n"
" on command line. Hidden volume can be created only in an existing file or\n"
" device. Size of the hidden volume should not exceed the free space of the\n"
" filesystem on the outer volume. Hidden volume protection (see option -P)\n"
" should be used to update the outer volume contents after the hidden volume\n"
" is created. WARNING: To prevent data corruption, you should follow the\n"
" instructions in the EXAMPLES section on how to create a hidden volume.\n"
" Note that this command drops effective user ID.\n"
" See also options --cluster, --disable-progress, --display-keys,\n"
" --encryption, -k, --filesystem, --hash, -p, --random-source, --quick, --size,\n"
" --type. Note that passing some of the options may affect security or plausible\n"
" deniability. See option -p for more information.\n"
"\n"
"-C, --change [VOLUME_PATH]\n"
" Change a password and/or keyfile(s) of a volume. Volume path and passwords are\n"
" requested from user if not specified on command line. PKCS-5 PRF HMAC hash\n"
" algorithm can be changed with option --hash. See also options -k,\n"
" --keyfile-add, -p, --random-source, -v.\n"
"\n"
"-d, --dismount [MAPPED_VOLUME]\n"
" Dismount and unmap mapped volumes. If MAPPED_VOLUME is not specified, all\n"
" volumes are dismounted and unmapped. See below for a description of\n"
" MAPPED_VOLUME.\n"
"\n"
"-h, --help\n"
" Display help information.\n"
"\n"
"-i, --interactive\n"
" Map and mount a volume interactively. Options which may affect security or\n"
" plausible deniability are requested from the user. See option -p for more\n"
" information.\n"
"\n"
"-l, --list [MAPPED_VOLUME]\n"
" Display a list of mapped volumes. If MAPPED_VOLUME is not specified, all\n"
" volumes are listed. By default, the list contains only volume path and mapped\n"
" device name pairs. A more detailed list can be enabled by verbose output\n"
" option (-v). See below for a description of MAPPED_VOLUME.\n"
"\n"
"--keyfile-create FILE\n"
" Create a new keyfile using the random number generator. FILE argument specifies\n"
" the output file. Note that this command drops effective user ID.\n"
"\n"
"--properties [VOLUME_PATH]\n"
" Display properties of a volume specified by VOLUME_PATH.\n"
"\n"
"--restore-header BACKUP_FILE [VOLUME_PATH]\n"
" Restore header of a volume specified by VOLUME_PATH from a file BACKUP_FILE.\n"
" Volume path is requested from user if not specified on command line.\n"
" Type of the restored volume header (normal/hidden) is requested from user if\n"
" not specified with --type. Note that this command drops effective user ID.\n"
" See also --backup-headers.\n"
"\n"
"--test\n"
" Test all internal algorithms used in the process of encryption and decryption.\n"
"\n"
"-V, --version\n"
" Display version information.\n"
"\n"
"MAPPED_VOLUME:\n"
" Specifies a mapped or mounted volume. One of the following forms can be used:\n\n"
" 1) Path to the encrypted TrueCrypt volume.\n\n"
" 2) Mount directory of the volume's filesystem (if mounted).\n\n"
" 3) Device number of the mapped volume.\n\n"
" 4) Device name of the mapped volume.\n\n"
"\n"
"--cluster SIZE\n"
" Use specified cluster size when creating a new volume. SIZE defines the number\n"
" of sectors per cluster.\n"
"\n"
"--disable-progress\n"
" Disable display of progress information during creation of a new volume.\n"
"\n"
"--display-keys\n"
" Display encryption keys generated during creation of a new volume.\n"
"\n"
"--display-password\n"
" Display password characters while typing.\n"
"\n"
"--encryption ENCRYPTION_ALGORITHM\n"
" Use specified encryption algorithm when creating a new volume.\n"
"\n"
"--filesystem TYPE\n"
" Filesystem type to mount. The TYPE argument is passed to mount(8) command\n"
" with option -t. Default type is 'auto'. When creating a new volume, this\n"
" option specifies the filesystem to be created on the new volume.\n"
"\n"
"--hash HASH\n"
" Use specified hash algorithm when creating a new volume or changing password\n"
" and/or keyfiles.\n"
"\n"
"-k, --keyfile FILE | DIRECTORY\n"
" Use specified keyfile to open a volume to be mapped (or when changing password\n"
" and/or keyfiles). When a directory is specified, all files inside it will be\n"
" used (non-recursively). Additional keyfiles can be specified with multiple -k\n"
" options. Empty keyfile (-k "") disables interactive requests for keyfiles\n"
" (e.g., when creating a new volume). See also option -K.\n"
"\n"
"-K, --keyfile-protected FILE | DIRECTORY\n"
" Use specified keyfile to open a hidden volume to be protected. This option\n"
" may be used only when mounting an outer volume with hidden volume protected.\n"
" See also options -k and -P.\n"
"\n"
"--keyfile-add FILE | DIRECTORY\n"
" Add specified keyfile to a volume when changing its password and/or keyfiles.\n"
" This option must be also used to keep all previous keyfiles asigned to a\n"
" volume. See EXAMPLES for more information.\n"
"\n"
"-M, --mount-options OPTIONS\n"
" Filesystem mount options. The OPTIONS argument is passed to mount(8)\n"
" command with option -o.\n"
"\n"
"-N, --device-number N\n"
" Use device number N when mapping a volume as a block device\n"
" /dev/mapper/truecryptN. Default is the first available device.\n"
"\n"
"--overwrite\n"
" Overwrite files without prompting the user for confirmation.\n"
"\n"
"-p, --password PASSWORD\n"
" Use specified password to open a volume. Additional passwords can be\n"
" specified with multiple -p options. An empty password can also be specified\n"
" (\"\" in most shells). Note that passing a password on the command line is\n"
" potentially insecure as the password may be visible in the process list\n"
" (see ps(1)) and/or stored in a command history file. \n"
" \n"
"--password-tries NUMBER\n"
" Prompt NUMBER of times for a password until the correct password is entered.\n"
" Default is to prompt three times.\n"
"\n"
"-P, --protect-hidden\n"
" Write-protect a hidden volume when mapping an outer volume. Before mapping the\n"
" outer volume, the user will be prompted for a password to open the hidden\n"
" volume. The size and position of the hidden volume is then determined and the\n"
" outer volume is mapped with all sectors belonging to the hidden volume\n"
" protected against write operations. When a write to the protected area is\n"
" prevented, the whole volume is switched to read-only mode. Verbose list command\n"
" (-vl) can be used to query the state of the hidden volume protection. Warning\n"
" message is displayed when a volume switched to read-only is being dismounted.\n"
" See also options -r and -i.\n"
"\n"
"--quick\n"
" Use quick format when creating a new volume. This option can be used only\n"
" when creating a device-hosted volume. Quick format is always used when\n"
" creating a hidden volume.\n"
"\n"
"--random-source FILE\n"
" Use FILE as a source of random numbers. Standard input is used if '-' is\n"
" specified.\n"
"\n"
"-r, --read-only\n"
" Map and mount a volume as read-only. Write operations to the volume may not\n"
" fail immediately due to the write buffering performed by the system, but the\n"
" physical write will still be prevented.\n"
"\n"
"--size SIZE\n"
" Use specified size when creating a new volume. SIZE is defined as number of\n"
" bytes or, when a size suffix K/M/G is used, Kilobytes/Megabytes/Gigabytes.\n"
" Note that size must be a multiple of 512 bytes.\n"
"\n"
"--type TYPE\n"
" Use specified volume type when creating a new volume or restoring a volume\n"
" header. TYPE can be 'normal' or 'hidden'.\n"
"\n"
"-u, --user-mount\n"
" Set default user and group ID of the filesystem being mounted to the user and\n"
" group ID of the process which executed TrueCrypt. Some filesystems (like FAT)\n"
" do not support user permissions and, therefore, it is necessary to supply a\n"
" default user and group ID to the system when mounting such filesystems.\n"
"\n"
"--update-time\n"
" Do not preserve access and modification timestamps of volume containers and\n"
" access timestamps of keyfiles. By default, timestamps are restored after\n"
" a volume is unmapped or after a keyfile is closed.\n"
"\n"
"-v, --verbose\n"
" Enable verbose output. Multiple -v options can be specified to increase the\n"
" level of verbosity.\n"
"\n"
"Examples:\n"
"\n"
"truecrypt /root/volume.tc /mnt/tc\n"
" Map a volume /root/volume.tc and mount its filesystem at directory /mnt/tc.\n"
"\n"
"truecrypt -u /dev/hda2 /mnt/tc\n"
" Map a volume /dev/hda2 (first ATA disk, primary partition 2) and mount its\n"
" filesystem at /mnt/tc. Default user-id is set, which is useful when mounting\n"
" a filesystem like FAT under a non-admin user account.\n"
"\n"
"truecrypt -i\n"
" Map and mount a volume. Options are requested interactively.\n"
"\n"
"truecrypt -d\n"
" Dismount and unmap all mapped volumes.\n"
"\n"
"truecrypt -d /root/volume.tc\n"
" Dismount and unmap a volume /root/volume.tc.\n"
"\n"
"truecrypt -d /mnt/tc\n"
" Dismount and unmap a volume mounted at /mnt/tc.\n"
"\n"
"truecrypt -vl\n"
" Display a detailed list of all mapped volumes.\n"
" \n"
"truecrypt -N 1 /dev/hdc1 && mkfs /dev/mapper/truecrypt1\n"
" Map a volume /dev/hdc1 and create a new filesystem on it.\n"
"\n"
"truecrypt -P /dev/hdc1 /mnt/tc\n"
" Map and mount outer volume /dev/hdc1 and protect hidden volume within it.\n"
"\n"
"truecrypt -p \"\" -p \"\" -k key1 -k key2 -K key_hidden -P volume.tc\n"
" Map outer volume ./volume.tc and protect hidden volume within it.\n"
" The outer volume is opened with keyfiles ./key1 and ./key2 and the\n"
" hidden volume with ./key_hidden. Passwords for both volumes are empty.\n"
"\n"
"truecrypt -c\n"
" Create a new volume. Options are requested interactively."
"\n"
"truecrypt -c /dev/hda2\n"
" Create a new volume hosted at the second primary partition of the first\n"
" ATA disk.\n"
"\n"
"truecrypt -k keyfile --size 10M --encryption AES --hash SHA-1 -c vol.tc\n"
" Create a new volume. Options which are not specified on command line are\n"
" requested from the user.\n"
"\n"
"truecrypt --keyfile-add keyfile -C volume.tc\n"
" Change password and add a new keyfile to volume.\n"
"\n"
"truecrypt -k keyfile -C volume.tc\n"
" Change password and remove a keyfile from volume.\n"
"\n"
"truecrypt -k keyfile --keyfile-add keyfile -C volume.tc\n"
" Change password and keep previous keyfile.\n"
"\n"
"Creating a hidden volume without risking data corruption:\n"
" 1) Create an outer volume:\n"
" truecrypt --type normal --size 100M -c volume.tc\n"
" 2) Create a hidden volume:\n"
" truecrypt --type hidden --size 50M -c volume.tc\n"
" 3) Mount the outer volume with the hidden volume protected:\n"
" truecrypt -P volume.tc /mnt/tc\n"
" 4) Copy files to the outer volume:\n"
" cp outer_volume_file.txt /mnt/tc\n"
" 5) Dismount the outer volume:\n"
" truecrypt -d volume.tc\n"
" 6) If a warning message has been displayed in 5), start again from 1). Either\n"
" a larger outer volume should be created in 1), or smaller files should be\n"
" copied to the outer volume in 4).\n"
"\n"
"Report bugs at <http://www.truecrypt.org/bugs/>.\n"
);
}
static BOOL DumpMountList (int devNo)
{
BOOL found = FALSE;
int i;
if (!CheckKernelModuleVersion (FALSE, TRUE)
|| !GetMountList (FALSE)
|| (devNo == -1 && MountList[0].DeviceNumber == -1))
{
error ("No volumes mapped\n");
return FALSE;
}
for (i = 0; MountList[i].DeviceNumber != -1; i++)
{
MountListEntry *e = &MountList[i];
if (devNo != -1 && e->DeviceNumber != devNo)
continue;
found = TRUE;
if (Verbose == 0)
{
printf (TC_MAP_DEV "%d %s\n",
e->DeviceNumber,
e->VolumePath);
}
else
{
char eaName[128];
EAGetName (eaName, e->EA);
printf (TC_MAP_DEV "%d:\n"
" Volume: %s\n"
" Type: %s\n"
" Size: %llu bytes\n"
" Encryption algorithm: %s\n"
" Mode of operation: %s\n"
" Read-only: %s\n"
" Hidden volume protected: %s\n\n",
e->DeviceNumber,
e->VolumePath,
e->Hidden ? "Hidden" : "Normal",
e->VolumeSize,
eaName,
EAGetModeName (e->EA, e->Mode, TRUE),
(e->Flags & TC_READ_ONLY) ? "Yes" : "No",
(e->Flags & TC_PROTECTION_ACTIVATED) ? "Yes - damage prevented" : (
(e->Flags & TC_HIDDEN_VOLUME_PROTECTION) ? "Yes" : "No" )
);
}
}
if (!found)
{
error (TC_MAP_DEV "%d not mapped\n", devNo);
return FALSE;
}
return TRUE;
}
static BOOL EnumMountPoints (char *device, char *mountPoint)
{
static FILE *m = NULL;
if (device == NULL)
{
fclose (m);
m = NULL;
return TRUE;
}
if (m == NULL)
{
m = fopen ("/proc/mounts", "r");
if (m == NULL)
{
perror ("fopen /proc/mounts");
return FALSE;
}
}
if (fscanf (m, "%" TC_MAX_PATH_STR "s %" TC_MAX_PATH_STR "s %*s %*s %*s %*s",
device, mountPoint) != 2)
{
fclose (m);
m = NULL;
return FALSE;
}
return TRUE;
}
static BOOL DismountFileSystem (char *device)
{
char mountedDevice[TC_MAX_PATH], mountPoint[TC_MAX_PATH];
BOOL result = TRUE;
while (EnumMountPoints (mountedDevice, mountPoint))
{
if (strcmp (mountedDevice, device) == 0)
{
if (!Execute (FALSE, "umount", mountPoint, NULL))
result = FALSE;
else if (Verbose >= 1)
printf ("Dismounted %s\n", mountPoint);
}
}
return result;
}
// devNo: -1 = Dismount all volumes
static BOOL DismountVolume (int devNo)
{
char mapDevice[TC_MAX_PATH];
int nMountedVolumes = 0;
int i;
BOOL found = FALSE;
BOOL status = TRUE;
if (!CheckKernelModuleVersion (FALSE, TRUE)
|| !GetMountList (FALSE)
|| (devNo == -1 && MountList[0].DeviceNumber == -1))
{
error ("No volumes mapped\n");
return FALSE;
}
// Flush write buffers before dismount if there are
// mounted volumes with hidden volume protection
for (i = 0; MountList[i].DeviceNumber != -1; i++)
{
if (MountList[i].Flags & TC_HIDDEN_VOLUME_PROTECTION)
{
sync ();
MountListValid = FALSE;
GetMountList (FALSE);
break;
}
}
for (i = 0; MountList[i].DeviceNumber != -1; i++)
{
MountListEntry *e = &MountList[i];
nMountedVolumes++;
if (devNo == -1 || e->DeviceNumber == devNo)
{
BOOL dismounted = FALSE;
found = TRUE;
if (e->Flags & TC_PROTECTION_ACTIVATED)
printf ("WARNING: Write to the hidden volume %s has been prevented!\n", e->VolumePath);
sprintf (mapDevice, TC_MAP_DEV "%d", e->DeviceNumber);
if (DismountFileSystem (mapDevice))
{
char name[32];
sprintf (name, "truecrypt%d", e->DeviceNumber);
dismounted = Execute (FALSE, "dmsetup", "remove", name, NULL);
if (dismounted && IsFile (e->VolumePath))
{
if (!DeleteLoopDevice (e->DeviceMinor))
status = FALSE;
RestoreFileTime (e->VolumePath,
(UpdateTime || e->ModTime == 0) ? time (NULL) : (time_t) e->ModTime,
(UpdateTime || e->AcTime == 0) ? time (NULL) : (time_t) e->AcTime);
}
}
if (!dismounted)
{
error ("Cannot dismount %s\n", mapDevice);
status = FALSE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -