truecrypt.1

源码开放的加密软件。最新版本！！可以在一个文件内部创建多样化的加密磁盘并且将其配置为一个可以通过一个驱动器盘符访问的虚拟磁盘.任何存储在该虚拟磁盘上的文件可以被自动地实时加密,并且只有当使用正确的密码

.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
.TH TRUECRYPT "1" "May 2007" "truecrypt 4.3a" "User Commands"
.SH NAME
truecrypt - manage TrueCrypt volumes
.SH SYNOPSIS
.B truecrypt
[\fIOPTIONS\fR] \fIVOLUME_PATH \fR[\fIMOUNT_DIRECTORY\fR]
.br
.B truecrypt
[\fIOPTIONS\fR] \fI-i\fR
.br
.B truecrypt
[\fIOPTIONS\fR] \fI-c | --create | -C | --change \fR[\fIVOLUME_PATH\fR]
.br
.B truecrypt
[\fIOPTIONS\fR] \fI-d | --dismount | -l | --list \fR[\fIMAPPED_VOLUME\fR]
.br
.B truecrypt
[\fIOPTIONS\fR] \fI--backup-headers | --restore-header FILE \fR[\fIVOLUME\fR]
.br
.B truecrypt
[\fIOPTIONS\fR] \fI--properties \fR[\fIVOLUME_PATH\fR]
.br
.B truecrypt
[\fIOPTIONS\fR] \fI--keyfile-create FILE\fR
.br
.B truecrypt
\fI-h | --help | --test | -V | --version\fR
.SH DESCRIPTION
Manages encrypted TrueCrypt volumes, which can be mapped as virtual block
devices and used as any other standard block device. All data being read
from a mapped TrueCrypt volume is transparently decrypted and all data being
written to it is transparently encrypted.
.SH OPTIONS

VOLUME_PATH [MOUNT_DIRECTORY]
.IP
Open a TrueCrypt volume specified by VOLUME_PATH and map it as a block device
/dev/mapper/truecryptN. N is the first available device number if not
otherwise specified with \fB\-N\fR. Filesystem of the mapped volume is mounted at
MOUNT_DIRECTORY if specified. To open a hidden volume, specify its password
and/or keyfiles (the outer volume cannot be mapped at the same time).
See also EXAMPLES and options \fB\-\-display\-password\fR, \fB\-\-filesystem\fR, \fB\-k\fR, \fB\-M\fR, \fB\-p\fR, \fB\-P\fR,
\fB\-\-password\-tries\fR, \fB\-r\fR, \fB\-u\fR, \fB\-\-update\-time\fR. Note that passing some of the options
may affect security (see options \fB\-i\fR and \fB\-p\fR for more information).
This command requires administrator privileges (sudo(8) is used if available).
.PP
\fB\-\-backup\-headers\fR BACKUP_FILE [VOLUME_PATH]
.IP
Backup headers of a volume specified by VOLUME_PATH to a file BACKUP_FILE.
Volume path is requested from user if not specified on command line. Both
normal/outer and hidden volume headers are stored in the backup file even
if there is no hidden volume within the volume (to preserve plausible
deniability). When restoring the volume header, it is possible to select
which header is to be restored. See also \fB\-\-restore\-header\fR.
.PP
\fB\-c\fR, \fB\-\-create\fR [VOLUME_PATH]
.IP
Create a new volume. Most options are requested from user if not specified
on command line. Hidden volume can be created only in an existing file or
device. Size of the hidden volume should not exceed the free space of the
filesystem on the outer volume. Hidden volume protection (see option \fB\-P\fR)
should be used to update the outer volume contents after the hidden volume
is created. WARNING: To prevent data corruption, you should follow the
instructions in the EXAMPLES section on how to create a hidden volume.
See also options \fB\-\-cluster\fR, \fB\-\-disable\-progress\fR, \fB\-\-display\-keys\fR,
\fB\-\-encryption\fR, \fB\-k\fR, \fB\-\-filesystem\fR, \fB\-\-hash\fR, \fB\-p\fR, \fB\-\-random\-source\fR, \fB\-\-quick\fR, \fB\-\-size\fR,
\fB\-\-type\fR. Note that passing some of the options may affect security (see option
\fB\-p\fR for more information).
.PP
\fB\-C\fR, \fB\-\-change\fR [VOLUME_PATH]
.IP
Change a password and/or keyfile(s) of a volume. Volume path and passwords are
requested from user if not specified on command line. PKCS\-5 PRF HMAC hash
algorithm can be changed with option \fB\-\-hash\fR. See also options \fB\-k\fR,
\fB\-\-keyfile\-add\fR, \fB\-p\fR, \fB\-\-random\-source\fR, \fB\-v\fR.
.PP
\fB\-d\fR, \fB\-\-dismount\fR [MAPPED_VOLUME]
.IP
Dismount and unmap mapped volumes. If MAPPED_VOLUME is not specified, all
volumes are dismounted and unmapped. See below for a description of
MAPPED_VOLUME.
This command requires administrator privileges (sudo(8) is used if available).
.PP
\fB\-h\fR, \fB\-\-help\fR
.IP
Display help information.
.PP
\fB\-i\fR, \fB\-\-interactive\fR
.IP
Map and mount a volume interactively. Options which may affect security are
requested from the user. See option \fB\-p\fR for more information.
This command requires administrator privileges (sudo(8) is used if available).
.PP
\fB\-l\fR, \fB\-\-list\fR [MAPPED_VOLUME]
.IP
Display a list of mapped volumes. If MAPPED_VOLUME is not specified, all
volumes are listed. By default, the list contains only volume path and mapped
device name pairs. A more detailed list can be enabled by verbose output
option (\fB\-v\fR). See below for a description of MAPPED_VOLUME.
This command requires administrator privileges (sudo(8) is used if available).
.PP
\fB\-\-keyfile\-create\fR FILE
.IP
Create a new keyfile using the random number generator. FILE argument specifies
the output file.
.PP
\fB\-\-properties\fR [VOLUME_PATH]
.IP
Display properties of a volume specified by VOLUME_PATH.
.PP
\fB\-\-restore\-header\fR BACKUP_FILE [VOLUME_PATH]
.IP
Restore header of a volume specified by VOLUME_PATH from a file BACKUP_FILE.
Volume path is requested from user if not specified on command line.
Type of the restored volume header (normal/hidden) is requested from user if
not specified with \fB\-\-type\fR. See also \fB\-\-backup\-headers\fR.
.PP
\fB\-\-test\fR
.IP
Test all internal algorithms used in the process of encryption and decryption.
.PP
\fB\-V\fR, \fB\-\-version\fR
.IP
Display program version and legal notices.
.SS "MAPPED_VOLUME:"
.IP
Specifies a mapped or mounted volume. One of the following forms can be used:
.IP
1) Path to the encrypted TrueCrypt volume.
.IP
2) Mount directory of the volume's filesystem (if mounted).
.IP
3) Device number of the mapped volume.
.IP
4) Device name of the mapped volume.
.PP
\fB\-\-cluster\fR SIZE
.IP
Use specified cluster size when creating a new volume. SIZE defines the number
of sectors per cluster.
.PP
\fB\-\-disable\-progress\fR
.IP
Disable display of progress information during creation of a new volume.
.PP
\fB\-\-display\-keys\fR
.IP
Display encryption keys generated during creation of a new volume.
.PP
\fB\-\-display\-password\fR
.IP
Display password characters while typing.
.PP
\fB\-\-encryption\fR ENCRYPTION_ALGORITHM
.IP
Use specified encryption algorithm when creating a new volume.
.PP
\fB\-\-filesystem\fR TYPE
.IP
Filesystem type to mount. The TYPE argument is passed to mount(8) command
with option \fB\-t\fR. Default type is 'auto'. When creating a new volume, this
option specifies the filesystem to be created on the new volume.
.PP
\fB\-\-hash\fR HASH
.IP
Use specified hash algorithm when creating a new volume or changing password
and/or keyfiles.
.PP
\fB\-k\fR, \fB\-\-keyfile\fR FILE | DIRECTORY
.IP
Use specified keyfile to open a volume to be mapped (or when changing password
and/or keyfiles). When a directory is specified, all files inside it will be
used (non\-recursively). Additional keyfiles can be specified with multiple \fB\-k\fR
options. Empty keyfile (\fB\-k\fR '') disables interactive requests for keyfiles
(e.g., when creating a new volume). See also option \fB\-K\fR.
.PP
\fB\-K\fR, \fB\-\-keyfile\-protected\fR FILE | DIRECTORY
.IP
Use specified keyfile to open a hidden volume to be protected. This option
may be used only when mounting an outer volume with hidden volume protected.
See also options \fB\-k\fR and \fB\-P\fR.
.PP
\fB\-\-keyfile\-add\fR FILE | DIRECTORY
.IP
Add specified keyfile to a volume when changing its password and/or keyfiles.
This option must be also used to keep all previous keyfiles asigned to a
volume. See EXAMPLES for more information.
.PP
\fB\-M\fR, \fB\-\-mount\-options\fR OPTIONS
.IP
Filesystem mount options. The OPTIONS argument is passed to mount(8)
command with option \fB\-o\fR. See also options \fB\-r\fR and \fB\-u\fR.
.PP
\fB\-N\fR, \fB\-\-device\-number\fR N
.IP
Use device number N when mapping a volume as a block device
/dev/mapper/truecryptN. Default is the first available device.
.PP
\fB\-\-overwrite\fR
.IP
Overwrite files without prompting the user for confirmation.
.PP
\fB\-p\fR, \fB\-\-password\fR PASSWORD
.IP
Use specified password to open a volume. Additional passwords can be
specified with multiple \fB\-p\fR options. An empty password can also be specified
('' in most shells). Note that passing a password on the command line is
potentially insecure as the password may be visible in the process list
(see ps(1)) and/or stored in a command history file.
.PP
\fB\-\-password\-tries\fR NUMBER
.IP
Prompt NUMBER of times for a password until the correct password is entered.
Default is to prompt three times.
.PP
\fB\-P\fR, \fB\-\-protect\-hidden\fR
.IP
Write\-protect a hidden volume when mapping an outer volume. Before mapping the
outer volume, the user will be prompted for a password to open the hidden
volume. The size and position of the hidden volume is then determined and the
outer volume is mapped with all sectors belonging to the hidden volume
protected against write operations. When a write to the protected area is
prevented, the whole volume is switched to read\-only mode. Verbose list command
(\fB\-vl\fR) can be used to query the state of the hidden volume protection. Warning
message is displayed when a volume switched to read\-only is being dismounted.
See also options \fB\-r\fR and \fB\-i\fR.
.PP
\fB\-\-quick\fR
.IP
Use quick format when creating a new volume. This option can be used only
when creating a device\-hosted volume. Quick format is always used when
creating a hidden volume.
.PP
\fB\-\-random\-source\fR FILE
.IP
Use FILE as a source of random numbers. Standard input is used if '\-' is
specified.
.PP
\fB\-r\fR, \fB\-\-read\-only\fR
.IP
Map and mount a volume as read\-only. Write operations to the volume may not
fail immediately due to the write buffering performed by the system, but the
physical write will still be prevented.
.PP
\fB\-\-size\fR SIZE
.IP
Use specified size when creating a new volume. SIZE is defined as number of
bytes or, when a size suffix K/M/G is used, Kilobytes/Megabytes/Gigabytes.
Note that size must be a multiple of 512 bytes.
.PP
\fB\-\-type\fR TYPE
.IP
Use specified volume type when creating a new volume or restoring a volume
header. TYPE can be 'normal' or 'hidden'.
.PP
\fB\-u\fR, \fB\-\-user\-mount\fR
.IP
Make a volume being mounted accessible in a non\-administrator account. Some
filesystems (e.g., FAT) do not support Unix\-style access control and it is
necessary to use this option when mounting them. Ownership of the mounted
filesystem is determined by environment variables set by sudo(8) command.
Note that Unix\-style filesystems (e.g., ext2) do not support this option.
.PP
\fB\-\-update\-time\fR
.IP
Do not preserve access and modification timestamps of file containers.
By default, timestamps are restored after a volume is unmapped.
.PP
\fB\-v\fR, \fB\-\-verbose\fR
.IP
Enable verbose output. Multiple \fB\-v\fR options can be specified to increase the
level of verbosity.
.SH EXAMPLES

truecrypt /root/volume.tc /mnt/tc
.IP
Map a volume /root/volume.tc and mount its filesystem at directory /mnt/tc.
.PP
truecrypt \fB\-u\fR /dev/hda2 /mnt/tc
.IP
Map a volume /dev/hda2 (first ATA disk, primary partition 2) and mount its
filesystem at /mnt/tc. Default user\-id is set, which is useful when mounting
a filesystem, such as FAT, for use in a non\-administrative account.
.PP
truecrypt \fB\-i\fR
.IP
Map and mount a volume. Options are requested interactively.
.PP
truecrypt \fB\-d\fR
.IP
Dismount and unmap all mapped volumes.
.PP
truecrypt \fB\-d\fR /root/volume.tc
.IP
Dismount and unmap a volume /root/volume.tc.
.PP
truecrypt \fB\-d\fR /mnt/tc
.IP
Dismount and unmap a volume mounted at /mnt/tc.
.PP
truecrypt \fB\-vl\fR
.IP
Display a detailed list of all mapped volumes.
.PP
truecrypt \fB\-N\fR 1 /dev/hdc1 && mkfs /dev/mapper/truecrypt1
.IP
Map a volume /dev/hdc1 and create a new filesystem on it.
.PP
truecrypt \fB\-P\fR /dev/hdc1 /mnt/tc
.IP
Map and mount outer volume /dev/hdc1 and protect hidden volume within it.
.PP
truecrypt \fB\-p\fR '' \fB\-p\fR '' \fB\-k\fR key1 \fB\-k\fR key2 \fB\-K\fR key_hidden \fB\-P\fR volume.tc
.IP
Map outer volume ./volume.tc and protect hidden volume within it.
The outer volume is opened with keyfiles ./key1 and ./key2 and the
hidden volume with ./key_hidden. Passwords for both volumes are empty.
.PP
truecrypt \fB\-c\fR
.IP
Create a new volume. Options are requested interactively.
.PP
truecrypt \fB\-c\fR /dev/hda2
.IP
Create a new volume hosted at the second primary partition of the first
ATA disk.
.PP
truecrypt \fB\-k\fR keyfile \fB\-\-size\fR 10M \fB\-\-encryption\fR AES \fB\-\-hash\fR SHA\-1 \fB\-c\fR vol.tc
.IP
Create a new volume. Options which are not specified on command line are
requested from the user.
.PP
truecrypt \fB\-\-keyfile\-add\fR keyfile \fB\-C\fR volume.tc
.IP
Change password and add a new keyfile to volume.
.PP
truecrypt \fB\-k\fR keyfile \fB\-C\fR volume.tc
.IP
Change password and remove a keyfile from volume.
.PP
truecrypt \fB\-k\fR keyfile \fB\-\-keyfile\-add\fR keyfile \fB\-C\fR volume.tc
.IP
Change password and keep previous keyfile.
.SS "Creating a hidden volume without risking data corruption:"
.IP
1) Create an outer volume:
.IP
truecrypt \fB\-\-type\fR normal \fB\-\-size\fR 100M \fB\-c\fR volume.tc
.IP
2) Create a hidden volume:
.IP
truecrypt \fB\-\-type\fR hidden \fB\-\-size\fR 50M \fB\-c\fR volume.tc
.IP
3) Mount the outer volume with the hidden volume protected:
.IP
truecrypt \fB\-P\fR volume.tc /mnt/tc
.IP
4) Copy files to the outer volume:
.IP
cp outer_volume_file.txt /mnt/tc
.IP
5) Dismount the outer volume:
.IP
truecrypt \fB\-d\fR volume.tc
.IP
6) If a warning message has been displayed in 5), start again from 1). Either
a larger outer volume should be created in 1), or less data should be copied
to the outer volume in 4).
.SH DIAGNOSTICS
Exit status
.B 0
is returned if all requested actions completed successfully, otherwise
.B 1
is returned. Kernel module reports errors via system log with facility
.BR "kern" ". See"
.BR "syslogd" "(8) for more information."
.SH "REPORTING BUGS"
Report bugs at <http://www.truecrypt.org/bugs/>.
.SH COPYRIGHT
Copyright \(co 2003-2007 TrueCrypt Foundation. All Rights Reserved.
.br
Copyright \(co 1998-2000 Paul Le Roux. All Rights Reserved.
.br
Copyright \(co 1999-2006 Dr. Brian Gladman. All Rights Reserved.
.br
Copyright \(co 1995-1997 Eric Young. All Rights Reserved.
.br
Copyright \(co 2001 Markus Friedl. All Rights Reserved.
.PP
Released under the TrueCrypt Collective License 1.2
.SH "SEE ALSO"
.B http://www.truecrypt.org/docs/
.br
.B /usr/share/truecrypt/doc/TrueCrypt-User-Guide.pdf
.br
.BR "mount" "(8), " "umount" "(8), " "losetup" "(8), "
.BR "fuser" "(1), " "mkfs" "(8), " "fsck" "(8), " "dmsetup" "(8)"