📄 cli.c
字号:
return (time_t) (wTime / 1000LL / 1000 / 10 - 134774LL * 24 * 3600);
}
static BOOL DumpVolumeProperties (char *volumePath)
{
unsigned long long startSector, totalSectors;
time_t modTime = 0, acTime;
PCRYPTO_INFO ci = NULL;
BOOL ret = FALSE;
char eaName[256], timeBuf[256], timeBuf2[256];
int keySize;
time_t volCTime, headerMTime;
volumePath = AskVolumePath (volumePath, "Enter volume path");
if (!NoKeyFiles && !FirstKeyFile)
AskKeyFiles ("Enter keyfile path", &FirstKeyFile);
if (!OpenVolume (volumePath, "Enter password for '%s': ", volumePath, FALSE,
&ci, &startSector, &totalSectors, &modTime, &acTime))
goto err;
EAGetName (eaName, ci->ea);
keySize = EAGetKeySize (ci->ea);
if (strcmp (eaName, "Triple DES") == 0)
keySize -= 3; // Compensate for parity bytes
volCTime = WindowsFileTime2UnixTime (ci->volume_creation_time);
headerMTime = WindowsFileTime2UnixTime (ci->header_creation_time);
printf ("%sVolume properties:\n"
" Location: %s\n"
" Size: %llu bytes\n"
" Type: %s\n"
" Encryption algorithm: %s\n"
" Key size: %d bits\n"
" Block size: %d bits\n"
" Mode of operation: %s\n"
" PKCS-5 PRF: %s\n"
" PKCS-5 iteration count: %d\n"
,
CmdPasswordValid ? "" : "\n",
volumePath,
totalSectors * SECTOR_SIZE,
ci->hiddenVolumeSize == 0 ? "Normal" : "Hidden",
eaName,
keySize * 8,
CipherGetBlockSize (EAGetFirstCipher(ci->ea)) * 8,
EAGetModeName (ci->ea, ci->mode, TRUE),
get_pkcs5_prf_name (ci->pkcs5),
ci->noIterations
);
memset (timeBuf, 0, sizeof (timeBuf));
memset (timeBuf2, 0, sizeof (timeBuf2));
if (ctime_r (&volCTime, timeBuf) == NULL || ctime_r (&headerMTime, timeBuf2) == NULL)
goto err;
printf (" Volume created: %s"
" Header modified: %s",
timeBuf, timeBuf2);
ret = TRUE;
err:
if (ci != NULL)
crypto_close (ci);
if (!UpdateTime && modTime != 0)
RestoreFileTime (volumePath, modTime, acTime);
return ret;
}
static void DumpVersion (FILE *f)
{
fprintf (f,
"truecrypt %s\n\n\
Copyright (C) 2003-2007 TrueCrypt Foundation. All Rights Reserved.\n\
Copyright (C) 1998-2000 Paul Le Roux. All Rights Reserved.\n\
Copyright (C) 1999-2006 Dr. Brian Gladman. All Rights Reserved.\n\
Copyright (C) 1995-1997 Eric Young. All Rights Reserved.\n\
Copyright (C) 2001 Markus Friedl. All Rights Reserved.\n\n\
Released under the TrueCrypt Collective License 1.2\n\n"
, VERSION_STRING);
}
static void DumpUsage (FILE *f)
{
fprintf (f,
"Usage: truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]\n"
" or: truecrypt [OPTIONS] -i\n"
" or: truecrypt [OPTIONS] -c | --create | -C | --change [VOLUME_PATH]\n"
" or: truecrypt [OPTIONS] -d | --dismount | -l | --list [MAPPED_VOLUME]\n"
" or: truecrypt [OPTIONS] --backup-headers | --restore-header FILE [VOLUME]\n"
" or: truecrypt [OPTIONS] --properties [VOLUME_PATH]\n"
" or: truecrypt [OPTIONS] --keyfile-create FILE\n"
" or: truecrypt -h | --help | --test | -V | --version\n"
"\nCommands:\n"
" VOLUME_PATH Map volume\n"
" VOLUME_PATH MOUNT_DIRECTORY Map and mount volume\n"
" --backup-headers FILE [VOLUME] Backup headers of VOLUME to FILE\n"
" -c, --create [VOLUME_PATH] Create a new volume\n"
" -C, --change [VOLUME_PATH] Change password/keyfile(s)\n"
" -d, --dismount [MAPPED_VOLUME] Dismount and unmap volume\n"
" -h, --help Display detailed help\n"
" --keyfile-create FILE Create a new keyfile\n"
" -i, --interactive Map and mount volume interactively\n"
" -l, --list [MAPPED_VOLUME] List mapped volumes\n"
" --properties [VOLUME_PATH] Display properties of volume\n"
" --restore-header FILE [VOLUME] Restore header of VOLUME from FILE\n"
" --test Test algorithms\n"
" -V, --version Display program version and legal notices\n"
"\nOptions:\n"
" --cluster SIZE Cluster size\n"
" --display-keys Display encryption keys\n"
" --display-password Display password while typing\n"
" --disable-progress Disable progress display\n"
" --encryption EA Encryption algorithm\n"
" --filesystem TYPE Filesystem type\n"
" --hash HASH Hash algorithm\n"
" -k, --keyfile FILE|DIR Keyfile for volume\n"
" --keyfile-add FILE|DIR New keyfile for volume\n"
" -K, --keyfile-protected FILE|DIR Keyfile for protected volume\n"
" -M, --mount-options OPTIONS Mount options\n"
" -N, --device-number NUMBER Map volume as device number\n"
" --overwrite Overwrite files without confirmation\n"
" -p, --password PASSWORD Password for volume\n"
" --password-tries NUMBER Password entry tries\n"
" -P, --protect-hidden Protect hidden volume\n"
" --random-source FILE Random number generator input file\n"
" --quick Use quick format\n"
" --update-time Do not preserve timestamps\n"
" -r, --read-only Map/Mount volume as read-only\n"
" --size SIZE Volume size\n"
" --type TYPE Volume type\n"
" -u, --user-mount Set default user and group ID on mount\n"
" -v, --verbose Verbose output\n"
"\n MAPPED_VOLUME = DEVICE_NUMBER | DEVICE_NAME | MOUNT_POINT | VOLUME_PATH\n"
"For a detailed help, use --help or see truecrypt(1) man page.\n"
"For more information, visit <http://www.truecrypt.org/docs/>.\n"
);
}
static void DumpHelp ()
{
fprintf (stdout,
"Manages encrypted TrueCrypt volumes, which can be mapped as virtual block\n"
"devices and used as any other standard block device. All data being read\n"
"from a mapped TrueCrypt volume is transparently decrypted and all data being\n"
"written to it is transparently encrypted.\n"
"\n"
"Usage: truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]\n"
" or: truecrypt [OPTIONS] -i\n"
" or: truecrypt [OPTIONS] -c | --create | -C | --change [VOLUME_PATH]\n"
" or: truecrypt [OPTIONS] -d | --dismount | -l | --list [MAPPED_VOLUME]\n"
" or: truecrypt [OPTIONS] --backup-headers | --restore-header FILE [VOLUME]\n"
" or: truecrypt [OPTIONS] --properties [VOLUME_PATH]\n"
" or: truecrypt [OPTIONS] --keyfile-create FILE\n"
" or: truecrypt -h | --help | --test | -V | --version\n"
"\n"
"Options:\n"
"\n"
"VOLUME_PATH [MOUNT_DIRECTORY]\n"
" Open a TrueCrypt volume specified by VOLUME_PATH and map it as a block device\n"
" /dev/mapper/truecryptN. N is the first available device number if not\n"
" otherwise specified with -N. Filesystem of the mapped volume is mounted at\n"
" MOUNT_DIRECTORY if specified. To open a hidden volume, specify its password\n"
" and/or keyfiles (the outer volume cannot be mapped at the same time).\n"
" See also EXAMPLES and options --display-password, --filesystem, -k, -M, -p, -P,\n"
" --password-tries, -r, -u, --update-time. Note that passing some of the options\n"
" may affect security (see options -i and -p for more information).\n"
" This command requires administrator privileges (sudo(8) is used if available).\n"
"\n"
"--backup-headers BACKUP_FILE [VOLUME_PATH]\n"
" Backup headers of a volume specified by VOLUME_PATH to a file BACKUP_FILE.\n"
" Volume path is requested from user if not specified on command line. Both\n"
" normal/outer and hidden volume headers are stored in the backup file even\n"
" if there is no hidden volume within the volume (to preserve plausible\n"
" deniability). When restoring the volume header, it is possible to select\n"
" which header is to be restored. See also --restore-header.\n"
"\n"
"-c, --create [VOLUME_PATH]\n"
" Create a new volume. Most options are requested from user if not specified\n"
" on command line. Hidden volume can be created only in an existing file or\n"
" device. Size of the hidden volume should not exceed the free space of the\n"
" filesystem on the outer volume. Hidden volume protection (see option -P)\n"
" should be used to update the outer volume contents after the hidden volume\n"
" is created. WARNING: To prevent data corruption, you should follow the\n"
" instructions in the EXAMPLES section on how to create a hidden volume.\n"
" See also options --cluster, --disable-progress, --display-keys,\n"
" --encryption, -k, --filesystem, --hash, -p, --random-source, --quick, --size,\n"
" --type. Note that passing some of the options may affect security (see option\n"
" -p for more information).\n"
"\n"
"-C, --change [VOLUME_PATH]\n"
" Change a password and/or keyfile(s) of a volume. Volume path and passwords are\n"
" requested from user if not specified on command line. PKCS-5 PRF HMAC hash\n"
" algorithm can be changed with option --hash. See also options -k,\n"
" --keyfile-add, -p, --random-source, -v.\n"
"\n"
"-d, --dismount [MAPPED_VOLUME]\n"
" Dismount and unmap mapped volumes. If MAPPED_VOLUME is not specified, all\n"
" volumes are dismounted and unmapped. See below for a description of\n"
" MAPPED_VOLUME.\n"
" This command requires administrator privileges (sudo(8) is used if available).\n"
"\n"
"-h, --help\n"
" Display help information.\n"
"\n"
"-i, --interactive\n"
" Map and mount a volume interactively. Options which may affect security are\n"
" requested from the user. See option -p for more information.\n"
" This command requires administrator privileges (sudo(8) is used if available).\n"
"\n"
"-l, --list [MAPPED_VOLUME]\n"
" Display a list of mapped volumes. If MAPPED_VOLUME is not specified, all\n"
" volumes are listed. By default, the list contains only volume path and mapped\n"
" device name pairs. A more detailed list can be enabled by verbose output\n"
" option (-v). See below for a description of MAPPED_VOLUME.\n"
" This command requires administrator privileges (sudo(8) is used if available).\n"
"\n"
"--keyfile-create FILE\n"
" Create a new keyfile using the random number generator. FILE argument specifies\n"
" the output file.\n"
"\n"
"--properties [VOLUME_PATH]\n"
" Display properties of a volume specified by VOLUME_PATH.\n"
"\n"
"--restore-header BACKUP_FILE [VOLUME_PATH]\n"
" Restore header of a volume specified by VOLUME_PATH from a file BACKUP_FILE.\n"
" Volume path is requested from user if not specified on command line.\n"
" Type of the restored volume header (normal/hidden) is requested from user if\n"
" not specified with --type. See also --backup-headers.\n"
"\n"
"--test\n"
" Test all internal algorithms used in the process of encryption and decryption.\n"
"\n"
"-V, --version\n"
" Display program version and legal notices.\n"
"\n"
"MAPPED_VOLUME:\n"
" Specifies a mapped or mounted volume. One of the following forms can be used:\n\n"
" 1) Path to the encrypted TrueCrypt volume.\n\n"
" 2) Mount directory of the volume's filesystem (if mounted).\n\n"
" 3) Device number of the mapped volume.\n\n"
" 4) Device name of the mapped volume.\n\n"
"\n"
"--cluster SIZE\n"
" Use specified cluster size when creating a new volume. SIZE defines the number\n"
" of sectors per cluster.\n"
"\n"
"--disable-progress\n"
" Disable display of progress information during creation of a new volume.\n"
"\n"
"--display-keys\n"
" Display encryption keys generated during creation of a new volume.\n"
"\n"
"--display-password\n"
" Display password characters while typing.\n"
"\n"
"--encryption ENCRYPTION_ALGORITHM\n"
" Use specified encryption algorithm when creating a new volume.\n"
"\n"
"--filesystem TYPE\n"
" Filesystem type to mount. The TYPE argument is passed to mount(8) command\n"
" with option -t. Default type is 'auto'. When creating a new volume, this\n"
" option specifies the filesystem to be created on the new volume.\n"
"\n"
"--hash HASH\n"
" Use specified hash algorithm when creating a new volume or changing password\n"
" and/or keyfiles.\n"
"\n"
"-k, --keyfile FILE | DIRECTORY\n"
" Use specified keyfile to open a volume to be mapped (or when changing password\n"
" and/or keyfiles). When a directory is specified, all files inside it will be\n"
" used (non-recursively). Additional keyfiles can be specified with multiple -k\n"
" options. Empty keyfile (-k '') disables interactive requests for keyfiles\n"
" (e.g., when creating a new volume). See also option -K.\n"
"\n"
"-K, --keyfile-protected FILE | DIRECTORY\n"
" Use specified keyfile to open a hidden volume to be protected. This option\n"
" may be used only when mounting an outer volume with hidden volume protected.\n"
" See also options -k and -P.\n"
"\n"
"--keyfile-add FILE | DIRECTORY\n"
" Add specified keyfile to a volume when changing its password and/or keyfiles.\n"
" This option must be also used to keep all previous keyfiles asigned to a\n"
" volume. See EXAMPLES for more information.\n"
"\n"
"-M, --mount-options OPTIONS\n"
" Filesystem mount options. The OPTIONS argument is passed to mount(8)\n"
" command with option -o. See also options -r and -u.\n"
"\n"
"-N, --device-number N\n"
" Use device number N when mapping a volume as a block device\n"
" /dev/mapper/truecryptN. Default is the first available device.\n"
"\n"
"--overwrite\n"
" Overwrite files without prompting the user for confirmation.\n"
"\n"
"-p, --password PASSWORD\n"
" Use specified password to open a volume. Additional passwords can be\n"
" specified with multiple -p options. An empty password can also be specified\n"
" ('' in most shells). Note that passing a password on the command line is\n"
" potentially insecure as the password may be visible in the process list\n"
" (see ps(1)) and/or stored in a command history file. \n"
" \n"
"--password-tries NUMBER\n"
" Prompt NUMBER of times for a password until the correct password is entered.\n"
" Default is to prompt three times.\n"
"\n"
"-P, --protect-hidden\n"
" Write-protect a hidden volume when mapping an outer volume. Before mapping the\n"
" outer volume, the user will be prompted for a password to open the hidden\n"
" volume. The size and position of the hidden volume is then determined and the\n"
" outer volume is mapped with all sectors belonging to the hidden volume\n"
" protected against write operations. When a write to the protected area is\n"
" prevented, the whole volume is switched to read-only mode. Verbose list command\n"
" (-vl) can be used to query the state of the hidden volume protection. Warning\n"
" message is displayed when a volume switched to read-only is being dismounted.\n"
" See also options -r and -i.\n"
"\n"
"--quick\n"
" Use quick format when creating a new volume. This option can be used only\n"
" when creating a device-hosted volume. Quick format is always used when\n"
" creating a hidden volume.\n"
"\n"
"--random-source FILE\n"
" Use FILE as a source of random numbers. Standard input is used if '-' is\n"
" specified.\n"
"\n"
"-r, --read-only\n"
" Map and mount a volume as read-only. Write operations to the volume may not\n"
" fail immediately due to the write buffering performed by the system, but the\n"
" physical write will still be prevented.\n"
"\n"
"--size SIZE\n"
" Use specified size when creating a new volume. SIZE is defined as number of\n"
" bytes or, when a size suffix K/M/G is used, Kilobytes/Megabytes/Gigabytes.\n"
" Note that size must be a multiple of 512 bytes.\n"
"\n"
"--type TYPE\n"
" Use specified volume type when creating a new volume or restoring a volume\n"
" header. TYPE can be 'normal' or 'hidden'.\n"
"\n"
"-u, --user-mount\n"
" Make a volume being mounted accessible in a non-administrator account. Some\n"
" filesystems (e.g., FAT) do not support Unix-style access control and it is\n"
" necessary to use this option when mounting them. Ownership of the mounted\n"
" filesystem is determined by environment variables set by sudo(8) command.\n"
" Note that Unix-style filesystems (e.g., ext2) do not support this option.\n"
"\n"
"--update-time\n"
" Do not preserve access and modification timestamps of file containers.\n"
" By default, timestamps are restored after a volume is unmapped.\n"
"\n"
"-v, --verbose\n"
" Enable verbose output. Multiple -v options can be specified to increase the\n"
" level of verbosity.\n"
"\n"
"Examples:\n"
"\n"
"truecrypt /root/volume.tc /mnt/tc\n"
" Map a volume /root/volume.tc and mount its filesystem at directory /mnt/tc.\n"
"\n"
"truecrypt -u /dev/hda2 /mnt/tc\n"
" Map a volume /dev/hda2 (first ATA disk, primary partition 2) and mount its\n"
" filesystem at /mnt/tc. Default user-id is set, which is useful when mounting\n"
" a filesystem, such as FAT, for use in a non-administrative account.\n"
"\n"
"truecrypt -i\n"
" Map and mount a volume. Options are requested interactively.\n"
"\n"
"truecrypt -d\n"
" Dismount and unmap all mapped volumes.\n"
"\n"
"truecrypt -d /root/volume.tc\n"
" Dismount and unmap a volume /root/volume.tc.\n"
"\n"
"truecrypt -d /mnt/tc\n"
" Dismount and unmap a volume mounted at /mnt/tc.\n"
"\n"
"truecrypt -vl\n"
" Display a detailed list of all mapped volumes.\n"
" \n"
"truecrypt -N 1 /dev/hdc1 && mkfs /dev/mapper/truecrypt1\n"
" Map a volume /dev/hdc1 and create a new filesystem on it.\n"
"\n"
"truecrypt -P /dev/hdc1 /mnt/tc\n"
" Map and mount outer volume /dev/hdc1 and protect hidden volume within it.\n"
"\n"
"truecrypt -p '' -p '' -k key1 -k key2 -K key_hidden -P volume.tc\n"
" Map outer volume ./volume.tc and protect hidden volume within it.\n"
" The outer volume is opened with keyfiles ./key1 and ./key2 and the\n"
" hidden volume with ./key_hidden. Passwords for both volumes are empty.\n"
"\n"
"truecrypt -c\n"
" Create a new volume. Options are requested interactively."
"\n"
"truecrypt -c /dev/hda2\n"
" Create a new volume hosted at the second primary partition of the first\n"
" ATA disk.\n"
"\n"
"truecrypt -k keyfile --size 10M --encryption AES --hash SHA-1 -c vol.tc\n"
" Create a new volume. Options which are not specified on command line are\n"
" requested from the user.\n"
"\n"
"truecrypt --keyfile-add keyfile -C volume.tc\n"
" Change password and add a new keyfile to volume.\n"
"\n"
"truecrypt -k keyfile -C volume.tc\n"
" Change password and remove a keyfile from volume.\n"
"\n"
"truecrypt -k keyfile --keyfile-add keyfile -C volume.tc\n"
" Change password and keep previous keyfile.\n"
"\n"
"Creating a hidden volume without risking data corruption:\n"
" 1) Create an outer volume:\n"
" truecrypt --type normal --size 100M -c volume.tc\n"
" 2) Create a hidden volume:\n"
" truecrypt --type hidden --size 50M -c volume.tc\n"
" 3) Mount the outer volume with the hidden volume protected:\n"
" truecrypt -P volume.tc /mnt/tc\n"
" 4) Copy files to the outer volume:\n"
" cp outer_volume_file.txt /mnt/tc\n"
" 5) Dismount the outer volume:\n"
" truecrypt -d volume.tc\n"
" 6) If a warning message has been displayed in 5), start again from 1). Either\n"
" a larger outer volume should be created in 1), or less data should be copied\n"
" to the outer volume in 4).\n"
"\n"
"Report bugs at <http://www.truecrypt.org/bugs/>.\n"
);
}
static BOOL DumpMountList (int devNo)
{
BOOL found = FALSE;
int i;
if (!CheckKernelModuleVersion (FALSE, TRUE)
|| !GetMountList (FALSE)
|| (devNo == -1 && MountList[0].DeviceNumber == -1))
{
error ("No volumes mapped\n");
return FALSE;
}
for (i = 0; MountList[i].DeviceNumber != -1; i++)
{
MountListEntry *e = &MountList[i];
if (devNo != -1 && e->DeviceNumber != devNo)
continue;
found = TRUE;
if (Verbose == 0)
{
printf (TC_MAP_DEV "%d %s\n",
e->DeviceNumber,
e->VolumePath);
}
else
{
char eaName[128];
EAGetName (eaName, e->EA);
printf (TC_MAP_DEV "%d:\n"
" Volume: %s\n"
" Type: %s\n"
" Size: %llu bytes\n"
" Encryption algorithm: %s\n"
" Mode of operation: %s\n"
" Read-only: %s\n"
" Hidden volume protected: %s\n\n",
e->DeviceNumber,
e->VolumePath,
e->Hidden ? "Hidden" : "Normal",
e->VolumeSize,
eaName,
EAGetModeName (e->EA, e->Mode, TRUE),
(e->Flags & TC_READ_ONLY) ? "Yes" : "No",
(e->Flags & TC_PROTECTION_ACTIVATED) ? "Yes - damage prevented" : (
(e->Flags & TC_HIDDEN_VOLUME_PROTECTION) ? "Yes" : "No" )
);
}
}
if (!found)
{
if (devNo == -1)
error ("No volumes mapped\n");
else
error (TC_MAP_DEV "%d not mapped\n", devNo);
return FALSE;
}
return TRUE;
}
static BOOL EnumMountPoints (char *device, char *mountPoint)
{
static FILE *m = NULL;
char mp[TC_MAX_PATH], *p;
if (device == NULL)
{
fclose (m);
m = NULL;
return TRUE;
}
if (m == NULL)
{
m = fopen ("/proc/mounts", "r");
if (m == NULL)
{
perror ("fopen /proc/mounts");
return FALSE;
}
}
if (fscanf (m, "%" TC_MAX_PATH_STR "s %" TC_MAX_PATH_STR "s %*s %*s %*s %*s",
device, mp) != 2)
{
fclose (m);
m = NULL;
return FALSE;
}
// Convert escaped characters
p = mp;
while (*p)
{
if (p[0] == '\\' && p[1] && p[2] && p[3])
{
char c;
if (sscanf (p + 1, "%o", &c) == 1)
{
*mountPoint++ = c;
p ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -