1TCPLAY(8) BSD System Manager's Manual TCPLAY(8)
2
4 tcplay — tool to manage TrueCrypt volumes
5
7 tcplay -c -d device [-g] [-z] [-a pbkdf_hash] [-b cipher]
8 [-f keyfile_hidden] [-k keyfile] [-x pbkdf_hash] [-y cipher]
9 tcplay -i -d device [-e] [-f keyfile_hidden] [-k keyfile]
10 [-s system_device]
11 tcplay -m mapping -d device [-e] [-f keyfile_hidden] [-k keyfile]
12 [-s system_device]
13 tcplay -h | -v
14
16 The tcplay utility provides full support for creating and opening/mapping
17 TrueCrypt-compatible volumes. It supports the following commands, each
18 with a set of options detailed further below:
19 -c, --create
21 Create a new encrypted TrueCrypt volume on the device specified
22 by --device.
23 -h, --help
25 Print help message and exit.
26 -i, --info
28 Print out information about the encrypted device specified by
29 --device.
30 -m mapping, --map=mapping
32 Map the encrypted TrueCrypt volume on the device specified by
33 --device as a dm(4) mapping called mapping.
34 -v, --version
36 Print version message and exit.
37 Options common to all commands are:
39 -d device, --device=device
41 Specifies the disk device on which the TrueCrypt volume
42 resides/will reside. This option is mandatory for all commands.
43 -f keyfile_hidden, --keyfile-hidden=keyfile_hidden
45 Specifies a keyfile to use in addition to the passphrase when
46 either creating a hidden volume or when protecting a hidden vol‐
47 ume while mapping or querying the outer volume. If you only
48 intend to map a hidden volume, the --keyfile option has to be
49 used. This option can appear multiple times; if so, multiple
50 keyfiles will be used.
51 -k keyfile, --keyfile=keyfile
53 Specifies a keyfile to use in addition to the passphrase. This
54 option can appear multiple times; if so, multiple keyfiles will
55 be used.
56 Additional options for the --create command are:
58 -a pbkdf_hash, --pbkdf-prf=pbkdf_hash
60 Specifies which hash algorithm to use for the PBKDF2 password
61 derivation. To see which algorithms are supported, specify
62 --pbkdf-prf=help.
63 -b cipher, --cipher=cipher
65 Specifies which cipher algorithm or cascade of ciphers to use to
66 encrypt the new volume. To see which algorithms are supported,
67 specify --cipher=help.
68 -g, --hidden
70 Specifies that the newly created volume will contain a hidden
71 volume. The keyfiles applied to the passphrase for the hidden
72 volume are those specified by --keyfile-hidden. The user will be
73 prompted for the size of the hidden volume interactively.
74 -x pbkdf_hash, --pbkdf-prf-hidden=pbkdf_hash
76 Specifies which hash algorithm to use for the PBKDF2 password
77 derivation for the hidden volume. Only valid in conjunction with
78 --hidden. If no algorithm is specified, the same as for the
79 outer volume will be used. To see which algorithms are sup‐
80 ported, specify --pbkdf-prf-hidden=help.
81 -y cipher, --cipher-hidden=cipher
83 Specifies which cipher algorithm or cascade of ciphers to use to
84 encrypt the hidden volume on the new TrueCrypt volume. Only
85 valid in conjunction with --hidden. If no cipher is specified,
86 the same as for the outer volume will be used. To see which
87 algorithms are supported, specify --cipher-hidden=help.
88 -z, --insecure-erase
90 Skips the secure erase of the disk. Use this option carefully as
91 it is a security risk!
92 Additional options for the --info and --map commands are:
94 -e, --protect-hidden
96 Specifies that an outer volume will be queried or mapped, but its
97 reported size will be adjusted accordingly to the size of the
98 hidden volume contained in it. Both the hidden volume and outer
99 volume passphrase and keyfiles will be required.
100 -s system_device, --system-encryption=system_device
102 This option is required if you are attempting to access a device
103 that uses system encryption, for example an encrypted Windows
104 system partition. The --device option will point at the actual
105 encrypted partition, while the system_device argument will point
106 to the parent device (i.e. underlying physical disk) of the
107 encrypted partition.
108
110 Create a new TrueCrypt volume on /dev/vn0 using the cipher cascade of AES
111 and Twofish and the Whirlpool hash algorithm for PBKDF2 password deriva‐
112 tion and two keyfiles, one.key and two.key:
113 tcplay --create --device=/dev/vn0
115 --cipher=AES-256-XTS,TWOFISH-256-XTS --pbkdf-prf=whirlpool
116 --keyfile=one.key --keyfile=two.key
117 Map the outer volume on the TrueCrypt volume on /dev/vn0 as truecrypt1,
119 but protect the hidden volume, using the keyfile hidden.key, from being
120 overwritten:
121 tcplay --map=truecrypt1 --device=/dev/vn0 --protect-hidden
123 --keyfile-hidden=hidden.key
124 Map the hidden volume on the TrueCrypt volume on /dev/vn0 as truecrypt2,
126 using the keyfile hidden.key:
127 tcplay --map=truecrypt2 --device=/dev/vn0 --keyfile=hidden.key
129 Map and mount the volume in the file secvol on Linux:
131 losetup /dev/loop1 secvol
133 tcplay --map=secv --device=/dev/loop1
135 mount /dev/mapper/secv /mnt
137 Similarly on DragonFly:
139 vnconfig vn1 secvol
141 tcplay --map=secv --device=/dev/vn1
143 mount /dev/mapper/secv /mnt
145
147 crypttab(5), cryptsetup(8)
148
150 The tcplay utility appeared in DragonFly 2.11.
151
153 Alex Hornung
154BSD July 5, 2011 BSD