Data security in today's world has moved beyond the province of nerds and geeks. For example, users who travel frequently with a notebook and USB sticks want to prevent third parties from accessing their information if their devices get lost or stolen. In addition, government officials are becoming more interested in our data, particularly in airport settings.
Encryption software helps to protect secret and private data. Investigative journalists, whistleblowers, and activists living and operating in countries with repressive regimes depend for their livelihood, and sometimes even their lives, on good encryption.
This means that you must be able to rely completely on the integrity of the software being used. Encryption is the natural enemy of intelligence agencies all over the world. These agencies would prefer to have a back door for every piece of encryption software that is on the market.
TrueCrypt [1] was able to keep its status for 10 years as the go-to software for encrypting files, partitions, and containers under Linux, Mac OS X, and Windows. The project came to an end under somewhat mysterious circumstances in 2014. The software source code is still available today, and it is regarded as open source and free. Formal recognition as free software under the definition of the Open Source Initiative has been withheld due to legal issues. As a result, TrueCrypt is not included in the archive of large Linux distributions.
Since TrueCrypt is no longer being developed and maintained, it makes sense to look at successors. The VeraCrypt [2] fork, which branched off in 2013 (before TrueCrypt's demise), is considered to be the most similar. This program corrects some errors that were discovered in audits performed on TrueCrypt. As with its predecessor, VeraCrypt integrates a container within a container as desired. This cannot be detected without some effort even on an unencrypted system.
ZuluCrypt [3] is another TrueCrypt successor, and it is the focus of this article. As with the TrueCrypt approach, zuluCrypt is a back end that also supports VeraCrypt, dm-crypt [4], and Linux Unified Key Setup (LUKS) [5]. The software is only offered for Linux, and it comes with a GNU GPLv2 license. You can execute all functions on the command line and also on the graphical user interface (GUI). You can also build the program yourself. If you only need the command-line interface (CLI), then you can simply leave the GUI out.
The software has become more widely distributed since it became a part of the Canonical archive in Ubuntu 15.10. Since the release of version 18, it also comes with Linux Mint (Listing 1). Meantime, zuluCrypt has also found a place in the package sources for Debian, Fedora, openSUSE, Gentoo, and Arch User Repository (AUR). On their website, the developers make all of the most recently published packages (currently version 5.0) for Debian and Ubuntu available for downloading (see the Test box).
Listing 1
Automatic Installation
$ sudo apt install zulucrypt-gui zulucrypt-cli tcplay cryptsetup
Test
After consulting with the developers, the test refers to the advanced version of the future version that will be coming out from the project's Git branch. The advanced version was built with the openSUSE Build Service (OBS) [6]. It corrects some of the errors in the translation and documentation. Ubuntu users should definitely make use of this because the old 4.7.7 version is still installed from the Ubuntu 16.04's package manager. The developer promised that a new and stable version would be available around this article's publication date.
To set up the prerequisites, you should install the packages cryptsetup and tcplay . These packages are not automatically part of the zuluCrypt installation. Even so, the software will not function properly without them. If you are not using a Qt environment like KDE or LXQt, then the package administration will pull in libqtcore4 and libqt4-network . Listing 2 shows manual installation on a Debian based distribution. In this example, it is "Xenial." If you are on a 32-bit system, you should go to the second line and replace amd64 with i386 .
Listing 2
Manual Installation
$ tar xf zuluCrypt-5.0.0-ubuntu-16.04-Xenial_Xerus.tar.xz $ cd zuluCrypt-5.0.0-ubuntu-16.04-Xenial_Xerus/amd64 $ sudo dpkg -i *.deb $ sudo apt install -f $ sudo apt install tcplay cryptsetup
ZuluCrypt has a convenient interface that makes for uncomplicated operation (Figure 1). Nonetheless, you should take a look at the project documentation before starting. It takes you through the software's functions and explains some basic concepts. You can call the PDF document with the documentation via the menu with Help | Open ZuluCrypt.pdf .
At its most basic, zuluCrypt encrypts individual files without a container. This is somewhat comparable to GNU Privacy Guard (GnuPG) encryption. In order to encrypt a file using zuluCrypt, you should open the zC menu and select encrypt a file . Then you can specify the file you want to encrypt and a storage location. After you enter the password twice, the encrypted file will end up on the hard disk with the extension .zC . The original file will continue to exist (Figure 2).
Decrypting works in a similar fashion. You should select the file and the target folder, enter the password, and decrypt the file. You can also move the file into the zuluCrypt window and open it there. The program will ask for the password and the key.
If you are dealing with more than just a single file, you can use the container methods that zuluCrypt offers. A container will appear later in the file manager or in the terminal as a normal drive. You can create a container in either a file or its own partition. The choice depends on the amount of data that the container should hold. If you choose a partition as the basis, then the container will fill it completely and delete all previously existing data.
To install a container, click on the Create menu. Then choose between the options Encrypted Container in A File and Encrypted Container in a Hard Drive . During testing, zuluCrypt had to deal with a USB stick and create a 500MB container in a file. This can be put together with existing folders and files on the stick.
Before starting, you should create a key in zuluCrypt and store it some place like a USB stick that you keep secure. In order to create a key, you should first go to the Create menu and select the entry KeyFile . A dialog will open, and you enter the name and storage location. Next, in the same menu, you should select the entry for creating a container in a file or a partition. It is important to know whether the hard drive or the USB stick use a Linux system and whether they are mounted.
If instead of encrypting a file, you want to encrypt an entire partition on the internal hard drive, then you should call zuluCrypt with root rights. The command for this is
sudo zuluCrypt-gui
Pay attention to the capital letter C in the name. You should also remember that the content of the partition will be lost when the container gets created. If you start zuluCrypt as a standard user, it will only show those partitions that do not appear in /etc/fstab , thus those partitions that the tool does not recognize as system partitions.
Three operating elements make it possible to open the selected partition, use the partition's indicated UUID for secure identification of the device, and interrupt the action. The 16-bit hexadecimal UUID is the Universally Unique Identifier . This identifier is something that the kernel has been permanently assigning to partitions for some years now and it makes a partition uniquely identifiable. The UUID will change only when the respective partition gets formatted. For this reason, you should also use the identifier for zuluCrypt.
If you then click on open , a dialog will appear where you should specify the encryption method and the key and file size the program will use. If you would rather use a conventional key instead of an encryption file that is generated beforehand, you will need to enter it twice. In order to use an encryption file, you should open the roll-down menu and make a selection. If you already have a key for VeraCrypt, you can also use it here. This is because zuluCrypt, among other things, is compatible with existing VeraCrypt volumes.
The documentation helps in the selection of the encryption methods. Generally speaking, Normal VeraCrypt is a solid choice (Figure 3). It would also be possible to go with VeraCrypt + hidden Container . This option has the program create a container within an invisible container. The holding container remains invisible even when the first container is opened. If you want the container to open under Windows and Mac OS X, you will need to select a compatible filesystem such as VFAT. If on the other hand, you want to use the container under Linux, then you can use LUKS.
You can quickly get overwhelmed by the number of possibilities for choosing encryption strength. However, the preset aes-xts-plain64 256 sha 512 is perfectly adequate for all private and commercial security requirements. The aes-xts-plain64 secret code corresponds to the current standard for Cryptsetup 1.7.0 under Linux. The key length amounts to 256 bit. The hash algorithm SHA-2 with its 512-bit key is applied.
It only takes a few seconds to create a file and container. The message, which reports that a container has been successfully created, also advises you to secure the LUKS header (Figure 4). This is where the program stores meta-information. If the header is destroyed or becomes corrupted, access to the encrypted data is lost. Therefore, you should pay attention in the menu under Volumes | secure header to this cautionary measure. This setup also makes it possible to intentionally destroy access to encrypted data quickly and permanently. You can restore data in an emergency from the same tab. The secured header is found in the home directory initially. Then you can transfer it to a secure location.
In order to work with the container that has been set up, you will first need to mount it in the system. This is done by selecting the Volume Hosted in a File option from the Open menu. Then enter the drive path and password. Now mark the VeraCrypt Volume checkbox if this is the method you have selected, and open the drive. It then appears in the file manager as a standard partition and lets you handle it in that form.
There are several ways to close a partition. You will find the option Close all Opened Volumes under the zC menu. This option closes all of the containers at once. Alternatively, you can click in the main window with the right mouse button on the drive you want to close and select Close from the context menu.
Dealing with a completely encrypted drive is not that much different than dealing with an encrypted file. You don't have to create a file when creating a partition. If you want to make sure that you have deleted the contents of a drive, you can use the menu option zC | Erase Data in Device . This lets you overwrite the contents permanently with random numbers. The container itself will continue to exist.
There are several possibilities for administering passwords. ZuluCrypt comes with its own password wallet. In addition, the program can rely on the wallets the come with KDE (KWallet) and Gnome (Gnome Keyring). You can find all of the variations under the Options menu.
The tool zuluMount makes for more convenient administration of encrypted drives than is possible via the zuluCrypt menu (Figure 5). It displays encrypted partitions like unencrypted partitions and lets you mount and unmount encrypted drives using just a mouse click. If you want to administer unencrypted drives via zuluMount, then you should start zuluCrypt with root rights and select the menu option Manage Non System Volumes .
ZuluCrypt has a straightforward GUI that makes it easy to create and manage encrypted files and containers. The documentation is worth reading and contains a lot of important background information.
I did not come across any problems with the application during testing. ZuluCrypt is speedy and error free. The option that lets you choose from various encryption routines also makes it possible to use data that has been encrypted with TrueCrypt or VeraCrypt under Windows and Mac OS X. Likewise, zuluCrypt can mount existing encrypted drives. ZuluMount offers a practical approach to dealing with drives.
Infos