|Submitted: Sep 17 2011|
Updated: Mar 16 2013
zuluCrypt is a Qt based GUI and a cli front end to cryptsetup, a linux native solution for hard drive encryption.
By using cryptsetup as a back end, this program can:
1. Create 64 bytes in size key files composed of only the 94 printable characters).
2. Create encrypted volumes both in files and partitions.
3. Create both plain type and luks types encrypted volumes.
4. Add keys to luks based volumes.
5 . Delete keys from luks luks based volumes.
6. Open both plain and luks based volumes residing in both files and partitions.
7. Encrypt stand alone files.
8. Erase data on partitions i.e can be used as a data eraser tool.
9. Manage truecrypt volumes if build against cryptsetup 1.6.0 or above.
zuluMount is Qt based tool that can be used to mount and unmount partitions as well as open and close encrypted cryptsetup volumes.
It does what udisks and friends does but without polkit authentication mechanism or d-bus.
-- VERY SERIOUS NOTE --
It is very,very important to know how these tools decide what device is treated as a system device and what device is not and its very important that your system is setup in a way that will not allow any of the tools to treat a system partition as a non system partition.Read the FAQ for more information.
For more information,read section 2,3,4 and 5 in the FAQ located at: http://code.google.com/p/zulucrypt/wiki/FAQ
changelog for 4.6.2
-- add config option to not build KDE and/or GNOME support even when the system has support for them
-- add support for LVM volumes
-- add support for consulting udev in addition to fstab when deciding if a system is system or not
-- add tcplay as an optional dependency to allow creation of truecrypt volumes
-- fix bug:truecrypt volumes with multiple ciphers did not close properly
-- fix bug:volumes did not close properly if mount point had a space character among others in it
-- feature added:users who are members of "zulumount-exec" group will have their volumes opened with "exec" mount option.
This will allow them to be able to execute commands from the mount point.The default and recommended option is not mount with "noexec" option.
-- feature added:A "-M" option is added that will create a publicly accessible "mirror" of a mount point in "/run/share" from the private
original one created in "/run/media/$USER.This option is there to allow a user to mount a volume and have it accessible from other users of the system.
-- zuluMount-gui now adds and removed from its list as devices are added and removed from the system.A right click context menu option can be set to allow
unencrypted volumes to also be automounted.
-- add a command line option to zuluMount-gui to start it up without showing the GUI
change log for version 4.6.1
fix a regression that made it impossible to manage devices using their UUID
change log for version 4.6.0
-- add support for managing truecrypt volumes.This functionality is added when compiled against cryptsetup version 1.6.0 and above
-- zuluMount can now manage image files and hence its possible to use it to open volumes residing if files are well as managing regular iso images
-- add measures to guard against some known common attacks.Updating is STRONGLY ADVISED.
changelog for 4.5.4
fix a crush that managed to pass through 4.5.3
changelog for 4.5.3.
-- add a plugin architecture to send keys to zuluCrypt-cli to unlock volumes.
1. kwallet plugin. This plugin retrieves passphrases from kde kwallet. zuluCrypt-gui can also manage zuluCrypt passphrases stored in kwallet. kwallet plugin is an optional functionality and is build only when necessary kde libraries are found at build time.
2. keyring plugin. This plugin retrieves passphrases from gnome keyring. Management of keys will have to be done using gnome native tools like seahorse.keyring plugin is an optional functionality and is build only when necessary kde libraries are found at build time.
3. gpg plugin. This plugin retrieves passphrases from gpg encrypted keyfile. gpg executable will be searched at run time.
4. keykeyfile plugin.This plugin retrieves a passphrase from a keyfile and then append it to a user given passphrase before passing the combination to zuluCrypt-cli. This plugin is meant if a key is made up of a content of a keyfile and user entered key.
-- use a secure way to pass keys from GUI front end to CLI backend.
-- only one instance can be started.
-- give a dialog warning when a user select to mount a volume in read only mode and give an option not to show the warning again.
-- add another tool,zuluMount.
zuluMount is a simple tool that open and close only luks based volumes and only when they are in partitions.It can, in addition, be used to mount and unmount normal partitions.
changelog for 4.5.2
-- a quick update to fix a regression in stand alone file encryption.
changelog for version 4.5.1
-- Volumes are now opened in read/write mode by default instead of read only mode. Some people missed the check box option to open the volume in read/write mode and got confused when they could not write to their opened volumes.
-- A list of system volumes in "/etc/zuluCrypttab" can now be managed from the GUI.The GUI must be started from root user for the functionality to be unlocked.
Most practical use of "/etc/zuluCrypttab" is to prevent accidental formats of the volume since only root user can create new volumes in system volumes
change log for version 4.5.0
-- add support for creating backups of luks headers and restoring luks headers
-- add support for first writing random data to partitions before creating an encryped container in them.
-- add support for "/etc/zuluCrypttab". A place to add additional paths to devices to be considered system devices.
-- various security related fixes.
-- add support for encrypting stand alone files
change log for version 4.4.0
-- lots of code added to increase security and reliability of the tool,updating strongly advised. Read documentation on the project main page if you get a "permission denied" error.
-- major cli interface change, run zulucrypt-cli --help for more info.
-- when creating a volume, use mkfs.xxx tools installed on the system and not hard code a subset of them.
-- use ntfs-3g to mount volumes that use ntfs file system. Make sure you have this package installed if you want to manage ntfs volumes in read/write mode.
-- normal users can not create volumes in system partitions but root user now can. system partition is defined as a partition
with active entry(not commented out) in /etc/fstab and /etc/crypttab.
changelog for 4.3.4
-- fix a compilation bug on some systems
-- support older and newer versions of libmount
changelog for 4.3.3
-- fix a bug that caused improper reading of key files if they were not made up of C strings.
-- fix a bug triggered when attempting to open a plain type volume using aes-cbc-plain cypher( opening plain volume in legacy mode ).
changelong for 4.3.2
-- ext3/ext4 can not be mounted with user specified permissions and they use the permissions set when the volume was last mounted. This creates a problem on freshly created volumes because they always end up owned by root and hence not writable to normal user who opened the volume. This update fix the problem by setting permissions every time a volume is opened in read/write mode.
If a volume open with root as owner on the mount point while opened from a normal user account, then reopen the volume in read/write mode and permissions will be set properly(0700 with the owner being the user who opened the volume)
changelog for 4.3.1
-- Volumes can now be managed using either device addresses(/dev/sdXYZ) or through UUID. UUID are best when bookmarking volumes in usb based partitions since device address wont always be consistent(They change based on usb based devices already attached).
--On the main window, context menu can now be activated using either menu key or "ctrl + m" key combination.
-- added a separate dialog to manage bookmarked volumes.
-- lots of code clean up