Since I own a Netgear ReadyNAS 102 I was wondering how I could use encryption for special content in a convenient way. Because the Netgear firmware does not provide an encryption feature inside its ReadyNAS OS wrapper on top of the underlying Debian Linux I decided to have a closer look on Truecrypt, which I already have in use on my other desktop and mobile computers.
Because Truecrypt binaries are not available for the used ARM architecture the first required step was building Truecrypt from source. During my research I came over a posting which explained the build process step by step.
If you really want to build it on your own, be aware of my comment inside the forum thread above. If you just want to go ahead, I have simplified the procedure for you with a prebuild binary available on my personal Debian-Dropbox-Repository:
1) Install some dependencies for https access
2) Add my repo to your /etc/apt/sources.list
3) Install truecrypt
Now you are able to use truecrypt. Some usage examples:
You can find the user and group id with the commands
Now we are able to use truecrypt on the ReadyNAS, but we will need to use SSH everytime we want to mount a volume. Of course this is not convenient, so my idea was to encrypt the container(s) with keyfile(s) instead of a password (you can also use a password and a keyfile) and mount the volume once my keyfile thumb drive is plugged into the NAS.
1) Create udev rules for automatic script execution once the keyfile thumb drive is attached or removed from the USB port
2) New udev rule:
3) With content below:
The udev rules are executed once the specified variables are matched by a device. I figured out the variable values for the new attached device with following command after I had already attached the thumb drive.
To gather the right environment variable to use I have used follwing command before I have unplugged my thumb drive.
Like you may have already mentioned, the udev rule is executing another script, which takes care of mounting and unmounting of the truecrypt container. Here comes the script, which I have stored on /data/Documents/automount.sh. Take a closer look onto the variables defined at the beginning, they specify the container, mountpoint, password(if you have one configured) and so on. The script uses all files from the thumb drive as key files for uncrypting the container. If you only want to use specific files, you will need to change the script accordingly. I just use “/media/USB_FLASH_1/” to access the thumb drive, because I do not have attached other devices usually. You may have to change this, if you have a more sophisticated environment.
In my case the container is formatted with NTFS (therefor the mounting options “–fs-options=locale=de_DE.utf8,umask=000”), this takes advantage of accessibility for direct mounting on Windows and Linux computers while being able to store files larger than 4GB. I have initialized and created my truecrypt container remotely from my PC. Another important thing to note is, I recommend to disable continous protection on the share where you store the truecrypt container, as long as you have a huge container of several GB.
You can check if the script is working proberly by manual execution with commands below
All outputs will be written to “/data/Documents/automount.log”
A last thing is missing, the udev rules seems not beeing proberly executed during boot, so the container is not mounted on boot while the key file thumb drive is attached. To solve this issue I have used an rc-script.
1) Create a new executable script
2) Here comes the script content:
3) Register the script with