TruPax Documentation
Configuration
TruPax saves its settings in a file named trupax.properties under Windows
or as .trupaxrc otherwise, preferably in the location of the executable.
If this is not possible it chooses the user's home directory (on modern
Windows systems that's "C:\\Users\\{user-name}"). The file is managed by the
application and should not be changed by hand.
Container Creation
File Selection
Using the buttons Add Files/Folder... (or the equivalent menus) you can
add the files of your choice to the selection. That is single files as well as
the content of complete folders via Include Subfolders. The option
Store full path causes the complete path structures to be preserved, or
just the relative portion based on the selection - latter is usually the better
choice.
For some or multiple selections conflicts can occur, which happen when files
or folders with identical names show up and would be placed in an
identical spot in the container. The drop-down menu helps to assist with such
merge demands: No merging causes the registration to stop on the first
conflict. Using Merge the newer selection replaces conflicting files and
folders of former ones. Capitalization of names are ignored, meaning the file
"image.jpg" replaces the "Image.JPG" for instance. If you don't want this to
happen use Merge Case Sensitively to allow such conflicts, so "image.jpg"
and "Image.JPG" will both be stored in the container. Though this can cause
problems later on in Windows or OSX, where for copy and other operations file
names are not treated in a case sensitive manner. Under Linux there are no such
issues.
Through drag and drop to the GUI one can also add folders and files
to the selection. Except if it's a single file with the extension .tc, in such
a case a dialog gets shown where you can decide whether to extract, invalidate
or just add the container to the selection.
Depending on the number of files to register this process can take a while,
yet a dialog allows you to abort the search. After registration the selection
shows you the files in the exact way as they are going to appear in the
container file later on.
Clicking on Clear removes the whole selection. In the box below the
selection you will find information about the size of the container file to be,
down to the byte.
To open files in the selection just double-click on them, so the associated
application (if available) will be started.
You can also select the option Wipe Afterwards, which will cause the
selected files and folders to be securely erased, after the container was
created successfully. Please make sure that the container gets created in a safe
spot - if in doubt you can always wipe the selection separately.
Container Properties
By using Free Space you can add additional storage space to the
container. This is useful e.g. if the container will be used for further adding
of files or any kind of related work in general. The size of this free space is
to be declared in bytes, but you can also use short forms like "25m" for 25
megabytes (25,000,000). Other prefixes are k (kilo) and g (giga). Folks who
are used to one kilobyte being 1024 can also use ki/mi/gi.
Container can be labeled through the Label input, up to fifteen
characters long. Depending on the operating system this information will then be
visible once the volume gets mounted via TrueCrypt.
Container Selection
Click on the button Make volume.... The first thing to do is to decide
on location and name of the container file, similar to the common "Save As..."
in other programs. Please make sure that the target has enough disk space
available, otherwise you might run out and the whole creation attempt will be
for nothing. Notice that the file extension .tc will be added
automatically to the given file name. No need to type it.
Password Input
In the next dialog you are asked for a password. This is the key protecting
your data.
Simple passwords are easy to crack, nothing new here. Although the container
format offers some additional protection due to the way passwords are processed,
in a time-consuming fashion, it is highly recommended to give them enough length
and use different kinds of characters. TruPax does not warn about "weak
passwords", since it quite difficult to classify them properly. Of course
two digit passwords are weak, yet "aaaaaaaaaaaaaaaaaaaa" is hardly any safer
although it is impressively twenty characters long. And
"Train Station Traffic Control!" is thirty characters long and even has
non-alphanumerical characters, but is massively reduced in security because of
dictionary characteristics and common formatting. In general: the more random
and longer the better. The rest is statistics.
To be fully compatible to TrueCrypt it is not possible to use empty passwords.
You also have to confirm them and you can view them, but be careful since
somebody or something might peek over your shoulders.
To avoid input mistakes passwords are getting colored. The colors themselves are
derived from a secure checksum of what you are typing, thus don't reveal
anything about the actual input itself. But they offer you to see if the input
does not match, since the colors will be very likely significantly different.
Also if your password caused a dark green color for instance it will again
be dark green the next time you have to deal with password provision. But if
you mistype it you can easily spot it because it might have turned yellow or
cobalt blue. This avoids the common and dramatic problem with passwords being
mistyped twice, since humans sometimes stick to a rhythm, even if the beat
is wrong.
When you're done with your password click on the button Proceed....
Container Generation
The container is now made. Depending on the number and size of files this can
happen quite fast or take hours. You can abort the process at any point in time,
causing the container to be removed. If you have selected the option
Wipe Afterwards the files in such a case won't be deleted of course. If
you have selected the option and the container got created successfully then,
in a second pass, files and the associated folders will get wiped.
The produced container can now be opened with TrueCrypt and the provided password.
Depending on the operating system ()and its support for the UDF file system) the
drive or mount respectively will be either read-only or fully readable and
writable, meaning you can delete files or create new ones.
Wiping of Files
You can also simply wipe the selected files and folders. Just click on the menu
Wipe... and confirm.
Please make sure that the selection is right, since there is usually no way to
restore wiped files. Every specimen will be overwritten with zeros and its
file name erased through multiple passes. Because of that wiping of larger
amounts of data can take a long time.
You can of course abort the process and be left with what hasn't been touched so
far, but already wiped files will be gone for good.
Container Extraction
TruPax can extract its own containers in a simple operation. For that open the
container through the menu Extract... and provide a target path. After
entering the password (no confirmation necessary) all of the files and folders
will be extracted to the same structure as stored in the container.
Container Invalidation
Using this feature you can destroy even the largest containers very quickly.
This works for any container, not just for ones creates with TruPax. This gets
accomplished by erasing the so called header of the container with zeros, same
for a potential reserve header at the end of the container file. Through that the
master key gets erased. Since this key is protected by the password latter
won't be able to recover anything. The data will be lost and is virtually
destroyed, unless in the far future current encryption algorithms like AES will
be sufficiently weakened.
Select the container file and confirm. The container will be processed in a
couple of seconds and optionally can also be deleted.
Command Line
Usage
TruPax can also be fully used on the command line. For Windows that's the command
prompt, under Linux the terminal or bash shell respectively. For Linux
the script install.sh (see above) automatically installs command line
availability on the whole system. Under Window it is recommended to add the
path to where the file trupax.exe is located to the environment variable
PATH. Which probably shows that command line is usage is more for the
expert. Though once properly installed TruPax can be used like any other command
line program and for instance be used by scripts.
The actual usage is the same for every operating system. With a simple call to
it TruPax shows you help about syntax and all its options:
[test@foo ~]$ trupax
(MISSING_CMDLN_ARG): Not enough parameters. (no details available)
Options:
-v
Verbose mode, show all operations in progress.
-r
Include all sub-directories when searching for files.
--free-space=size Add given amount of free space to the volume. Size is in
bytes, suffixes are k(i), m(i) and g(i). For instance set
...
Creating a container on the command line is similar to how it's done in the GUI.
The only difference is that files and folder selections are passed in the call.
After password input and confirmation the container gets created. Extraction
with the option --extract and optional wiping of the files through
--wipe or just wiping of a selection via --wipe-only are also
possible.
By using the parameter --password you can also avoid password input to
happen while the program is running, so TruPax can be used in fully automated
scenarios (e.g. for archiving purposes).
If a file or folder starts with a dash you can replace it (the dash) with a
triple dash, so it doesn't get interpreted as an option. For instance a file
called -index would be declared as ---index.
TruPax can be interrupted through the common abort key combination of the
operating system it is running on (in most cases that is Ctrl+C).
Configuration
The command line version uses a separate configuration file carrying the name
trupaxcmd.properties or trupaxcmdrc.properties respectively. You
can modify it to set custom default settings. Check out the example
trupaxcmd_example_config.txt in the ZIP file.
Exit Codes
TruPax defines certain exit codes for the command line, so calling instances can
check them. For instance to verify if an operation was successful or (if not)
what went wrong. If an error occurred the name of it gets shown, yet the actual
exit code value is one of the following numbers:
0 - The operation was successful (or as expected).
1 - An internal or unexpected error happened.
2 - Program error, e.g. if there is no text console available.
3 - A self test for an algorithm failed. TruPax should be reinstalled in such a case.
4 - The user cancelled the operation.
5 - One or more command line parameter is invalid.
6 - One or more command line parameters are missing.
7 - Files or folders couldn't be registered completely.
8 - The configuration file couldn't be loaded.
10 - Container preparation failed, e.g. if the some file paths are too long.
11 - Container initialization failed, it might already exist or be write protected.
13 - An error occurred during container creation.
14 - The selection of files contains name collisions due to path or file overlaps.
15 - The container file exists already and wasn't overwritten or even touched.
16 - An unknown entry was found in the configuration file.
17 - An invalid entry was found in the configuration file.
20 - The container couldn't be opened for extraction.
21 - The container couldn't be decrypted.
22 - An error occurred during extraction.
23 - The container file couldn't be invalidated.
Worth To Mention
- The maximum size of a container is 1,099,511,627,264 bytes (roughly one TB).
- The maximum allowed length the name of a file or folder is 255 (ASCII), or 127 if Unicode is needed.
- The maximum length of a path is 1023.
- The maximum size of a file in a container is 45,097,135,104 bytes (around 45GB).
- For very small UDF containers (less than 100kB) mounting via TrueCrypt fails under Linux.
- The encryption algorithm is AES-256.
- The hash algorithm is RIPEMD-160.
- Container files are created with a second header, at the end.
- Containers created with TruPax are compatible with TrueCrypt 6+.
- TruPax is verified with plenty of automated tests before publication.