Difference between revisions of "Cool Solution - Encrypted USB sticks for UCC clients"

From Univention Wiki

Jump to: navigation, search
Line 10: Line 10:
 
On the UCC client, the package '''univention-ucc-truecrypt''' has to be installed.
 
On the UCC client, the package '''univention-ucc-truecrypt''' has to be installed.
  
  apt-get install univention-ucc-truecrypt
+
  apt-get --no-install-recommends install univention-ucc-truecrypt
  
 
= Configuration of USB storage devices =
 
= Configuration of USB storage devices =

Revision as of 13:08, 13 May 2013

Produktlogo UCC Version 1.0

Template:Cool Solutions Repository

Introduction

univention-ucc-truecrypt allows to mount encrypted truecrypt container on removable storage devices (USB) on UCC clients. If USB sticks with truecrypt container (standard name is secure.tct) are connected to the UCC client, a graphical password dialog will prompt for the password and the truecrypt container is mounted (on the standard mountpoint for removable storage devices).

Installation

On the UCC client, the package univention-ucc-truecrypt has to be installed.

apt-get --no-install-recommends install univention-ucc-truecrypt

Configuration of USB storage devices

The following command can be used to create a 1GB truecrypt container with the password "univention", the name "secure.tct" and the filesystem FAT.

-> truecrypt -t -c secure.tct \
   --volume-type=normal \
   --encryption=AES \
   --hash=RIPEMD-160 \
   --filesystem=FAT
   -p univention \
   -k "" \
   --random-source=/dev/urandom \
   --size=1063256064 

UCR configuration

The behavior when mounting truecrypt containers can be configured through the following UCR variables on the UCC client:

  • ucc/usb/truecrypt/mount/options Mount options for the truecrypt device. (default: umask=0000)
  • ucc/usb/truecrypt/only If true, mount only devices with a truecrypt container. (default: false)
  • ucc/usb/truecrypt/container Name of the truecrypt container. (default: secure.tct)
  • ucc/usb/truecrypt/sessions Comma-separated list of xsessions where truecrypt devices are mounted.

Technical background

Known issues

  • At the moment, the integration of truecrypt devices is only supported in the XenApp Xsession (can be configured via ucc/usb/truecrypt/sessions).
  • If FAT is used as filesystem, the truecrypt container can have a size of maximum 4GB
Personal tools